ID,name,description,start_date,end_date,inclusion_criteria,inclusion_criteria_subcode,source_incident_detection_disclosure,incident_type,receiver_name,receiver_country,receiver_region,receiver_category,receiver_category_subcode,initiator_name,initiator_country,initiator_category,initiator_category_subcode,number_of_attributions,attribution_date,attribution_type,attribution_basis,attributing_actor,attribution_it_company,attributing_country,attributed_initiator,attributed_initiator_country,attributed_initiator_category,attributed_initiator_subcategory,sources_attribution,cyber_conflict_issue,offline_conflict_issue,offline_conflict_name_HIIK,offline_conflict_intensity,offline_conflict_intensity_subcode,number_of_political_responses,political_response_date,political_response_type,political_response_type_subcode,political_response_country,political_response_actor,zero_days,zero_days_subcode,MITRE_initial_access,MITRE_impact,user_interaction,has_disruption,data_theft,disruption,hijacking,physical_effects_spatial,physical_effects_temporal,unweighted_cyber_intensity,target_multiplier,weighted_cyber_intensity,impact_indicator,impact_indicator_value,functional_impact,intelligence_impact,political_impact_affected_entities,political_impact_affected_entities_exact_value,political_impact_third_countries,political_impact_third_countries_exact_value,economic_impact,economic_impact_exact_value,economic_impact_currency,state_responsibility_indicator,IL_breach_indicator,IL_breach_indicator_subcode,evidence_for_sanctions_indicator,number_of_legal_responses,legal_response_date,legal_response_type,legal_response_type_subcode,legal_response_country,legal_response_actor,legal_attribution_reference,legal_attribution_reference_subcode,legal_response_indicator,casualties,sources_url
2,Cyberwar Azerbaijan-Armenia 2000/Azerbaijani Attack,Azerbaijani Hackers took down and defaced webpages of the Armenian state TV and webpages with information about the Armenia genocide.,2000-01-01,2000-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,[['Not available']],['Armenia'],"[['ASIA', 'CENTAS', 'CSTO']]","[['State institutions / political system', 'Media', 'Other']]",,['Not available'],['Azerbaijan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Azerbaijan,Non-state-group,Hacktivist(s),[],Territory; Secession,Territory; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://eurasianet.org/nagorno-karabakh-dispute-takes-to-cyber-space']
3,Cyberwar Azerbaijan-Armenia 2000/Armenian Counterattack,In response to the previous attack Armenian hacker group Liazor took down the webpages of many Azerbaijani users,2000-01-01,2000-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Azerbaijan'],"[['ASIA', 'CENTAS']]","[['Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Other']]","[['Advocacy / activists (e.g. human rights organizations)', '', '', '']]",['Liazor'],['Armenia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Liazor,Armenia,Non-state-group,Hacktivist(s),[],Territory; Secession,Territory; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
4,Taiwan Election Hack 2000,Chinese hackers succeeded in attacking several government websites after Mr Chen (Taiwanese President) was sworn in on May 20.,2000-05-20,2000-05-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Taiwan'],"[['ASIA', 'SCS']]",[['State institutions / political system']],[['Government / ministries']],,['China'],['Unknown - not attributed'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,China,Unknown - not attributed,,['https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf'],National power,National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.hartford-hwp.com/archives/55/105.html', 'https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf']"
5,"""First Sino-US-Cyber-War"" I","After the collision of an American spy plane and a Chinese jet, hackers in the United States and China began defacing Web sites on both sides of the Pacific.",2001-05-01,2001-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', '']]",['Honker Union'],['China'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Honker Union,China,Non-state-group,Hacktivist(s),"['https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html', 'https://www.theguardian.com/technology/2001/may/04/china.internationalnews', 'https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf']",Other,Other,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html', 'https://www.theguardian.com/technology/2001/may/04/china.internationalnews', 'https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf', 'https://www.upi.com/Defense-News/2002/10/29/China-prevented-repeat-cyber-attack-on-US/51011035913195/']"
6,"""First Sino-US-Cyber-War"" II","After the collision of an American spy plane and a Chinese jet, hackers in the United States and China began defacing Web sites on both sides of the Pacific.",2001-05-01,2001-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['Other']],,,['United States'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,United States,Non-state-group,Hacktivist(s),['https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html'],Other,Other,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html', 'https://www.theguardian.com/technology/2001/may/04/china.internationalnews', 'https://www.upi.com/Defense-News/2002/10/29/China-prevented-repeat-cyber-attack-on-US/51011035913195/']"
7,Textbook Hack South Korea vs. Japan,DDoS retaliatory campaign over a revisionist WWII Japanese history textbook,2001-05-01,2001-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Japan'],"[['ASIA', 'SCS', 'NEA']]","[['Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]",,['Antijapan'],"['Korea, Republic of']",['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Antijapan,"Korea, Republic of",Non-state-group,Hacktivist(s),['https://cmsw.mit.edu/mit2/Abstracts/ducke1.pdf'],System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://cmsw.mit.edu/mit2/Abstracts/ducke1.pdf']
8,Prior 9/11 Taliban Hack,"A couple of weeks bevor 9/11 pro Taliban websites have been defaced by western activists, claiming to do so because of the Taliban`s threats to internet users.",2001-08-01,2001-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Afghanistan'],"[['ASIA', 'SASIA']]",[['Critical infrastructure']],[['Health']],['Not available'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://books.google.de/books?id=WfIFiEs0HQ8C&pg=PA89&lpg=PA89&dq=Pro-Palestinian+Hackers++AT%26T+2000&q=Pro-Palestinian%20Hackers%20%20AT%26T%202000&f=false']
9,ZeeNews/India Today Hack 2001,"Website-defacements of Indian news outlets over the criticism of militant groups operating inside Pakistan, and Pakistani-controlled Kashmir.",2001-10-22,2001-10-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,[['Not available']],['India'],"[['ASIA', 'SASIA', 'SCO']]",[['Media']],,['Not available'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Pakistan,Non-state-group,Hacktivist(s),['http://news.bbc.co.uk/2/hi/south_asia/1617478.stm'],System / ideology; Territory; Resources,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['http://news.bbc.co.uk/2/hi/south_asia/1617478.stm']
10,NSA vs. US muslims,The NSA spied on prominent muslims in the US,2002-01-01,2008-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups', 'End user(s) / specially protected groups', 'Science']]","[['Legislative', 'Civil service / administration', 'Election infrastructure / related systems', 'Religious', '', '']]",['NSA/Equation Group'],['United States'],['State'],,1,2013-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,,,,NSA/Equation Group,United States,State,,[],National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://theintercept.com/2014/07/09/under-surveillance/']
11,Titan Rain,"Titan Rain was the designation given by the federal government of the United States to a series of coordinated attacks on American computer systems since 2003; they were known to have been ongoing for at least three years.[1] The attacks were labeled as Chinese in origin, although their precise nature, e.g., state-sponsored espionage, corporate espionage, or random hacker attacks, and their real identities – masked by proxy, zombie computer, spyware/virus infected – remain unknown.",2003-01-01,2007-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,"['United States', 'United Kingdom']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Military', 'Defence industry'], ['Government / ministries', 'Military', 'Defence industry']]",,['China'],"['Non-state actor, state-affiliation suggested']",,2,2005-01-01; 2005-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.symantec.com/content/en/us/enterprise/articles/b-cxo_how_to_combat_cyber_espionage_somaini_ART_21032685.en-us.pdf', 'https://www.theguardian.com/technology/2014/may/19/us-accusations-chinese-hacking-eight-years', 'https://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318.html']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://content.time.com/time/subscriber/article/0,33009,1098961,00.html', 'https://www.symantec.com/content/en/us/enterprise/articles/b-cxo_how_to_combat_cyber_espionage_somaini_ART_21032685.en-us.pdf', 'https://www.theguardian.com/technology/2014/may/19/us-accusations-chinese-hacking-eight-years', 'https://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318.html']"
13,DDoS North Korea 2004,"A total of 314 PCs were hacked, including servers at the Ministry of Maritime Affairs and Fisheries, enterprises and universities. The attack was attributed to North Korea by the Korea Economic Institute of America.",2004-04-01,2004-07-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', 'Military', 'Police', '', '']]",,"[""Korea, Democratic People's Republic of""]",['State'],,1,2009-01-01 00:00:00,"Attribution given, type unclear",Attribution by third-party,,,,,"Korea, Democratic People's Republic of",State,,[],System / ideology,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.keia.org/sites/default/files/publications/kei_aps_mansourov_final.pdf']
14,Taiwan's Kuomintang Hack 2004,"Attacks against Taiwan continued in 2004 targeting Websites belonging to Taiwan's Ministry of Finance, the Kuomintang Party, the Democratic Progressive Party (DPP) and the Ministry of National Defense’s (MND) Military News Agency.",2004-07-01,2004-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,['Taiwan'],"[['ASIA', 'SCS']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Political parties']]",,['China'],['Individual hacker(s)'],,2,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Attribution given, type unclear",Attacker confirms; Media-based attribution,,,,,China; China,Individual hacker(s); Individual hacker(s),,['https://books.google.de/books?id=APT eCwAAQBAJ&pg=PT122&lpg=PT122&dq=china+taiwan+2004+hacks+party&source=bl&ots=3sWN_ujpJn&sig=ACfU3U1lbym48HyjivjwwQzcJHCMcESvRQ&hl=de&sa=X&ved=2ahUKEwj-99T1i77jAhXD_KQKHeRZDYMQ6AEwB3oECAgQAQ#v=onepage&q=china%20taiwan%202004%20hacks%20party&f=false'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf', 'https://books.google.de/books?id=APT eCwAAQBAJ&pg=PT122&lpg=PT122&dq=china+taiwan+2004+hacks+party&source=bl&ots=3sWN_ujpJn&sig=ACfU3U1lbym48HyjivjwwQzcJHCMcESvRQ&hl=de&sa=X&ved=2ahUKEwj-99T1i77jAhXD_KQKHeRZDYMQ6AEwB3oECAgQAQ#v=onepage&q=china%20taiwan%202004%20hacks%20party&f=false']"
15,ROK Hack 2004,"An attack, that has been attributed to the Chinese PLA was sophisticated and surprisingly successful, infecting at least 278 computers at 10 South Korean government agencies with Trojan horse-type viruses that allowed hackers to access computer data when the user opens the files.",2004-07-01,2004-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Government / ministries']],,['China'],"['Non-state actor, state-affiliation suggested']",,1,2004-01-01 00:00:00,"Attribution given, type unclear",Attribution by third-party,,,,,China,"Non-state actor, state-affiliation suggested",,['http://cc.pacforum.org/2004/10/turning-point-china-korea-relations/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://cc.pacforum.org/2004/10/turning-point-china-korea-relations/']
16,Athens Affair,"Vodafone Greeces services were hacked by an group, later attributed to the American NSA. They wiretapped the phones of parts of the greek government and of greek civil society for 5 months, via the ""lawful intercept"" system of Vodafone.",2004-07-01,2005-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,,['Greece'],"[['EUROPE', 'NATO', 'EU', 'BALKANS']]","[['State institutions / political system', 'International / supranational organization', 'Other']]","[['Political parties', '', '']]",['NSA/Equation Group'],['United States'],['State'],,2,2015-01-01; 2015-01-01,"Political statement/report and indictment / sanctions; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,['https://theintercept.com/2015/09/28/death-athens-rogue-nsa-operation/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://spectrum.ieee.org/telecom/security/the-athens-affair', 'https://www.theguardian.com/commentisfree/2015/sep/30/athens-affair-encryption-backdoors', 'https://www.schneier.com/blog/archives/2007/07/story_of_the_gr_1.html', 'https://theintercept.com/2015/09/28/death-athens-rogue-nsa-operation/']"
17,Korea vs. Japan 2005,A series of attacks believed to have originated from China and South Korea hit numerous Japanese university and industrial Websites. The attacks may have been caused by a rise in tensions between the countries over the Japanese Education Ministry‘s alleged omission of key historical facts pertaining to Japan’s actions in World War II and China’s opposition to Japan’s attempt to be a permanent member of the UN Security Council.,2005-01-01,2005-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['Japan'],"[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Social groups', 'End user(s) / specially protected groups', 'Science', 'State institutions / political system']]","[['Government / ministries', 'Religious', '', '', 'Police']]","['Not available', 'Not available']","['China', 'Korea, Republic of']","['Not available', 'Not available']",,1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution; Media-based attribution,,,,,"China; Korea, Republic of",,,['http://www.crime-research.org/news/11.05.2005/1227/'],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['http://www.crime-research.org/news/11.05.2005/1227/']
18,"APT  30 aka Naikon, PLA Unit 78020, Lotus Panda","The Chinese government is accused of being behind a newly discovered set of cyber attacks waged against government agencies, corporate companies and journalists across India and Southeast Asia between 2005 and 2015.",2005-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"['India', 'United States', 'Vietnam', 'Myanmar', 'Philippines', 'Korea, Republic of', 'Singapore', 'Saudi Arabia', 'Thailand']","[['ASIA', 'SASIA', 'SCO'], ['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'NEA'], ['ASIA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'SEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', '']]","['APT30/Naikon/G0013 (PLA, Unit 78020)', 'PLA Unit 78020']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2015-01-01; 2015-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT30/Naikon/G0013 (PLA, Unit 78020); PLA Unit 78020",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.fireeye.com/blog/threat-research/2015/04/APT _30_and_the_mecha.html', 'http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://techcrunch.com/2015/04/12/fireeye-APT%20-30-southeast-asia-india-report/', 'https://www.fireeye.com/blog/threat-research/2015/04/APT _30_and_the_mecha.html', 'http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf', 'https://twitter.com/elinanoor/status/1630983893573566481']"
19,PoseidonGroup: The Boutique,"Kaspersky identified Poseidon; a Brazilian, Portuguese-speaking APT active since at least 2005 and involved in numerous espionage operations until 2016. The targets are companies in energy and utilities, telecommunications, public relations, media, financial institutions, governmental institutions, services in general and manufacturing.",2005-01-01,2016-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Brazil', 'France', 'Kazakhstan', 'United Arab Emirates', 'India', 'Russia']","[['NATO', 'NORTHAM'], ['SOUTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'CSTO', 'SCO'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'SASIA', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure']]","[['Government / ministries', 'Energy', '', '', 'Finance'], ['Government / ministries', 'Energy', '', '', 'Finance'], ['Government / ministries', 'Energy', '', '', 'Finance'], ['Government / ministries', 'Energy', '', '', 'Finance'], ['Government / ministries', 'Energy', '', '', 'Finance'], ['Government / ministries', 'Energy', '', '', 'Finance'], ['Government / ministries', 'Energy', '', '', 'Finance']]",['Poseidon Group'],['Brazil'],['Non-state-group'],['Private technology companies / hacking for hire groups without state affiliation / research entities'],1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Poseidon Group,Brazil,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/', 'https://securityaffairs.co/wordpress/44402/cyber-crime/poseidon-group-attacks.html']"
20,Tulip Revolution Kyrgyzstan,"Websites belonging to political parties and independent media were subject to unexplained technical failures and deliberate hacking during Kyrgyzstan's recent Parliamentary elections. Attacks included flooding journalist e-mailaccounts with large amounts of spam, and spoofing of e-mail from Kyrgyz websites located in the US. Several political websites were deliberately defaced.",2005-02-01,2005-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,['Kyrgyzstan'],"[['ASIA', 'CENTAS', 'CSTO', 'SCS']]","[['State institutions / political system', 'State institutions / political system', 'Social groups', 'End user(s) / specially protected groups', 'Media']]","[['Political parties', 'Election infrastructure / related systems', 'Advocacy / activists (e.g. human rights organizations)', '', '']]",,['Kyrgyzstan'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Kyrgyzstan,Unknown - not attributed,,['https://opennet.net/special/kg/'],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://web.mit.edu/smadnick/www/wp/2017-10.pdf', 'https://opennet.net/special/kg/']"
21,NSA vs. Al Jazeera,The NSA hacked the arab Al-Jazeera,2006-01-01,2000-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['Qatar'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['Media']],,['NSA/Equation Group'],['United States'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.spiegel.de/international/world/nsa-spied-on-al-jazeera-communications-snowden-document-a-919681.html']
22,NSA vs. Aeroflot,The NSA hacked the Russian airline Aeroflot,2006-01-01,2000-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Critical infrastructure']],[['Transportation']],['NSA/Equation Group'],['United States'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
23,PLA vs. Westinghouse Electric & US Steel,Chinese-government backed hackers steal e-mails from a US electric company containing the company's strategy. The US unsealed an indictment against the PLA hackers in 2014.,2006-01-01,2014-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Advocacy / activists (e.g. human rights organizations)', '']]","['APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)', 'PLA Unit 61398']","['China', 'China']","['State', 'State']",,1,2014-01-01; 2014-01-01,Domestic legal action; Domestic legal action,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,['https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['http://time.com/106319/heres-what-chinese-hackers-actually-stole-from-u-s-companies/', 'https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor']"
24,Red Storm Rising,"China has downloaded 10 to 20 terabytes of data from the NIPRNet (DOD's Non-Classified IP Router Network),' said Maj. Gen. William Lord, director of information, services and integration in the Air Force's Office of Warfighting Integration and Chief Information Officer.",2006-01-01,2006-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",,['China'],['State'],,1,2006-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,State,,['https://gcn.com/Articles/2006/08/17/Red-storm-rising.aspx?Page=1'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://gcn.com/Articles/2006/08/17/Red-storm-rising.aspx?Page=1']
25,Operation Shady RAT,"Operation Shady RAT is the name given to hacker attacks in which at least 72 companies, organizations and governments around the world were systematically spied out between 2006 and 2011, attributed by Dimitri Alperovitch, a former employee of McAfee.",2006-01-01,2011-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Data theft,,"['United States', 'Canada', 'Korea, Republic of', 'Taiwan', 'Vietnam', 'Germany', 'India', 'Japan', 'United Kingdom']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS'], ['ASIA', 'SCS', 'SEA'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'NEA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Government / ministries', '', 'Energy', 'Telecommunications', 'Defence industry', 'Other social groups', '', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Defence industry', 'Other social groups', '', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Defence industry', 'Other social groups', '', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Defence industry', 'Other social groups', '', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Defence industry', 'Other social groups', '', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Defence industry', 'Other social groups', '', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Defence industry', 'Other social groups', '', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Defence industry', 'Other social groups', '', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Defence industry', 'Other social groups', '', '']]","['APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)', 'PLA Unit 61398']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state-group', 'Non-state actor, state-affiliation suggested', 'Non-state-group']","['', 'Criminal(s)', '', 'Criminal(s)']",3,2011-01-01; 2011-01-01; 2011-01-01; 2011-01-01; 2011-01-01; 2011-01-01; 2011-01-01; 2011-01-01; 2011-01-01; 2011-01-01; 2011-01-01; 2011-01-01,"Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Contested attribution; Contested attribution; Attribution by third-party; Attribution by third-party,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398; PLA Unit 61398; PLA Unit 61398; PLA Unit 61398; APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398; APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China; China; China; China; China; China; China; China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state-group; Non-state-group; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state-group; Non-state-group; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",; Criminal(s); ; Criminal(s); ; Criminal(s); ; Criminal(s); ; ; ; ,"['https://eugene.kaspersky.com/2011/08/18/shady-rat-shoddy-rat/', 'https://www.washingtonpost.com/national/national-security/report-identifies-widespread-cyber-spying/2011/07/29/gIQAoTUmqI_story.html?utm_term=.f1ca0cb01882', 'https://www.darkreading.com/attacks-and-breaches/shady-rat-no-china-smoking-gun/d/d-id/1099506?=&piddl_msgorder=thrd', 'https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?emc=na&_r=1&', 'https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://web.archive.org/web/20110804083836/http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf', 'https://eugene.kaspersky.com/2011/08/18/shady-rat-shoddy-rat/', 'https://www.washingtonpost.com/national/national-security/report-identifies-widespread-cyber-spying/2011/07/29/gIQAoTUmqI_story.html?utm_term=.f1ca0cb01882', 'https://www.darkreading.com/attacks-and-breaches/shady-rat-no-china-smoking-gun/d/d-id/1099506?=&piddl_msgorder=thrd', 'https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?emc=na&_r=1&', 'https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China', 'https://www.foxnews.com/tech/u-s-cybercops-caught-flat-footed-by-massive-global-cyberattack']"
34,APT  1 Campaign 2006-2013,"In its seminal report about APT  1, IT-company Mandiant exposed this group as being PLA Unit 61398, conducting economic cyber-espionage against targets wordlwide. One year later, the US released its first indictment against forein hackers, in this case from the Chinese APT  1.",2006-01-01,2013-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'United Kingdom', 'Canada', 'Taiwan', 'Singapore', 'Switzerland', 'Belgium', 'Israel', 'India', 'Japan']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['NATO', 'NORTHAM'], ['ASIA', 'SCS'], ['ASIA'], ['EUROPE', 'WESTEU'], ['EUROPE', 'EU', 'NATO', 'WESTEU'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science']]","[['Civil service / administration', '', '', '', '', ''], ['Civil service / administration', '', '', '', '', ''], ['Civil service / administration', '', '', '', '', ''], ['Civil service / administration', '', '', '', '', ''], ['Civil service / administration', '', '', '', '', ''], ['Civil service / administration', '', '', '', '', ''], ['Civil service / administration', '', '', '', '', ''], ['Civil service / administration', '', '', '', '', ''], ['Civil service / administration', '', '', '', '', ''], ['Civil service / administration', '', '', '', '', '']]","['APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)', 'PLA Unit 61398']","['China', 'China']","['State', 'State']",,2,2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01,"Domestic legal action; Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398; APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China; China; China,State; State; State; State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-APT%201-report.pdf', 'https://books.google.de/books?id=KNlEWdlTxYYC&pg=PA5&lpg=PA5&dq=APT +1+report+mandiant+senator&source=bl&ots=3Vjtz3BJHM&sig=ACfU3U35FSxtDFVHjIwB-4M0St6m8FAatg&hl=de&sa=X&ved=2ahUKEwiNzICc_LLyAhXxhf0HHcYJDyoQ6AF6BAglEAM#v=onepage&q=APT %201%20report%20mandiant%20senator&f=false']"
27,NSA vs. SWIFT,The NSA hacked the global payment system SWIFT,2006-01-01,2013-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['Belgium'],"[['EUROPE', 'EU', 'NATO', 'WESTEU']]",[['Critical infrastructure']],[['Finance']],['NSA/Equation Group'],['United States'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.spiegel.de/international/world/how-the-nsa-spies-on-international-bank-transactions-a-922430.html']
28,Denmark Cartoon Hack,Hackers break into about 600 Danish Websites to post threats and protest against satirical cartoons of the Prophet Mohammad,2006-03-01,2006-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,['Denmark'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Other']]",,,['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.cnet.com/news/danish-web-sites-hacked-over-mohammad-cartoons/']
29,DOS Asia Department Hack,The State Department is recovering from large-scale computer break-ins worldwide over the past several weeks that appeared to be directed at its headquarters and at offices dealing with Asia.,2006-06-01,2006-07-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking without Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['China'],['Unknown - not attributed'],,2,,"Attribution given, type unclear; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,,China; China,Unknown - not attributed; Unknown - not attributed,,"['https://books.google.de/books?id=bpgq3nwxU2EC&pg=PA71&lpg=PA71&dq=Dawn+Onley,+Dawn+and+Patience+Wait,+“Red+Storm+Rising:+DoD’s+Efforts+to+Stave+Off+Nation-+State+Cyber+Attacks+Begin+with+China,”+Government+Computer+News,+August+2006.&source=bl&ots=awl6HiyumB&sig=ACfU3U0RTfaKYx8TP4qt3qLNQSbmCoGOmQ&hl=de&sa=X&ved=2ahUKEwinsuDJgLzjAhVBEVAKHZyNBAsQ6AEwAHoECAUQAQ#v=onepage&q=Dawn%20Onley%2C%20Dawn%20and%20Patience%20Wait%2C%20“Red%20Storm%20Rising%3A%20DoD’s%20Efforts%20to%20Stave%20Off%20Nation-%20State%20Cyber%20Attacks%20Begin%20with%20China%2C”%20Government%20Computer%20News%2C%20August%202006.&f=false(S.71)']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2006/07/12/washington/12hacker.html', 'https://books.google.de/books?id=bpgq3nwxU2EC&pg=PA71&lpg=PA71&dq=Dawn+Onley,+Dawn+and+Patience+Wait,+“Red+Storm+Rising:+DoD’s+Efforts+to+Stave+Off+Nation-+State+Cyber+Attacks+Begin+with+China,”+Government+Computer+News,+August+2006.&source=bl&ots=awl6HiyumB&sig=ACfU3U0RTfaKYx8TP4qt3qLNQSbmCoGOmQ&hl=de&sa=X&ved=2ahUKEwinsuDJgLzjAhVBEVAKHZyNBAsQ6AEwAHoECAUQAQ#v=onepage&q=Dawn%20Onley%2C%20Dawn%20and%20Patience%20Wait%2C%20“Red%20Storm%20Rising%3A%20DoD’s%20Efforts%20to%20Stave%20Off%20Nation-%20State%20Cyber%20Attacks%20Begin%20with%20China%2C”%20Government%20Computer%20News%2C%20August%202006.&f=false(S.71)']"
30,BND vs. Spiegel & Afghan Minister,The German BND spied on the email conversation between an Afghani minister and a German Spiegel Journalist.,2006-06-08,2006-12-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,"['Germany', 'Afghanistan']","[['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SASIA']]","[['State institutions / political system', 'Media'], ['State institutions / political system', 'Media']]","[['Government / ministries', ''], ['Government / ministries', '']]",['BND'],['Germany'],['State'],,1,2008-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,BND,Germany,State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.spiegel.de/spiegel/print/d-56756328.html']
31,"Republican Frank Wolf, Chris Smith Hack","The office of the Republican Frank Wolf was hacked by China because of its longstanding critical attitude towards its human rights abuses, he said.",2006-08-01,2006-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'End user(s) / specially protected groups']]","[['Legislative', '']]",,['China'],['State'],,1,2008-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,State,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.nysun.com/foreign/china-critic-says-congressional-computers-hacked/79782/']
32,BIS Hack,An attack against the US Bureau of Industry and Security (BIS) forced the agency to turn off Internet access in early September 2006. Hundreds of computers must be replaced to cleanse the agency of malicious code.,2006-08-01,2006-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Hijacking without Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,['China'],"['Non-state actor, state-affiliation suggested']",,2,2006-01-01; 2006-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://custom.crn.com/news/security/193105261/chinese-hackers-hit-commerce-department.htm?itc=refresh'],Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theregister.co.uk/2006/10/09/chinese_crackers_attack_us/', 'https://custom.crn.com/news/security/193105261/chinese-hackers-hit-commerce-department.htm?itc=refresh']"
33,US Naval War College Hack 2006,"Computer and e-mail systems were off-line at the Naval War College following a network intrusion Nov.15. According to newsreports, hackers in China attacked the Website of the college, which trains senior Navy officers and develops cyberspace strategies.",2006-11-15,2006-12-04,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Disruption,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Science']]","[['Military', '']]",,['China'],"['Non-state actor, state-affiliation suggested']",,1,2006-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,,China,"Non-state actor, state-affiliation suggested",,['https://fcw.com/articles/2006/12/04/china-is-suspected-of-hacking-into-navy-site.aspx?sc_lang=en'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://fcw.com/articles/2006/12/04/china-is-suspected-of-hacking-into-navy-site.aspx?sc_lang=en']
26,APT 10/Technology Theft Campaign,"Beginning in or about 2006, members of the APT 10 Group, engaged in an intrusion campaign to obtain unauthorized access to the computers and computer networks of commercial and defense technology companies and U.S. Government agencies in order to steal information and data concerning a number of technologies",2006-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft,,"['United States', 'Brazil', 'Canada', 'France', 'Switzerland', 'Germany', 'India', 'Japan', 'United Kingdom', 'United Arab Emirates']","[['NATO', 'NORTHAM'], ['SOUTHAM'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'NEA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Energy', 'Telecommunications', 'Defence industry', ''], ['Government / ministries', 'Energy', 'Telecommunications', 'Defence industry', ''], ['Government / ministries', 'Energy', 'Telecommunications', 'Defence industry', ''], ['Government / ministries', 'Energy', 'Telecommunications', 'Defence industry', ''], ['Government / ministries', 'Energy', 'Telecommunications', 'Defence industry', ''], ['Government / ministries', 'Energy', 'Telecommunications', 'Defence industry', ''], ['Government / ministries', 'Energy', 'Telecommunications', 'Defence industry', ''], ['Government / ministries', 'Energy', 'Telecommunications', 'Defence industry', ''], ['Government / ministries', 'Energy', 'Telecommunications', 'Defence industry', ''], ['Government / ministries', 'Energy', 'Telecommunications', 'Defence industry', '']]","['APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)']",['China'],"['Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01,"Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by third-party,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.justice.gov/opa/press-release/file/1121706/download', 'https://intrusiontruth.wordpress.com/2018/08/15/APT 10-was-managed-by-the-tianjin-bureau-of-the-chinese-ministry-of-state-security/']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.wired.com/story/doj-indictment-chinese-hackers-APT%2010/', 'https://www.justice.gov/opa/press-release/file/1121706/download', 'https://intrusiontruth.wordpress.com/2018/08/15/APT 10-was-managed-by-the-tianjin-bureau-of-the-chinese-ministry-of-state-security/']"
35,Operation RedOctober,"Kaspersky found 2013 a campaign of espionage/stealing of confidential information in many countries, mostly in Eastern Europe, but also in Western Europe and America, specifically targeting ""Cryptofiler""files. Some evidence point to Russian and Chinese hackers,while precisely the origin could not be identified",2007-01-01,2013-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,"['Russia', 'Kazakhstan', 'Azerbaijan', 'Belgium', 'India', 'Afghanistan', 'Armenia', 'Iran, Islamic Republic of', 'Turkmenistan', 'Ukraine']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['ASIA', 'CSTO', 'SCO'], ['ASIA', 'CENTAS'], ['EUROPE', 'EU', 'NATO', 'WESTEU'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA'], ['ASIA', 'CENTAS', 'CSTO'], ['ASIA', 'MENA', 'MEA'], ['ASIA'], ['EUROPE', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Military', 'Energy', ''], ['Government / ministries', 'Military', 'Energy', ''], ['Government / ministries', 'Military', 'Energy', ''], ['Government / ministries', 'Military', 'Energy', ''], ['Government / ministries', 'Military', 'Energy', ''], ['Government / ministries', 'Military', 'Energy', ''], ['Government / ministries', 'Military', 'Energy', ''], ['Government / ministries', 'Military', 'Energy', ''], ['Government / ministries', 'Military', 'Energy', ''], ['Government / ministries', 'Military', 'Energy', '']]",,"['China', 'Russia']",['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,,China; Russia,Unknown - not attributed; Unknown - not attributed,,['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/the-red-october-campaign/57647/', 'https://www.bbc.com/news/technology-21013087', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies']"
36,Operation Byzantine Hades (Lockheed Martin) - 2007,"Documents leaked by Edward Snowden are the first public confirmation that Chinese hackers have been able to extrapolate top secret data on the F-35 Lightning II joint strike fighter jet. According to sources, the data breach already took place in 2007 at the prime subcontractor Lockheed Martin.",2007-01-01,2007-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Defence industry']],,['China'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,,,,China; China,State; State,,['https://thediplomat.com/2015/01/new-snowden-documents-reveal-chinese-behind-f-35-hack/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://thediplomat.com/2015/01/new-snowden-documents-reveal-chinese-behind-f-35-hack/', 'https://de.reuters.com/article/usa-fighter-hacking/theft-of-f-35-design-data-is-helping-u-s-adversaries-pentagon-idUSL2N0EV0T320130619']"
37,Turkish Hacker vs. Sweden,Attacks on Swedish Web hosts and Web sites following the publication of a satirical drawing by Lars Vilks portraying the Muslim Prophet Mohammed as a roundabout dog by turkish hackers,2007-01-01,2007-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Sweden'],"[['EUROPE', 'EU', 'NORTHEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Other']]",,,['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Turkey,Non-state-group,Hacktivist(s),['https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html']
38,Swedish Hackers vs. Turkey,A group of swedish hackers has chosen to leak these user details in response to the many recent attacks on Swedish Web hosts and Web sites following the publication of a satirical drawing by Lars Vilks portraying the Muslim Prophet Mohammed as a roundabout dog.,2007-01-01,2007-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Other']]",,,['Sweden'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Sweden,Non-state-group,Hacktivist(s),['https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html']
39,Infy/Prince of Persia,"Prince of Persia Campaign used InfyMalware for almost ten years to spy on government and corporate entities, also known as Operation Mermaid.",2007-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,"['Iran, Islamic Republic of', 'United States', 'Denmark', 'Israel', 'Saudi Arabia', 'Pakistan', 'Afghanistan', 'Iraq']","[['ASIA', 'MENA', 'MEA'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA'], ['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]","[['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', '']]",['Infy'],['Unknown'],['Unknown - not attributed'],,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Infy,Unknown,Unknown - not attributed,,"['http://blogs.360.cn/post/operation-mermaid.html', 'https://www.blackhat.com/docs/us-16/materials/us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance-wp.pdf']",National power; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://unit42.paloaltonetworks.com/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks/', 'http://blogs.360.cn/post/operation-mermaid.html', 'https://www.blackhat.com/docs/us-16/materials/us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance-wp.pdf']"
40,Darkhotel APT,DarkHotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests,2007-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"[""Korea, Democratic People's Republic of"", 'Japan', 'India', 'United States', 'Asia (region)']","[['ASIA', 'NEA'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SASIA', 'SCO'], ['NATO', 'NORTHAM'], []]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Other']]","[['Military', 'Intelligence agencies', 'Defence industry', '', '', ''], ['Military', 'Intelligence agencies', 'Defence industry', '', '', ''], ['Military', 'Intelligence agencies', 'Defence industry', '', '', ''], ['Military', 'Intelligence agencies', 'Defence industry', '', '', ''], ['Military', 'Intelligence agencies', 'Defence industry', '', '', '']]",['DarkHotel'],"['Korea, Republic of']","['Non-state actor, state-affiliation suggested']",,1,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DarkHotel,"Korea, Republic of","Non-state actor, state-affiliation suggested",,"['https://www.wired.com/2014/11/darkhotel-malware/', 'https://labs.bitdefender.com/2017/07/inexsmar-an-unusual-darkhotel-campaign/']",Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/the-darkhotel-apt/66779/', 'https://www.wired.com/2014/11/darkhotel-malware/', 'https://labs.bitdefender.com/2017/07/inexsmar-an-unusual-darkhotel-campaign/']"
41,CozyBear vs. Obama Campaign,"State-sponsored Russian hackers systematically targeted the campaign of Barack Obama and close government officials in 2007 and thus immediately before his first candidacy in 2008. Mainly phishing attacks are said to have been involved. According to the Area 1 Security report, however, Chinese influence cannot be ruled out entirely, as they carried out a massive cyberespionage operation against the 2008 presidential campaigns of Barack Obama and John McCain.",2007-01-01,2017-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Election infrastructure / related systems']]",['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)'],['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.newsweek.com/russia-hacking-trump-clinton-607956']
42,Poison Ivy APT,"Through research, 360 Helios Team has found that, since 2007, the PoisonIvy Group has carried out 11 years of cyberespionage campaigns against Chinese key units and departments, such as national defense, government, science and technology, education and maritime agencies. The group seems to have similar interests as OceanLotus.",2007-01-01,2018-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'Science', 'Other']]","[['Government / ministries', 'Military', '', '']]",['PoisonIvy/APT-C-01'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,PoisonIvy/APT-C-01,Unknown,Unknown - not attributed,,['http://blogs.360.cn/post/APT_C_01_en.html'],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://blogs.360.cn/post/APT_C_01_en.html']
43,Careto aka The Mask,The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007. What makes The Mask special is the complexity of the toolset used by the attackers.,2007-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"['Morocco', 'Brazil', 'United Kingdom', 'Spain', 'France', 'Switzerland', 'Libya', 'United States']","[['AFRICA', 'NAF', 'MENA'], ['SOUTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'WESTEU'], ['AFRICA', 'MENA', 'MEA', 'NAF'], ['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Other'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Other'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Other'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Other'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Other'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Other'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Other'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Other']]","[['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', '']]",['Careto/The Mask'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Careto/The Mask,Unknown,"Non-state actor, state-affiliation suggested",,['https://securelist.com/the-caretomask-apt-frequently-asked-questions/58254/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securelist.com/the-caretomask-apt-frequently-asked-questions/58254/']
44,Putter Panda aka APT 2,"Crowdstrike has been tracking the activity of a cyber espionage group operating out of shanghai, China, with connections to the People’s liberation army third General staff department (Gsd) 12th Bureau Military Unit Cover designator (MUCd) 61486, since 2012, active at least since 2007. The group shows similarities to the conduct of APT 1 aka Comment Crew/Panda, which is aligned with PLA Unit 61398.",2007-01-01,2012-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft,,"['United States', 'Europe (region)']","[['NATO', 'NORTHAM'], []]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Science']]","[['Military', 'Telecommunications', 'Defence industry', ''], ['Military', 'Telecommunications', 'Defence industry', '']]",['Putter Panda/APT 2'],['China'],['State'],,1,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Putter Panda/APT 2,China,State,,['http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf'],International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf']
45,The Mobile Surge,"According to documents leaked by Edward Snowden, the American NSA and the British Government Communications Headquarters allegedly collected and stored dozens of pieces of data from smartphone apps in a joint initiative called The Mobile Surge until 2007. The main purpose of this was the systematic exchange of ways to obtain information, but information was also tapped, especially from apps that had been around for a while. Publicly, this initiative has been used to gain a better understanding of potential security vulnerabilities that could improve the privacy of citizens' sensitive data in the long term. The UK authority relies on the fact that it would therefore be in compliance with the law. However, it is not known how many users are affected by this action. ",2007-01-01,2013-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['Global (region)'],,"[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]",,"['NSA/Equation Group', 'GCHQ']","['United Kingdom', 'United States', 'United Kingdom', 'United States']","['State', 'State']",,2,2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution; Media-based attribution; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ; NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ,United Kingdom; United States; United Kingdom; United States; United States; United Kingdom; United States; United Kingdom,State; State; State; State; State; State; State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html']
46,Stuxnet,US and Israeli created worm Stuxnet infiltrates Iranian nuclear facility which leads to destruction of uranium centrifuges.,2007-01-01,2010-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Critical infrastructure']]","[['Military', 'Defence industry']]",['NSA/Equation Group'],"['Israel', 'United States']",['State'],,2,2011-01-01; 2011-01-01; 2011-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker,,,,NSA/Equation Group; NSA/Equation Group; NSA/Equation Group,Israel; United States; United States,State; State; State,,"['https://www.cbsnews.com/news/iran-blames-us-israel-for-stuxnet-malware/', 'https://www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/', 'https://archive.f-secure.com/weblog/archives/00002791.html', 'https://web.archive.org/web/20150217023145/https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf']",System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,multiple,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",Long lasting effects (> 24h; incident scores 2 points in intensity),7,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",10.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.jpost.com/international/article-731254', 'https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months', 'https://www.malwarebytes.com/blog/news/2023/03/ransomware-gunning-for-transport-sectors-ot-systems-next', 'https://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=2&pagewanted=2&seid=auto&smid=tw-nytimespolitics&pagewanted=all', 'https://www.cbsnews.com/news/iran-blames-us-israel-for-stuxnet-malware/', 'https://www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/', 'https://archive.f-secure.com/weblog/archives/00002791.html', 'https://web.archive.org/web/20150217023145/https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf', 'https://therecord.media/more-than-2000-cybersecurity-patent-applications-filed-since-2010-report/']"
48,Perdido,"According to the in 2013 by Snowden leaked NSA 2007 document, US intelligence services are spying on the European Union mission in New York and its embassy in Washington. One document lists 38 embassies and missions. Germany's justice minister, Sabine Leutheusser-Schnarrenberger, Robert Madelin, one of Britain's most senior officials in the European commission, a spokesman for the European commission, Guy Verhofstadt, the former Belgian primeminister and others have commented on the incident.",2007-01-01,2013-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['EU (region)', 'France', 'Greece', 'Italy', 'Mexico', 'Korea, Republic of', 'Turkey', 'Japan', 'India']","[['EU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'BALKANS'], ['EUROPE', 'NATO', 'EU'], [], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'International / supranational organization'], ['State institutions / political system', 'International / supranational organization'], ['State institutions / political system', 'International / supranational organization'], ['State institutions / political system', 'International / supranational organization'], ['State institutions / political system', 'International / supranational organization'], ['State institutions / political system', 'International / supranational organization'], ['State institutions / political system', 'International / supranational organization'], ['State institutions / political system', 'International / supranational organization'], ['State institutions / political system', 'International / supranational organization']]",,['NSA/Equation Group'],['United States'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/world/2013/jun/30/nsa-spying-europe-claims-us-eu-trade', 'https://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies']"
49,Support of Bundeswehr Presence in Congo,The German BND hacked computers in the Democratic Republic of Congo with the goal of gathering information to support the Bundeswehr presence there,2007-01-01,2007-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,"['Congo, the Democratic Republic of the']","[['AFRICA', 'SSA']]",[['Unknown']],,['BND'],['Germany'],['State'],,1,2008-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,BND,Germany,State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
50,Operation Pawn Storm 2007,"Fancy Bear attacked the military and defense contractors of the US and some of their allies in a longterm espionage campaign, with the usage of some Zerodays",2007-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,"['United States', 'France', 'Russia', 'Pakistan', 'Holy See (Vatican City State)', 'Austria', 'Hungary', 'Poland']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['EUROPE'], ['EUROPE', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Media']]","[['Government / ministries', 'Military', 'Defence industry', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Military', 'Defence industry', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Military', 'Defence industry', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Military', 'Defence industry', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Military', 'Defence industry', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Military', 'Defence industry', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Military', 'Defence industry', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Military', 'Defence industry', 'Political opposition / dissidents / expats', '']]",,['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf']
51,Russian Anti-Kasparov Campaign,"Pro-Russian hackers bombarded the sites of opposition leaders like Garry Kasparov in the midst of his 2007 campaign for president, keeping Kasparov's site offline or sluggish at key moments during the campaign season",2007-01-01,2007-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Political parties', 'Election infrastructure / related systems']]",,['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution,,,,,Russia,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.wired.com/story/russia-election-hacking-playbook/']
52,Azerbaijani-Armenian Cybewar 2007 Armenian Attack,Hackers identifying themselves to be connected to the Armenian state service hacked and defaced the website of the Azerbaijani state television,2007-01-22,2007-01-22,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Azerbaijan'],"[['ASIA', 'CENTAS']]","[['State institutions / political system', 'Media']]","[['Election infrastructure / related systems', '']]",['Armenian State Service'],['Armenia'],['State'],,1,2007-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Armenian State Service,Armenia,State,,[],Territory; Secession,Territory; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
53,Azerbaijani-Armenian Cybewar 2007 Azerbaijani Counterattack,Bacioglu counter attacked and defaced five Armenian websites,2007-01-29,2007-01-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Armenia'],"[['ASIA', 'CENTAS', 'CSTO']]","[['Social groups', 'Other']]","[['Advocacy / activists (e.g. human rights organizations)', '']]",['Bacioglu'],['Azerbaijan'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bacioglu,Azerbaijan,Individual hacker(s),,[],Territory; Secession,Territory; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
54,Azerbaijani-Armenian Cyberwar 2007 Axteam intevenes,"Axteam, an Armenian hackergroup retaliated for Bacioglus attack and took down Azerbaijani websites",2007-02-05,2007-02-05,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Azerbaijan'],"[['ASIA', 'CENTAS']]",[['Media']],,['Axteam'],['Armenia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Axteam,Armenia,Non-state-group,Hacktivist(s),[],Territory; Secession,Territory; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
55,Chemical Hack,"By stealing the password the North Korean hacker unit could excess information including data on organizations that manufacture toxic chemical substances, and the information on types of toxic chemical substances.",2007-03-01,2007-03-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Science']]","[['Military', '']]",,"[""Korea, Democratic People's Republic of""]",['State'],,2,2014-01-01; 2014-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker; Attribution by third-party,,,,,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of",State; State,,['https://www.hsdl.org/?view&did=790510'],System / ideology,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hsdl.org/?view&did=790510']
56,Estonia 2007,"Different targets in Estonia attacked on the background of tensions with Russia and Russian minority in Estonia over removal of Soviet war memorial. Estonia accused Russia, but involvement of Russian government is contested and doubted by experts from the IT sector.",2007-04-27,2007-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Disruption,,['Estonia'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Government / ministries', 'Legislative', 'Political parties', '', '']]",,['Russia'],"['Non-state actor, state-affiliation suggested']",,3,2007-01-01; 2007-01-01; 2007-01-01,"Political statement / report (e.g., on government / state agency websites); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Attribution given, type unclear",Attribution by receiver government / state entity; IT-security community attributes attacker; Contested attribution,,,,,Russia; Unknown; Russia,"Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested",,"['https://www.theguardian.com/world/2007/may/17/topstories3.russia', 'http://www.spiegel.de/international/world/old-wars-and-new-estonians-accuse-kremlin-of-cyberwarfare-a-483394.html', 'https://searchsecurity.techtarget.com/news/1255548/Experts-doubt-Russian-government-launched-DDoS-attacks', 'http://www.internetnews.com/security/article.php/3678606']",System / ideology; Autonomy,Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://news.bbc.co.uk/2/hi/europe/6665195.stm', 'https://www.theguardian.com/world/2007/may/17/topstories3.russia', 'http://foreignpolicy.com/2010/12/07/who-was-behind-the-estonia-cyber-attacks/', 'http://www.spiegel.de/international/world/old-wars-and-new-estonians-accuse-kremlin-of-cyberwarfare-a-483394.html', 'https://searchsecurity.techtarget.com/news/1255548/Experts-doubt-Russian-government-launched-DDoS-attacks', 'http://www.internetnews.com/security/article.php/3678606', 'https://www.rferl.org/a/bulgaria-soviet-war-memorials-ghosts-art-nft-brezunek/32038555.html']"
57,DoD Systems Outage,"China accused of attack on the Office of the Secretary of Defense, according to what US Secretary of Defense Robert Gatest old reporters it was unclassified OSD emailsystem.",2007-06-01,2007-06-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",,['China'],['State'],,1,2007-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://web.archive.org/web/20070625081555/http://www.theregister.co.uk/2007/06/22/department_of_defense_email_hacked/', 'http://news.bbc.co.uk/2/hi/americas/6977533.stm', 'https://www.telegraph.co.uk/news/worldnews/1562149/Chinese-military-hacked-into-Pentagon.html', 'https://www.ft.com/content/9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac']"
58,Chinese Espionage in Germany,"Der Spiegel reports based on BfV-report attacks from China on Germany like Chinese espionage attacks on other countries , Merkel didn't comment it directly on the summit ,while ""German officials believe the hackers were being directed by the People's Liberation Army "". Later German politicians asked Government to make direct remonstrations with Chinese officials, inparticular SPD politician Rolf Muetzenich, FDP expert of internal affairs Max Stadler and others.",2007-08-01,2007-08-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],,['China'],['State'],,1,2007-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,State,,['https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf', 'http://www.spiegel.de/netzwelt/tech/computerspionage-chinesische-trojaner-auf-pcs-im-kanzleramt-a-501954.html', 'http://www.spiegel.de/international/world/espionage-report-merkel-s-china-visit-marred-by-hacking-allegations-a-502169.html', 'http://www.spiegel.de/politik/ausland/computer-spionage-fdp-will-chinesische-hacker-angriffe-in-den-bundestag-bringen-a-502253.html', 'https://www.heise.de/newsticker/meldung/Politiker-fordern-Aufklaerung-ueber-chinesische-Trojaner-Angriffe-Update-167417.html']"
59,UN website Defacement,"The hackers, who named themselvesas ""kerem125"", ""Gsy"" and ""M0sted"", one of which claimed to be Turkish, defaced main UN website with logos against the US and Israel killing children, as well as claimed having hacked many other sites including the webpages for the Economic and Social Council and the Paris website of the UN Environment Program, Harvard, Norfolk and Norwich University Hospital in Britain and other US and Israeli universities, Toyota, Nestle, Yahoo Korea, MSN Italy, CocaCola, Sony, Renault.",2007-08-12,2007-08-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"['United Nations', 'United Nations Economic and Social Council', 'United Nations Environment Programme', 'United States', 'Israel', 'United Kingdom']","[[], [], [], ['NATO', 'NORTHAM'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['International / supranational organization', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['International / supranational organization', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['International / supranational organization', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['International / supranational organization', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['International / supranational organization', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['International / supranational organization', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]",,,['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.dailytelegraph.com.au/news/world/united-nations-website-hacked/news-story/13e8a7ae2ea91870029e1ab1c594c57f?sv=98f5643b01e22cb449ca41be1a1ce43a', 'https://www.computerworld.com/article/2543082/security0/-hackers--deface-un-site.html', 'https://www.iol.co.za/business-report/technology/un-hackers-used-sql-injection-901265', 'http://news.bbc.co.uk/2/hi/technology/6943385.stm']"
60,DHS breach 2007,"Sensitive information from Department of Homeland Security was exfiltrated on Chinese-language websites, the contractor charged with network security was suspected. They""don't know what was taken"", but to the best of our knowledge there was no classified information [taken].""",2007-09-01,2007-09-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://edition.cnn.com/2007/US/09/24/homelandsecurity.computers/index.html?eref=']
61,Chinese Attack on french systems,"Francis Delon,the secretary general of France's National Defence Office ,confirmed that Chinese hackers had ""penetrated outer levels"" of state computer systems,but French gov. has no proof that Chinese government is behind the attacks,even though have some evidence of Chinese invorlvement.",2007-09-01,2007-09-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",,['China'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,China,Unknown - not attributed,,['https://www.theregister.co.uk/2007/09/12/french_cyberattacks/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://web.archive.org/web/20080118141424/http://www.france24.com/france24Public/en/news/france/20070909-Internet-piracy-france-secuirty-china-hacker.html', 'https://www.theregister.co.uk/2007/09/12/french_cyberattacks/']"
62,Operation Orchard,"Israel reportedly used electronic warfare to take over Syrian air-defenses and feed them a false-skypicture, for the entire period of time that the Israeli fighter jets needed to cross Syria, bomb their target and return.",2007-09-06,2007-09-07,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Military']],,['Israel'],['State'],,1,2009-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution,,,,,Israel,State,,[],Territory; International power; Other,Territory; Other,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.wired.com/2007/10/how-israel-spoo/', 'http://www.spiegel.de/international/world/the-story-of-operation-orchard-how-israel-destroyed-syria-s-al-kibar-nuclear-reactor-a-658663.html']"
63,Satellite Hack,"US commission claimed in the draft of an annual report that in October 2007, July (and October) 2008 hackers used a groundstation to interfere with the operation of two US government satellites used for earth observation. The commission did not explicitly accuse the Chinese government of orchestrating the attacks, but said they were consistent with Chinese military protocol.",2007-10-01,2007-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Science']],,,['China'],"['Non-state actor, state-affiliation suggested']",,1,2011-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/technology/2011/oct/27/chinese-hacking-us-satellites-suspected', 'https://www.theguardian.com/technology/2011/oct/31/china-us-claims-satellite-hacking']"
64,Taiwan vs. Chinese Government 2007,"The Chinese government accused Taiwan's intelligence agency of compromising Chinese government, military and defence ind. networks. A secret agent Lee Fang-jung was accused of gaining access to information related to political, military, diplomatic, economic, medical and health affairs. Diff. Some Taiwanese officials indirectly confirmed, some denied the incident or claimed no awareness of it.",2007-10-01,2007-10-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Civil service / administration', 'Military', 'Defence industry']]",,['Taiwan'],['State'],,1,2007-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Taiwan,State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.scmp.com/article/613904/beijing-seeks-taiwanese-secret-agent-over-hacking']
65,Chinese Espionage in GB 2007,"Jonathan Evans, the Director‐General of MI5, accused the Russian and ""Chinese state organisations ""of espionage against British banks and companies",2007-11-01,2007-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['China'],"['Non-state actor, state-affiliation suggested']",,1,2007-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.thetimes.co.uk/article/mi5-alert-on-chinas-cyberspace-spy-threat-tbxdgkv5l9v', 'http://www.washingtonpost.com/wp-dyn/content/article/2007/12/03/AR2007120300782.html']"
66,Chinese Attack against US-Election Campaigns,"U.S. officials have determined that the Chinese government hacked into and spied on the 2008 presidential campaigns of Barack Obama and John McCain. Obama publicly referred to the attacks -- in general terms -- at a May 29, 2009, at White House event announcing a new cybersecurity policy. But neither the president nor his top aides publicly spoke about the identity of the hackers.",2008-01-01,2008-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Political parties', 'Election infrastructure / related systems']]",,['China'],['State'],,1,2013-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,State,,[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://thehill.com/policy/technology/304111-report-china-hacked-obama-mccain-campaigns', 'https://www.theguardian.com/global/2008/nov/07/obama-white-house-usa']"
67,Regin,"Technical reports from Kaspersky and Symantec, which first reported on a tool called Regin in autumn 2014, show that the malware has been active for more than 10 years and has infected numerous countries such as Germany, Belgium, Brazil and two other countries in South (East) Asia. Several versions of Regin have been found in the wild, targeting various businesses, institutions, academics and individuals.
Regin is described as a versatile data collection tool that is the most dangerous spy tool after Stuxnet. 
In 2015, it was identified as an NSA toolkit used by the international intelligence alliance Five Eyes.",2008-01-01,2018-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['Germany', 'Pakistan', 'Saudi Arabia', 'Russia', 'Brazil', 'Austria', 'Iran, Islamic Republic of', 'Belgium']","[['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['SOUTHAM'], ['EUROPE', 'EU', 'WESTEU'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'EU', 'NATO', 'WESTEU']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Critical infrastructure', 'Critical infrastructure']]","[['', 'Energy', '', '', 'Transportation', 'Telecommunications'], ['', 'Energy', '', '', 'Transportation', 'Telecommunications'], ['', 'Energy', '', '', 'Transportation', 'Telecommunications'], ['', 'Energy', '', '', 'Transportation', 'Telecommunications'], ['', 'Energy', '', '', 'Transportation', 'Telecommunications'], ['', 'Energy', '', '', 'Transportation', 'Telecommunications'], ['', 'Energy', '', '', 'Transportation', 'Telecommunications'], ['', 'Energy', '', '', 'Transportation', 'Telecommunications']]",['GCHQ'],['United Kingdom'],['State'],,2,2015-01-01; 2015-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Media-based attribution,,,,GCHQ; NSA/Equation Group,United Kingdom; United States,State; State,,['http://www.spiegel.de/international/world/regin-malware-unmasked-as-nsa-tool-after-spiegel-publishes-source-code-a-1015255.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf', 'https://www.itpro.co.uk/security/33926/former-yandex-ciso-weighs-in-on-alleged-five-eyes-hack', 'http://www.spiegel.de/international/world/regin-malware-unmasked-as-nsa-tool-after-spiegel-publishes-source-code-a-1015255.html']"
68,Anarchist,US and UK agencies hacked into Israeli drones and other aircraft as they gathered intelligence according to the leaks of Edward Snowden. Intelligence reports stemming from GCHQ and the NSA extend from 2008 to 2012.,2008-01-01,2012-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Military']],"['NSA/Equation Group', 'GCHQ']","['United States', 'United Kingdom']","['State', 'State']",,2,2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution; Media-based attribution; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ; NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ,United States; United Kingdom; United States; United Kingdom; United States; United Kingdom; United States; United Kingdom,State; State; State; State; State; State; State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://theintercept.com/2016/01/28/israeli-drone-feeds-hacked-by-british-and-american-intelligence/', 'https://www.jpost.com/Israel-News/Report-US-UK-intelligence-hacked-into-Israeli-drones-under-operation-Anarchist-443228', 'https://www.nytimes.com/2016/01/30/world/middleeast/israel-drones-snowden-britain-us.html']"
69,Blackgear,"Blackgear, also known as Topgear and Comnie, has been around since at least 2008, mainly targeting entities in Taiwan, South Korea and Japan. Their objectives include organizations in the telecommunications, defense, government, aerospace, and high-tech sectors.",2008-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"['Taiwan', 'Korea, Republic of', 'Japan']","[['ASIA', 'SCS'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Telecommunications', 'Defence industry', ''], ['Government / ministries', 'Telecommunications', 'Defence industry', ''], ['Government / ministries', 'Telecommunications', 'Defence industry', '']]",['Blackgear/Topgear/Comnie'],['Unknown'],['Unknown - not attributed'],,2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Attribution given, type unclear",IT-security community attributes attacker; Media-based attribution,,,,Blackgear/Topgear/Comnie; Blackgear/Topgear/Comnie,Unknown; China,"Unknown - not attributed; Non-state actor, state-affiliation suggested",,['https://www.securityweek.com/blackgear-cyberspies-resurface-new-tools-techniques'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-cyberespionage-campaign-resurfaces-abuses-social-media-for-cc-communication/', 'https://www.securityweek.com/blackgear-cyberspies-resurface-new-tools-techniques']"
70,Optic Nerve,The british GCHQ spied on the webcams of millions of Yahoo users,2008-01-01,2012-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['Global (region)'],,[['End user(s) / specially protected groups']],,['GCHQ'],['United Kingdom'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo']
71,World of Spycraft,"The NSA and CIA gathered information on online gamers via various methods, including infiltrating online communities and data mining.",2008-01-01,2013-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['Global (region)'],,[['End user(s) / specially protected groups']],,['NSA/Equation Group'],['United States'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.propublica.org/article/world-of-spycraft-intelligence-agencies-spied-in-online-games']
72,GCHQ vs. Journalists,"The british GCHQ wiretapped emails of journalists, seeing them as a serious security threat",2008-01-01,2008-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['United Kingdom', 'United States', 'France']","[['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Media'], ['Media'], ['Media']]",,['GCHQ'],['United Kingdom'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/uk-news/2015/jan/19/gchq-intercepted-emails-journalists-ny-times-bbc-guardian-le-monde-reuters-nbc-washington-post']
73,Chinese Attack against Alcoa,"Chinese military hackers accessed the network of Alcoa, with the goal of getting access to commercial secrets",2008-01-01,2008-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)', 'PLA Unit 61398']","['China', 'China']","['State', 'State']",,1,2014-01-01; 2014-01-01,Domestic legal action; Domestic legal action,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,[],International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor']
75,Pinch duke,"The campaign of Pinch Duke is malware toolset attributed to the Dukes, a Russian state-sponsored cyberespionage operation with the joint goal of gathering intelligence on the sentiments of the targeted countries.",2008-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"['Georgia', 'Turkey', 'Kazakhstan', 'Azerbaijan', 'Uzbekistan', 'Kyrgyzstan']","[['ASIA', 'CENTAS'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'CSTO', 'SCO'], ['ASIA', 'CENTAS'], ['ASIA', 'CENTAS', 'CSTO', 'SCO'], ['ASIA', 'CENTAS', 'CSTO', 'SCS']]","[['State institutions / political system', 'International / supranational organization', 'Social groups'], ['State institutions / political system', 'International / supranational organization', 'Social groups'], ['State institutions / political system', 'International / supranational organization', 'Social groups'], ['State institutions / political system', 'International / supranational organization', 'Social groups'], ['State institutions / political system', 'International / supranational organization', 'Social groups'], ['State institutions / political system', 'International / supranational organization', 'Social groups']]","[['Government / ministries', '', 'Criminal'], ['Government / ministries', '', 'Criminal'], ['Government / ministries', '', 'Criminal'], ['Government / ministries', '', 'Criminal'], ['Government / ministries', '', 'Criminal'], ['Government / ministries', '', 'Criminal']]",['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)'],['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf']
76,Project Chanology,"Anonymous attacks (with DDoS and other disruption-oriented attacks) the Church of Scientology firstly in response to the take-down of the Tom Cruise video, against Scientology's actions viewed as Internet censorship.",2008-01-01,2008-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Religious']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/technology/2008/feb/04/news', 'http://artofthemooc.org/wiki/project-chanology/', 'https://www.cnet.com/news/anonymous-hackers-take-on-the-church-of-scientology/']"
77,Tibetean Activists Attacked,Pro-Tibet activist groups attacked through e-mails allegedly from China on the background of increased protests,2008-03-01,2008-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft,,"['China', 'United States']","[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['NATO', 'NORTHAM']]","[['Social groups'], ['Social groups']]","[['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)']]",,['China'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,China,Unknown - not attributed,,[],System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theregister.co.uk/2008/03/22/pro_tibetan_groups_targeted/', 'http://www.washingtonpost.com/wp-dyn/content/article/2008/03/21/AR2008032102605.html']"
78,"""Chinese Civil Militia"" attack on Pentagon","A group of Chinese hackers, belonging to what Western experts say is ""civilian cyber militia"" in China, has claimed to gain unauthorized entry to several high-protected computer systems of the US including the servers of the Pentagon and downloaded information. The hackers' group also said that the Chinese government sometimes pays it secretly.",2008-03-07,2008-03-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['China'],['Unknown - not attributed'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,China,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.spamfighter.com/News-10011-Chinese-Hackers-Claim-Gaining-Unauthorized-Entry-into-Pentagon.htm', 'http://edition.cnn.com/2008/TECH/03/07/china.hackers/index.html']"
79,Byzantine Candor,More than 50 megabytes of email messages and a complete list of user names and passwords from an unspecified US government agency were stolen according to a State Department cable made public by WikiLeaks. At least some of the attacks originated from a Shanghai-based hacker group linked to the People’s Liberation Army’s Third Department,2008-04-01,2008-10-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Election infrastructure / related systems']],"['APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)', 'PLA Unit 61398']","['China', 'China']","['State', 'State']",,1,2011-01-01; 2011-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Attribution by third-party,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-china-usa-cyberespionage/special-report-in-cyberspy-vs-cyberspy-china-has-the-edge-idUSTRE73D24220110414', 'https://www.nytimes.com/2010/12/05/world/asia/05wikileaks-china.html', 'https://venturebeat.com/2010/12/04/wikileaks-documents-lay-bare-vast-hacking-attempts-by-chinese-leaders/', 'https://www.smh.com.au/technology/beijing-used-hackers-to-find-us-secrets-20101205-18lf8.html']"
80,Belgium State Department Hack 2008,Belgium officials said that government computer networks are targeted by attacks from China which could benefit Chinese government,2008-04-01,2008-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,['Belgium'],"[['EUROPE', 'EU', 'NATO', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],,['China'],"['Non-state actor, state-affiliation suggested']",,1,2008-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.sophos.com/en-us/press-office/press-releases/2008/05/belgium.aspx', 'https://www.theregister.co.uk/2008/05/08/belgium_india_china_warnings/']"
81,Chinese Hacktivist Attack on CNN,Chinese hackers organised several attacks on CNN and later other websites.,2008-04-17,2008-05-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Media']],,,['China'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,China,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://chinascope.org/archives/6680', 'https://www.pcworld.com/article/144809/article.html', 'https://news.netcraft.com/archives/2008/04/22/cnn_site_bears_the_brunt_of_chinese_attackers.html', 'https://www.zdnet.com/article/chinese-hackers-disable-cnn-com-for-three-hours/']"
82,DDOS on RFE - 2008,"Primarily Radio Free Europe in Belarus (though also in some other countries) was targeted with DDoS allegedly related to its coverage of a rally organized by opposition to the Belarusian opposition. RFE provided no solid evidence, but said the Belarusian government was most likely behind the attacks. Other Belarusian websites including Charter97 were also hit. The botnet behind the attacks was a Russian-language botnet that had been active in other politically motivated attacks in there centpast.",2008-04-26,2008-04-28,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Disruption,,"['Belarus', 'Serbia', 'Russia', 'Tajikistan', 'United States']","[['EUROPE', 'EASTEU', 'CSTO'], ['EUROPE', 'BALKANS', 'WBALKANS'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['ASIA', 'CENTAS', 'CSTO', 'SCO'], ['NATO', 'NORTHAM']]","[['Media'], ['Media'], ['Media'], ['Media'], ['Media']]",,,['Belarus'],['State'],,1,2008-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Belarus,State,,[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.theregister.co.uk/2008/04/29/radio_free_europe_ddos_attacks/']
83,Chilean Education Data Leak,"The Education Ministry, Electoral Service and military servers used by the Chilean government have been infiltrated by a hacker. ""Confidential"" personal records of over 6 million Chileans were published then. The hacker claimed the reason was to show the lack of overall data protection there exists in Chile.",2008-05-12,2008-05-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Chile'],[['SOUTHAM']],"[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",,['Chile'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Chile,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.bbc.co.uk/2/hi/americas/7395295.stm']
84,Anti-Lithuanian Defacement 2008,"300 Lithuanian official and private websites were defaced with communist symbols after the ban on communist symbols in the country, but the Government didn't accused Russia directly",2008-06-01,2008-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Lithuania'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Political parties', '']]",,['Russia'],['Non-state-group'],['Hacktivist(s)'],1,,"Attribution given, type unclear",Media-based attribution,,,,,Russia,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2008/07/01/world/europe/01baltic.html', 'https://www.irishtimes.com/news/lithuania-accuses-russian-hackers-of-cyber-assault-after-collapse-of-over-300-websites-1.942155', 'https://www.zdnet.com/article/300-lithuanian-sites-hacked-by-russian-hackers/']"
85,GhostNet,Chinese hacker network GhostNet steals information from South and South East Asian government servers and from the Office of the Dalai Lama,2008-06-01,2009-03-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['China', 'United States', 'India', 'Vietnam', 'Taiwan', 'Bangladesh', 'Philippines', 'Hong Kong', 'Laos']","[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['NATO', 'NORTHAM'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS'], ['ASIA', 'SASIA'], ['ASIA', 'SCS', 'SEA'], ['ASIA'], ['ASIA', 'SEA']]","[['State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Media', 'Other'], ['State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Media', 'Other']]","[['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', '']]",['Ghostnet'],['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Ghostnet,China,Unknown - not attributed,,"['http://www.nartv.org/mirror/ghostnet.pdf', 'https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://de.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network', 'http://www.nartv.org/mirror/ghostnet.pdf', 'https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf']"
86,Longtime CIA campaign against China,"Chinese antivirus firm Qihoo 360 said CIA hackers have spent more than a decade breaking into the Chinese airline industry and other targets, a blunt allegation of American espionage from a Beijing-based firm.",2008-07-01,2019-09-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'Science', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', '', 'Telecommunications', 'Chemicals', 'Transportation']]",['CIA'],['United States'],['State'],,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,CIA,United States,State,,['https://blogs.360.cn/post/APT-C-39_CIA_EN.html'],International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-china-usa-cia-idUSKBN20Q2SI', 'https://blogs.360.cn/post/APT-C-39_CIA_EN.html']"
87,Cyberdomain Russia-Georgia War,"Different targets in Georgia were attacked, mostly with DDoS, in parallel with the Russo-Georgian War over South Ossetia and Abkhazia. Georgia accused Russia, but involvement of Russian government was contested at that time. The website of the Georgian Foreign Ministry was also affected, according to the ministry.",2008-07-20,2008-08-14,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Georgia'],"[['ASIA', 'CENTAS']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Energy', '', 'Legislative', 'Military', 'Telecommunications', 'Finance']]",,['Russia'],['State'],,3,2008-01-01; 2008-01-01; 2008-01-01,"Statement in media report and political statement/technical report; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by third-party,,,,,Russia; Russia; Russia,"State; Non-state actor, state-affiliation suggested; State",,"['https://www.nytimes.com/2008/08/13/technology/13cyber.html', 'https://www.reuters.com/article/us-georgia-ossetia-hackers/georgia-says-russian-hackers-block-govt-websites-idUSLB2050320080811', 'http://www.fistfulofgold.com/Documents/ProjectGreyGoose.pdf']",International power,International power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2008/08/13/technology/13cyber.html', 'http://www.cybertalkblog.co.uk/unlikely-that-russians-hacked-georgia-though-attacks-were-political/', 'https://www.newsweek.com/how-russia-may-have-attacked-georgias-internet-88111', 'https://www.reuters.com/article/us-georgia-ossetia-hackers/georgia-says-russian-hackers-block-govt-websites-idUSLB2050320080811', 'http://www.fistfulofgold.com/Documents/ProjectGreyGoose.pdf', 'https://www.telegraph.co.uk/news/worldnews/europe/georgia/2553058/Russia-continues-cyber-war-on-Georgia.html']"
88,Georgia vs. Russian Media 2008,DDoS attacks against RT and RIA Novosty in the middle of the Georgian Conflict 2008.,2008-08-10,2008-08-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'Media']]","[['Government / ministries', '']]",,['Georgia'],['Non-state-group'],['Hacktivist(s)'],1,,Statement in media report and political statement/technical report,Receiver attributes attacker,,,,,Georgia,Non-state-group,Hacktivist(s),[],International power; Secession,International power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://bits.blogs.nytimes.com/2008/08/11/georgia-takes-a-beating-in-the-cyberwar-with-russia/?mtrref=www.google.com']
89,APT-C-39 campaign against China,The American CIA spied on various companies in China over the years between 2008 and 2019,2008-09-01,2019-06-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science']]","[['Government / ministries', 'Energy', 'Telecommunications', 'Defence industry', '']]",['APT-C-39/CIA'],['United States'],['State'],,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT-C-39/CIA,United States,State,,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://blogs.360.cn/post/APT-C-39_CIA_EN.html']
90,Palin Doxxing,Alaska Governor and vice presidential candidate Sarah Palin's email account hacked by student David Kernell during the 2008 presidential election campaign and the gained materials posted.,2008-09-16,2008-09-16,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,[['Sarah Palin']],['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Political parties', '']]",['David Kernell'],['United States'],['Individual hacker(s)'],,1,,"Attribution given, type unclear",Media-based attribution,,,,David Kernell,United States,Individual hacker(s),,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.telegraph.co.uk/news/worldnews/sarah-palin/7750050/Sarah-Palin-vs-the-hacker.html', 'http://news.bbc.co.uk/2/hi/americas/7631225.stm', 'https://nypost.com/2008/09/19/dem-pols-son-was-hacker/', 'https://www.foxnews.com/us/palin-set-to-take-stand-in-tenn-hacking-trial']"
91,Agent.btz - US; Operation Buckshot Yankee (against the breach),"Classified and unclassified U.S. military networks were infected with worm Agent.btz, which spread at the computers of the DOD and CENTCOM. The worm is attributed to Russia, specifically by US Intelligence, and is associated with Turla, according to Kasperski lab analysis, though members of the US military involved in Operation Buckshot Yankee are reluctant to call agent.btz the work of a hostile government.",2008-10-01,2008-11-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],"['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']",['Russia'],['State'],,2,2008-01-01; 2008-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia; Russia,State; State,,"['https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf', 'https://www.wired.com/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy-attack/', 'https://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html', 'https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html?utm_term=.3da4823e8b45', 'http://articles.latimes.com/2008/nov/28/nation/na-cyberattack28', 'https://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/', 'https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf', 'https://www.technewsworld.com/story/70699.html', 'https://www.wired.com/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy-attack/', 'https://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html', 'https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln']"
92,Indian Hacktivists vs. Pakistan,"OGRAs Website hacked by Indian Hackers, named HMG.",2008-11-01,2008-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],,['Hindu Militant Group'],['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Hindu Militant Group,India,Non-state-group,Hacktivist(s),[],System / ideology,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://propakistani.pk/2008/11/18/ogra-defacement-or-welcome/']
93,Pakistan Hacktivists vs. India,"In response to an action by HMG, Indian scriptkiddie, who hacked OGRA’s website, A Pakistani Group called PCA (Pakistan CyberArmy) has reportedly hacked at least five Indian websites",2008-11-01,2008-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', '']]",['Pakistan Cyber Army'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pakistan Cyber Army,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://propakistani.pk/2008/11/24/here-we-go-again/']
94,Operation CastLead,"Israel began a military assault on Hamas’s infrastructure in Gaza on December 27, 2008, called “Operation CastLead.” A cyberbacklash by Arabic hackers targeted thousands of Israeli government and civilian Websites. In a later stage of the conflict, Anonymous was also involved.",2008-12-01,2012-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Other']]",,['Anonymous/Arabic Hackers'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous/Arabic Hackers,Unknown,Non-state-group,Hacktivist(s),['http://web.mit.edu/smadnick/www/wp/2017-10.pdf'],System / ideology; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://web.mit.edu/smadnick/www/wp/2017-10.pdf', 'http://web.mit.edu/smadnick/www/wp/2017-10.pdf']"
95,French embassy in Beijing Hack,"The website of the French embassy in Beijing has apparently come under a cyber-attack after President Nicolas Sarkozy outraged China by meeting Tibetan spiritual leader, the Dalai Lama.",2008-12-01,2008-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],,,['China'],['Non-state-group'],['Hacktivist(s)'],1,,"Attribution given, type unclear",Media-based attribution,,,,,China,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://zeenews.india.com/news/world/french-embassy-website-in-china-hacked_490316.html']
96,Gaza Offense Attack,"Israel's government website paralyzed by hackergroup, Israeli officials believe it may have been carried out by a criminal organization from the former Soviet Union, and paid for by Hamas or Hezbollah.",2009-01-01,2009-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Non-state-group'],['Criminal(s)'],1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Unknown,Non-state-group,Criminal(s),[],System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.haaretz.com/1.5065382']
97,Insurgent Drone Hack,"Iraqi insurgents hack US drones and intercept live video feeds, backing by Iran suggested",2009-01-01,2009-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],,['Iraq'],['Non-state-group'],['Private technology companies / hacking for hire groups without state affiliation / research entities'],1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,Iraq,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/world/2009/dec/17/skygrabber-american-drones-hacked']
98,Platinum Group,"Platinum has been targeting its victims since at least as early as 2009, and may have been active for several year sprior. Like many such groups, Platinum seeks to steal sensitive intellectual property related to government interests, but its range of preferred targets is consistently limited to specific governmental organizations, defense institutes, intelligence agencies, diplomatic institutions, and telecommunication providers in South and Southeast Asia.",2009-01-01,2016-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,"['Malaysia', 'Indonesia', 'China', 'Singapore', 'India', 'Thailand']","[['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['ASIA'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SEA']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', 'Defence industry', '', ''], ['Government / ministries', 'Defence industry', '', ''], ['Government / ministries', 'Defence industry', '', ''], ['Government / ministries', 'Defence industry', '', ''], ['Government / ministries', 'Defence industry', '', ''], ['Government / ministries', 'Defence industry', '', '']]",['Platinum'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Platinum,Unknown,Unknown - not attributed,,"['https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf', 'https://www.microsoft.com/security/blog/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/?source=mmpc']",Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf', 'https://www.microsoft.com/security/blog/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/?source=mmpc']"
99,Winnti Umbrella aka Axiom aka DeputyDog,Chinese State-Espionage Group Winnti Umbrella conducted espionage against targets since 2009.,2009-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"['United States', 'Japan', 'Korea, Republic of', 'Thailand', 'China']","[['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SEA'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', '']]","['Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\xa0Winnti Umbrella/G0044\xa0']",['China'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,,,,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China,"Non-state actor, state-affiliation suggested",,['https://401trg.com/burning-umbrella/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://401trg.com/burning-umbrella/']
100,NSA vs. Credit Card Companies,The NSA spied on various worldwide creditcard companies,2009-01-01,2013-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['Global (region)'],,[['Critical infrastructure']],[['Finance']],['NSA/Equation Group'],['United States'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
101,Project Mystic,The NSA accessed various worldwide communication networks and wire tapped the corresponding communications,2009-01-01,2013-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['Bahamas', 'Afghanistan', 'Mexico', 'Kenya', 'Philippines']","[[], ['ASIA', 'SASIA'], [], ['AFRICA', 'SSA'], ['ASIA', 'SCS', 'SEA']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Telecommunications'], ['Telecommunications'], ['Telecommunications'], ['Telecommunications'], ['Telecommunications']]",['NSA/Equation Group'],['United States'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://theintercept.com/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/']
102,DarkUniverse,Various civilian and military institutions were hacked by the Duke campaign via spear-phishing,2009-01-01,2017-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,"['Syria', 'Iran, Islamic Republic of', 'Afghanistan', 'Tanzania', 'Ethiopia', 'Sudan', 'Russia', 'Belarus', 'United Arab Emirates']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'SASIA'], ['AFRICA', 'SSA'], ['AFRICA', 'SSA'], ['AFRICA', 'MEA', 'NAF'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Military', 'Criminal', ''], ['Military', 'Criminal', ''], ['Military', 'Criminal', ''], ['Military', 'Criminal', ''], ['Military', 'Criminal', ''], ['Military', 'Criminal', ''], ['Military', 'Criminal', ''], ['Military', 'Criminal', ''], ['Military', 'Criminal', '']]",['DarkUniverse'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DarkUniverse,Unknown,Unknown - not attributed,,"['https://threatpost.com/darkuniverse-apt-targeted-spy-attacks/149927/', 'https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://threatpost.com/darkuniverse-apt-targeted-spy-attacks/149927/', 'https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/']"
103,Operation Troy,The Lazarus Group prepared with Operation Troy for the operation DarkSeoul in 2013,2009-01-01,2012-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Disruption; Hijacking with Misuse,,"['Korea, Republic of', 'United States']","[['ASIA', 'SCS', 'NEA'], ['NATO', 'NORTHAM']]","[['State institutions / political system'], ['State institutions / political system']]","[['Military'], ['Military']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,"['https://www.group-ib.com/blog/lazarus', 'https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf']",System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,Yes,One,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-dissecting-operation-troy.pdf', 'https://www.group-ib.com/blog/lazarus', 'https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf']"
104,Chinese Attack on South Korea 2009,South Korea’s primary intelligence agency claimed that China-based hackers stole confidential material from the country’s diplomatic and security services,2009-01-01,2009-01-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Intelligence agencies']]",,['China'],['Unknown - not attributed'],,1,,"Political statement / report (e.g., on government / state agency websites)",Receiver attributes attacker,,,,,China,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.fastcompany.com/1696014/south-koreas-power-structure-hacked-digital-trail-leads-china']
105,Duqu,"Stuxnet- related  malware Duqu targets industrial infrastructure targets around the world, especially in Iran.",2009-01-01,2011-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,,"['Iran, Islamic Republic of', 'France', 'Ukraine', 'Australia', 'Hungary', 'Netherlands', 'Indonesia', 'Spain', 'India', 'Switzerland']","[['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'EASTEU'], ['OC'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SCS', 'SEA'], ['EUROPE', 'NATO', 'EU'], ['ASIA', 'SASIA', 'SCO'], ['EUROPE', 'WESTEU']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,,['Unknown'],['State'],,1,2011-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,State,,['https://theintercept.com/2014/11/12/stuxnet/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf', 'https://www.crysys.hu/publications/files/bencsathPBF11duqu.pdf', 'https://theintercept.com/2014/11/12/stuxnet/']"
106,"Campaign ""Sandworm"" - 2009","A cyberespionage campaign believed to be based in Russia has been targeting government leaders and institutions for nearly five years, according to researchers with iSight Partners.",2009-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"['United States', 'Poland', 'Slovakia', 'Ukraine', 'Belgium']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'EASTEU'], ['EUROPE', 'EU', 'NATO', 'WESTEU']]","[['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Other'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Other'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Other'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Other'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Other']]","[['Military', '', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', ''], ['Military', '', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', ''], ['Military', '', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', ''], ['Military', '', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', ''], ['Military', '', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', '']]","['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.wired.com/2014/10/russian-sandworm-hack-isight/']
107,"Operation ""Snowglobe""","A collection of computer trojans that have been used since 2009 to steal data from government agencies, military contractors, media organizations and other companies is tied to cyber espionage malware possibly created by French intelligence agencies, according to a presentation by the Communications Security Establishment of Canada (until 2014 reffered to as CSEC), created in 2011 and revealed by Edward Snowden.",2009-01-01,2015-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['United States', 'Netherlands', 'Syria', 'Germany', 'Algeria', 'Russia', 'Spain', 'Iran, Islamic Republic of', 'China', 'Norway']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['AFRICA', 'NAF', 'MENA'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'NATO', 'EU'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['EUROPE', 'NATO', 'NORTHEU']]","[['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', '', '']]",['Snowglobe/Animal Farm'],['France'],['State'],,3,2011-01-01; 2015-03-06; 2015-01-01,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; IT-security community attributes attacker; Attribution by third-party,Communications Security Establishment Canada (CSEC); Kaspersky; nan,,Canada; Russia; nan,Snowglobe/Animal Farm; Snowglobe/Animal Farm; Snowglobe/Animal Farm,France; Unknown; France,State; Unknown - not attributed; State,,"['https://www.computerworld.com/article/2894379/cyberespionage-arsenal-could-be-tied-to-french-intelligence.html', 'https://www.cfr.org/interactive/cyber-operations/search?keys=Animal']",Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.computerworld.com/article/2894379/cyberespionage-arsenal-could-be-tied-to-french-intelligence.html', 'https://www.cfr.org/interactive/cyber-operations/search?keys=Animal']"
108,NSA vs. Chinese telecommunication (Operation Shotgiant),"The United States government (NSA) is hacking Chinese mobile phone companies, amongst others Huawei, since 2009 to gather data from millions of text messages",2009-01-01,2009-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['NSA/Equation Group'],['United States'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.telegraph.co.uk/news/worldnews/asia/hongkong/10137215/Edward-Snowden-claims-US-hacks-Chinese-phone-messages.html']
109,NSA vs. Tshinghua University (Operation Shotgiant),"The NSA is also hacking Tsinghua University, ""which is home to one of the mainland's six major backbone networks from where Internetdata from millions of Chinese citizens can be gathered""",2009-01-01,2013-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['Critical infrastructure', 'Science']]","[['Telecommunications', '']]",['NSA/Equation Group'],['United States'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
110,NSA vs. Pacnet (Operation Shotgiant),The NSA was hacking Asia Pacific fibre-optic network operator Pacnet to steal millions of text messages,2009-01-01,2009-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['Critical infrastructure']],[['Telecommunications']],['NSA/Equation Group'],['United States'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
111,Panama-Pegasus-Software,The president from Panama used the Pegasus Spyware to spy on members of the opposition in congress.,2009-01-01,2014-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['Panama'],[['CENTAM']],"[['State institutions / political system', 'Social groups', 'Social groups']]","[['Legislative', 'Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats']]",,['Panama'],['State'],,2,2017-01-01; 2017-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,,Panama; Panama,State; State,,['https://www.univision.com/univision-news/latin-america/growing-scandal-in-latin-america-over-pegasus-spy-hacking-program'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.univision.com/univision-news/latin-america/growing-scandal-in-latin-america-over-pegasus-spy-hacking-program']
112,DDOS against Kyrgyz Internet,Presumably Russian hackers conduct DDoS attack against Kyrgyz Internet server provider website,2009-01-18,2009-01-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Disruption,,['Kyrgyzstan'],"[['ASIA', 'CENTAS', 'CSTO', 'SCS']]",[['Critical infrastructure']],[['Telecommunications']],,['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2009-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Russia,"Non-state actor, state-affiliation suggested",,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.secureworks.com/blog/research-20957']
113,Chinese Attack against Bill Nelson,Chinese Hackers break into US Senator Bill Nelson's office computers,2009-02-01,2009-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Legislative']],,['China'],['Unknown - not attributed'],,1,,Statement in media report and political statement/technical report,Receiver attributes attacker,,,,,China,Unknown - not attributed,,['https://www.govinfosecurity.com/senator-office-computers-breached-a-1305'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cfr.org/interactive/cyber-operations/compromise-office-senator-ben-nelson', 'http://web.archive.org/web/20090323095526/http://www.cqpolitics.com/wmspage.cfm?docid=news-000003080993', 'https://www.govinfosecurity.com/senator-office-computers-breached-a-1305']"
114,FAA-Hack 2009,"FAA Computer Hacked, 45,000 Names Accessed, culprit unknown.",2009-02-04,2009-02-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,['https://fcw.com/articles/2009/02/23/faa-data-breach.aspx'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.crn.com/news/security/213402688/faa-computer-hacked-45000-names-accessed.htm?itc=refresh', 'https://fcw.com/articles/2009/02/23/faa-data-breach.aspx']"
115,Attack on US DHS,Unknown hackers steal personal data from US Homeland Security Information Network,2009-03-01,2009-04-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://fcw.com/articles/2009/05/13/web-dhs-hsin-intrusion-hack.aspx']
116,2chan Hack,"In march 2009, the Korean netizens mounted an attack on Japan’s largest Internet site, 2ch(www.2ch.net).",2009-03-01,2009-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,"['Korea, Republic of']",['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,"Korea, Republic of",Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.koreatimes.co.kr/www/news/nation/2010/08/113_71421.html']
117,Retaliation for 2chan Hack,Japanese Internet warriors assaulted the Website of the South Korea’s Presidential Office.,2009-03-01,2009-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],,,['Japan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Japan,Non-state-group,Hacktivist(s),['http://www.koreatimes.co.kr/www/news/nation/2010/08/113_71421.html'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.koreatimes.co.kr/www/news/nation/2010/08/113_71421.html']
118,Power Grid US Incident,"According to a Wall Street Journal report citing details from anonymous current and former US security officials, cyber spies have infiltrated the US power grid and left behind software programmes that could be used to disrupt the grid.
The threat actors are believed to have been on a mission to navigate the US power grid and its controls. While the intruders did not attempt to damage the power grid or other critical infrastructure, officials warned that they could try to do so in the event of a crisis or war.
The intruders were not detected by the companies responsible for the infrastructure, but by US intelligence agencies, officials said.
Officials said other infrastructure systems, such as water or sewage systems, were also at risk. 
",2009-04-01,2009-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking without Misuse,[['Not available']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Energy']],['Not available'],"['China', 'Russia']","['Non-state actor, state-affiliation suggested']",,1,2009-04-08; 2009-04-08,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,United States; United States,,China; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.fbiic.gov/public/2009/april/ElectricityGrid_in_U.S.PenetratedBySpies-WSJ.com.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,"['https://www.wsj.com/articles/SB123914805204099085', 'https://twitter.com/vmyths/status/1626657235047702543', 'https://www.computerworld.com/article/2524012/report--cybercriminals-have-penetrated-u-s--electrical-grid.html', 'https://www.fbiic.gov/public/2009/april/ElectricityGrid_in_U.S.PenetratedBySpies-WSJ.com.pdf']"
119,Operation Dreadnought,The NSA spied on the iranian leader Ayatollah Khamenei.,2009-05-01,2009-05-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],"['NSA/Equation Group', 'GCHQ']","['United States', 'United Kingdom']","['State', 'State']",,2,2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution; Media-based attribution; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ; NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ,United States; United Kingdom; United States; United Kingdom; United States; United Kingdom; United States; United Kingdom,State; State; State; State; State; State; State; State,,[],International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.nytimes.com/2013/11/03/world/no-morsel-too-minuscule-for-all-consuming-nsa.html?_r=0&pagewanted=all']
120,Fourth of July Incident,Presumably North Korea or pro-North Korean group(s) temporarily jams South Korean and US government and commercial websites.,2009-07-04,2009-07-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Disruption,,"['United States', 'Korea, Republic of']","[['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', '']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,2,2009-01-01; 2009-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/', 'https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf']",System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2009/07/09/technology/09cyber.html', 'https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/', 'https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf']"
121,Melbourne Film Festival Hack,Chinese hack Melbourne film festival site to protest at Uighur documentary,2009-07-25,2009-07-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Australia'],[['OC']],[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['China'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,China,Non-state-group,Hacktivist(s),"['https://www.theguardian.com/world/2009/jul/26/rebiya-kadeer-melbourne-film-china', 'https://freedomhouse.org/sites/default/files/FOTN2011.pdf']",System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/world/2009/jul/26/rebiya-kadeer-melbourne-film-china', 'https://freedomhouse.org/sites/default/files/FOTN2011.pdf']"
122,Russian DDOS against US companies,"Anti-Georgia Russian hackers may have been behind yesterday's global cyberattacks on Google, Facebook and Twitter. The organised webassaults completely shutdown socialnetworking site Twitter and disrupted access to Facebook—nearly a year to the day since the outbreak of the Georgia-Russia war.",2009-08-01,2009-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source),Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['Russia'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Russia,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.foxnews.com/story/russian-hackers-eyed-in-attack-on-twitter-google-and-facebook']
123,Longterm Proxy Hacking Campaign,"Two Chinese hackers were charged in 2020 to have operated a longterm hacking campaign against various targets in the western world, but mostly against the United States. Some of their attacks were on behalf of the Chinese MSS",2009-09-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['United States', 'Australia', 'Belgium', 'Germany', 'Japan', 'Lithuania', 'Spain', 'Korea, Republic of', 'Sweden', 'United Kingdom']","[['NATO', 'NORTHAM'], ['OC'], ['EUROPE', 'EU', 'NATO', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SCS', 'NEA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU'], ['ASIA', 'SCS', 'NEA'], ['EUROPE', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Unknown'], ['Unknown'], ['Unknown'], ['Unknown'], ['Unknown'], ['Unknown'], ['Unknown'], ['Unknown'], ['Unknown'], ['Unknown']]",,['MSS'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,MSS,China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.cyberdefensemagazine.com/us-doj-charged-two-chinese-hackers-working-with-mss/']
124,Doxxing of Climate Data,"Climate Gate Leaks: Russian security service presumabely leaks University of East Anglia ""Climate Gate"" e-mails about manipulating data concerning climate change",2009-11-01,2009-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Data theft & Doxing,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Science']],,,['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2009-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,,Russia,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.dailymail.co.uk/news/article-1233562/Emails-rocked-climate-change-campaign-leaked-Siberian-closed-city-university-built-KGB.html']
125,Operation Aurora,China hacks into Gmail accounts to steal intellectual property and to spy on Chinese humanrights activists. Later attributed to APT 17 aka DeputyDog.,2009-12-01,2010-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft; Hijacking with Misuse,,"['United States', 'China']","[['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,"['Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\xa0Winnti Umbrella/G0044\xa0']",['China'],"['Non-state actor, state-affiliation suggested']",,3,2010-01-01; 2010-01-01; 2010-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Receiver attributes attacker; IT-security community attributes attacker,,,,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ; Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ; Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China; China; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Unknown - not attributed",,"['https://401trg.com/burning-umbrella/', 'https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China', 'https://securityaffairs.co/wordpress/62376/APT /APT 17-hbo-hack.html', 'https://www.infopoint-security.de/medien/the-elderwood-project.pdf']",Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://401trg.com/burning-umbrella/', 'https://www.darkreading.com/attacks-and-breaches/google-aurora-hack-was-chinese-counterespionage-operation/d/d-id/1110060', 'https://googleblog.blogspot.com/2010/01/new-approach-to-china.html', 'https://www.wired.com/2010/01/operation-aurora/', 'https://www.theguardian.com/technology/2011/mar/01/morgan-stanley-chinese-hackers', 'https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China', 'https://securityaffairs.co/wordpress/62376/APT /APT 17-hbo-hack.html', 'https://www.infopoint-security.de/medien/the-elderwood-project.pdf', 'https://web.archive.org/web/20100116101958/http://www.state.gov/secretary/rm/2010/01/135105.htm', 'https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/']"
126,IXESHE,Numbered Panda spied on multiple east asian governments and companies. The campaign was characterized by a high usage of Zero-Days,2009-12-01,2012-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Taiwan', 'Eastern Asia (region)']","[['ASIA', 'SCS'], []]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['', 'Telecommunications', ''], ['', 'Telecommunications', '']]",,['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf']
127,The Flame,"The Stuxnet-related, yet much more sophisticated espionage virus programme ""The Flame"" is massively gathering cellphone data from individuals , state-related organizations or educational institutions",2010-01-01,2012-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of', 'Palestine', 'Sudan', 'Syria', 'Lebanon', 'Saudi Arabia', 'Egypt']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['AFRICA', 'MEA', 'NAF'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['MENA', 'MEA', 'AFRICA', 'NAF']]","[['State institutions / political system', 'End user(s) / specially protected groups'], ['State institutions / political system', 'End user(s) / specially protected groups'], ['State institutions / political system', 'End user(s) / specially protected groups'], ['State institutions / political system', 'End user(s) / specially protected groups'], ['State institutions / political system', 'End user(s) / specially protected groups'], ['State institutions / political system', 'End user(s) / specially protected groups'], ['State institutions / political system', 'End user(s) / specially protected groups']]","[['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', '']]",,['Unknown'],"['Non-state actor, state-affiliation suggested']",,3,2012-01-01; 2012-01-01; 2012-01-01; 2012-01-01; 2012-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Attribution given, type unclear; Attribution given, type unclear; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Media-based attribution; Media-based attribution; Attribution by third-party; Attribution by third-party,,,,,Unknown; Israel; United States; Israel; United States,"Non-state actor, state-affiliation suggested; State; State; State; State",,"['https://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html?utm_term=.d186a7b2276a', 'https://www.bbc.com/news/technology-18253331', 'https://www.nytimes.com/2012/05/30/world/middleeast/iran-confirms-cyber-attack-by-new-virus-called-flame.html']",International power,Unknown,,Unknown,,0,,,,,,Yes,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cbsnews.com/news/flame-computer-virus-strikes-middle-east-israel-speculation-continues/', 'https://securelist.com/the-flame-questions-and-answers-51/34344/', 'https://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html?utm_term=.d186a7b2276a', 'https://www.bbc.com/news/technology-18253331', 'https://www.nytimes.com/2012/05/30/world/middleeast/iran-confirms-cyber-attack-by-new-virus-called-flame.html']"
128,US-FDIC Hack,"The FBI is investigating how hackers infiltrated computers at the Federal Deposit Insurance Corporation for several years beginning in 2010 in a breach senior FDIC officials believe was sponsored by China’s military, people with knowledge of the matter said.",2010-01-01,2012-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],,,['China'],"['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,['https://www.reuters.com/article/us-usa-cyber-china-exclusive-idUSKBN14C1UJ'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-usa-cyber-china-exclusive-idUSKBN14C1UJ']
129,Malaysian Opposition Attacks,"Opposition websites such as the official site of the People’s Justice Party and the blog of its leader, Anwar Ibrahim, suffered DDoS attacks in 2010.",2010-01-01,2010-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,['Malaysia'],"[['ASIA', 'SCS', 'SEA']]","[['State institutions / political system', 'Social groups', 'Social groups']]","[['Political parties', 'Political opposition / dissidents / expats', 'Other social groups']]",,['Malaysia'],"['Non-state actor, state-affiliation suggested']",,1,2011-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Malaysia,"Non-state actor, state-affiliation suggested",,['https://freedomhouse.org/sites/default/files/FOTN2011.pdf'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://freedomhouse.org/sites/default/files/FOTN2011.pdf']
130,Turla aka Uroburos aka Snake 2010,"A cyberespionage campaign involving malware known as Wipbot and Turla has systematically targeted the governments and embassies of a number of former Eastern Bloc countries. It was linked by Gdata to the Russian attack named ""agent.btz"" on the US in 2008.",2010-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,['Eastern Europe'],,"[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', 'Military', '', '', '']]","['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia,"Non-state actor, state-affiliation suggested",,"['https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln', 'https://www.symantec.com/connect/blogs/turla-spying-tool-targets-governments-and-diplomats?SID=100098X1555750Xdf4d5a6a4ef66a0739b0faac73a709c2&API1=100&API2=3641000&cjid=3641000&cjevent=f3f3d539e9d811e981cb00950a180512', 'https://www.reuters.com/article/us-russia-cyberespionage-insight/suspected-russian-spyware-turla-targets-europe-united-states-idUSBREA260YI20140307']",International power,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://arstechnica.com/information-technology/2014/12/powerful-highly-stealthy-linux-trojan-may-have-infected-victims-for-years/', 'https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln', 'https://www.symantec.com/connect/blogs/turla-spying-tool-targets-governments-and-diplomats?SID=100098X1555750Xdf4d5a6a4ef66a0739b0faac73a709c2&API1=100&API2=3641000&cjid=3641000&cjevent=f3f3d539e9d811e981cb00950a180512', 'https://www.reuters.com/article/us-russia-cyberespionage-insight/suspected-russian-spyware-turla-targets-europe-united-states-idUSBREA260YI20140307']"
131,ISI-India Military Major-Hack,"A serving Inter-Services Intelligence (ISI) officer Major Sameer Ali hacked an Indian Army major's e-mail account in 2010 and extracted many sensitive documents, intelligence sources said.",2010-01-01,2010-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Military']],['Inter-Services Intelligence'],['Pakistan'],['State'],,1,2011-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,Inter-Services Intelligence,Pakistan,State,,[],Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/05/isi-pakistan-hack-email-account-of.html']
132,Operation Iron TigerPart1/Emissary Panda,"The Iron Tiger actors targeted the education industry in China, political dissidents in Hong Kong, government agencies in the Philippines, and political targets in Tibet back to 2010. The evidence revealed that they can be Chinese-speaking individuals. The choice of nickname shows ties to traditional cybercrime.",2010-01-01,2013-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"['China', 'Hong Kong', 'Philippines']","[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['ASIA'], ['ASIA', 'SCS', 'SEA']]","[['State institutions / political system', 'Social groups', 'Social groups', 'Other'], ['State institutions / political system', 'Social groups', 'Social groups', 'Other'], ['State institutions / political system', 'Social groups', 'Social groups', 'Other']]","[['', 'Ethnic', 'Political opposition / dissidents / expats', ''], ['', 'Ethnic', 'Political opposition / dissidents / expats', ''], ['', 'Ethnic', 'Political opposition / dissidents / expats', '']]",['Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.erai.com/CustomUploads/ca/wp/2015_12_wp_operation_iron_tiger.pdf', 'https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177']"
133,TurbinePanda,"Chinese intelligence officers and those working under their direction, which included hackers and co-opted company insiders, conducted or otherwise enabled repeated intrusions into private companies’ computer systems in the United States and abroad for over five years. The conspirators’ ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbo fan engine used in commercial airliners. Crowdstrike dubbed the Group ""TurbinePanda"".",2010-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by IT-security company; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['United States', 'United Kingdom', 'Germany', 'France']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Transportation', 'Defence industry', ''], ['Transportation', 'Defence industry', ''], ['Transportation', 'Defence industry', ''], ['Transportation', 'Defence industry', '']]","['APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau)', 'MSS/JSSD']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01; 2018-01-01; 2018-01-01,"Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD; APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD",China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal', 'https://www.justice.gov/opa/press-release/file/1106491/download']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://eromang.zataz.com/2013/01/02/capstone-turbine-corporation-also-targeted-in-the-cfr-watering-hole-attack-and-more/', 'https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/', 'https://www.csoonline.com/article/3445230/china-supported-c919-airliner-development-through-cyberespionage.html', 'https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal', 'https://www.justice.gov/opa/press-release/file/1106491/download']"
134,SqueakyDolphin,The british GCHQ spied on the users of the platforms of YouTube and Facebook,2010-01-01,2013-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Telecommunications', '']]",['GCHQ'],['United Kingdom'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://investigations.nbcnews.com/_news/2014/01/27/22469304-snowden-docs-reveal-british-spies-snooped-on-youtube-and-facebook']
135,Chinese Military Espionage against US Chamber of Commerce,Chinese hackers with connection to the Chinese military eavesdrop the US Chamber of Commerce,2010-01-01,2011-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['China'],"['Non-state actor, state-affiliation suggested']",,1,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,[],International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://abcnews.go.com/International/chinese-hack-us-chamber-commerce-authorities/story?id=15207642']
136,ElMachete,“Machete”is a targeted attack campaign with Spanish speaking roots. We believe this campaign started in 2010 and was renewed with an improved infrastructure in 2012.,2010-01-01,2014-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,"['Venezuela', 'Ecuador', 'Spain', 'Russia', 'Cuba', 'Colombia', 'Peru']","[['SOUTHAM'], [], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], [], ['SOUTHAM'], ['SOUTHAM']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military', 'Intelligence agencies', ''], ['Government / ministries', 'Military', 'Intelligence agencies', ''], ['Government / ministries', 'Military', 'Intelligence agencies', ''], ['Government / ministries', 'Military', 'Intelligence agencies', ''], ['Government / ministries', 'Military', 'Intelligence agencies', ''], ['Government / ministries', 'Military', 'Intelligence agencies', ''], ['Government / ministries', 'Military', 'Intelligence agencies', '']]",['El Machete'],['Brazil'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,El Machete,Brazil,Unknown - not attributed,,['https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/el-machete/66108/', 'https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html']"
137,Belgacom-Hack,"Documents from the archive of whistleblower Edward Snowden indicate that Britain's GCHQ intelligence service was behind a cyber attack against Belgacom, a partly state-owned Belgian telecoms company.",2010-01-01,2013-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Belgium'],"[['EUROPE', 'EU', 'NATO', 'WESTEU']]",[['Critical infrastructure']],[['Telecommunications']],['GCHQ'],['United Kingdom'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,,['https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html', 'https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/']"
138,Operation DustStorm,"Multi-year, multi-attack campaign against critical Infrastrucure companies mostly in Japan last years since 2015, but also in South Korea, U.S., Europe and countries in Southeast Asia, revealed by Cylance, partly using vulnerabilities, with purpose of long-term data exfiltration and theft. APT 1 has been attributed as a possible suspect.",2010-01-01,2015-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft,,"['Japan', 'Korea, Republic of', 'United States', 'Europe (region)', 'Southeast Asia (region)']","[['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'NEA'], ['NATO', 'NORTHAM'], [], []]","[['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Energy', 'Transportation', 'Finance', ''], ['Energy', 'Transportation', 'Finance', ''], ['Energy', 'Transportation', 'Finance', ''], ['Energy', 'Transportation', 'Finance', ''], ['Energy', 'Transportation', 'Finance', '']]","['APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)', 'PLA Unit 61398']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,1,2016-01-01; 2016-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,['https://threatpost.com/five-year-dust-storm-APT -campaign-targets-japanese-critical-infrastructure/116436/'],Unknown,Unknown,,Unknown,,0,,,,,,Yes,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.helpnetsecurity.com/2016/02/24/japanese-critical-infrastructure-under-targeted-attack/', 'https://threatpost.com/five-year-dust-storm-APT -campaign-targets-japanese-critical-infrastructure/116436/']"
139,Operation Hangover,Private hackers spy on targets with national security interests and privatesector,2010-01-01,2013-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,"['Pakistan', 'Iran, Islamic Republic of', 'United States', 'Norway', 'United Arab Emirates']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'MENA', 'MEA'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'NORTHEU'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['', 'Telecommunications', ''], ['', 'Telecommunications', ''], ['', 'Telecommunications', ''], ['', 'Telecommunications', ''], ['', 'Telecommunications', '']]",,['India'],['Non-state-group'],['Criminal(s)'],1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,India,Non-state-group,Criminal(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Norman_HangOver%20report_Executive%20Summary_042513.pdf', 'https://www.symantec.com/connect/blogs/operation-hangover-qa-attacks']"
140,Anonymous vs. Australian Parliament,Anonymous disrupts Australian Parliament website in protest of online filter,2010-02-10,2010-02-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Australia'],[['OC']],[['State institutions / political system']],[['Legislative']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.pcworld.com/article/189023/article.html']
141,Bauxit War,"Vietnamese malware infects Vietnamese computers to disrupt and spy on their owners trying to squelch opposition to Chinese bauxite mining efforts in Vietnam, according to Human Rights Watch and McAfee.",2010-03-01,2010-03-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by IT-security company; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Disruption; Hijacking with Misuse,,['Vietnam'],"[['ASIA', 'SCS', 'SEA']]","[['Social groups', 'Social groups']]","[['Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats']]",,['Vietnam'],['Non-state-group'],['Hacktivist(s)'],3,2010-01-01; 2010-01-01; 2010-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Political statement / report (e.g., on government / state agency websites)",IT-security community attributes attacker; Media-based attribution; Attribution by third-party,,,,,Vietnam; Vietnam; Vietnam,Non-state-group; State; State,Hacktivist(s); ; ,['https://www.hrw.org/news/2010/05/26/vietnam-stop-cyber-attacks-against-online-critics'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://security.googleblog.com/2010/03/chilling-effects-of-malware.html', 'https://www.hrw.org/news/2010/05/26/vietnam-stop-cyber-attacks-against-online-critics']"
142,RioTinto hacks,"Chinese hackers into RioTinto IT system to target key employees and to steal valuable company information, allegedly to gain competition advantage",2010-03-01,2010-03-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft,,"['United Kingdom', 'Australia']","[['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['OC']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,,['China'],['State'],,2,2018-01-01; 2018-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Media-based attribution,,,,,China; China,State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.itnews.com.au/news/abc-fingers-china-over-cyber-attacks-172554']
143,Government Income Leak,Hackers leak the real incomes of Latvian government officals,2010-03-01,2010-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Latvia'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],['People’s Army of the Fourth Awakening (Latvia)'],['Latvia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,People’s Army of the Fourth Awakening (Latvia),Latvia,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://hackertarget.com/when-neo-hacked-the-latvian-srs-database/']
144,Chinese Espionage against US-Mail,"China's cyber spies have accessed the private emails of “many”top Obama administration officials ,according to a senior U.S. intelligence official and a top secret document obtained by NBC News,and have been doing so since at least April 2010.",2010-04-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['Dancing Panda/Legion Amethyst'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2015-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,Dancing Panda/Legion Amethyst,China,"Non-state actor, state-affiliation suggested",,['https://www.nbcnews.com/news/us-news/china-read-emails-top-us-officials-n406046'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/world/2015/aug/10/chinese-national-security-officials-hack', 'https://www.nbcnews.com/news/us-news/china-read-emails-top-us-officials-n406046']"
145,The great SIM Heist,The British GCHQ and the American NSA stole certificates from the most important sim manufacturer.,2010-04-01,2010-07-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Netherlands'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Critical infrastructure']],[['Telecommunications']],"['NSA/Equation Group', 'GCHQ']","['United States', 'United Kingdom']","['State', 'State']",,2,2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution; Media-based attribution; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ; NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ,United States; United Kingdom; United States; United Kingdom; United States; United Kingdom; United States; United Kingdom,State; State; State; State; State; State; State; State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://theintercept.com/2015/02/19/great-sim-heist/']
146,Shadow Network,Chinese spies steel topsecret files from the Indian Defence Ministry and obtain emails from Dalai Lama office servers,2010-04-02,2010-04-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['India', 'China', 'United Nations Organization']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], []]","[['State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['', '', 'Religious', '', ''], ['', '', 'Religious', '', ''], ['', '', 'Religious', '', '']]",,['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,China,Unknown - not attributed,,['https://citizenlab.ca/wp-content/uploads/2017/05/shadows-in-the-cloud.pdf'],System / ideology; Resources; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/technology/2010/apr/06/cyber-spies-china-target-india', 'https://economictimes.indiatimes.com/tech/internet/china-rejects-allegations-of-hacking-indian-defence-websites/articleshow/5767336.cms', 'https://citizenlab.ca/wp-content/uploads/2017/05/shadows-in-the-cloud.pdf']"
147,Chinese Hack into South Korean military networks 2010,"Chinese computer hackers last June gained access to secret South Korean military files on a planned spy plane purchase from the United States, a Seoul law maker says.",2010-06-01,2010-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Military']],,['China'],"['Non-state actor, state-affiliation suggested']",,1,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/03/china-hackers-hacked-into-secret-south.html']
148,GCHQ vs. Al-Qaida newspaper,"White hall sources have revealed that British intelligence officers successfully sabotaged the launch of the first English language website set up by an al-Qaida affiliate. The officers, understood to be based at Government Communications Headquarters (GCHQ) in Cheltenham, attacked an online jihadist magazine in English called Inspire, devised by supporters of al-Qaida in the Arabian Peninsula.",2010-06-01,2010-06-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Disruption,,['Yemen'],"[['ASIA', 'MENA', 'MEA']]",[['Social groups']],[['Terrorist']],['GCHQ'],['United Kingdom'],['State'],,1,2011-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,GCHQ,United Kingdom,State,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/uk/2011/jun/02/british-intelligence-ruins-al-qaida-website']
149,Turkey Censor Protest,"The websites of the Ministry of Transportation, the Information and Communication Technologies Authority and the Telecommunications Communication Presidency have been inaccessible. These three state bodies are responsible for internet censorship and have been the principal actors behind attempts to block access to YouTube and Google-related services in Turkey.",2010-06-18,2018-10-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Civil service / administration', '']]",,['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Turkey,Non-state-group,Hacktivist(s),['https://freedomhouse.org/sites/default/files/FOTN2011.pdf'],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://freedomhouse.org/sites/default/files/FOTN2011.pdf', 'https://www.theregister.co.uk/2010/06/18/turkey_dos_attack/']"
150,Italian Intelligence agency steals sensitive defence data from Indian Embassy,Italian Intelligence agency steals sensitive defence data from Indian Embassy,2010-06-22,2010-06-22,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],,['Italian cyber police - National Anti-Crime Computer Centre for Critical Infrastructure Protection(CNAIPIC)'],['Italy'],['State'],,2,2011-01-01; 2011-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,,,Italian cyber police - National Anti-Crime Computer Centre for Critical Infrastructure Protection(CNAIPIC); Italian cyber police - National Anti-Crime Computer Centre for Critical Infrastructure Protection(CNAIPIC),Italy; Italy,State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/08/italian-intelligence-agency-cnaipic.html']
151,BKA Doxxing,Unknown hackers hack into German Federal Police and Customs computers and publish stolen documents online,2010-09-01,2010-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Military']],['noname-crew'],['Unknown'],['Unknown - not attributed'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,noname-crew,Unknown,Unknown - not attributed,,['https://www.focus.de/digital/computer/tid-22964/angriff-auf-zoll-computer-hacker-ueberlisten-antiviren-software_aid_646219.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.infosecurity-magazine.com/news/hackers-infiltrate-german-police-and-customs/', 'https://www.heise.de/security/meldung/Server-der-Bundespolizei-ausspioniert-1276055.html', 'https://www.focus.de/digital/computer/tid-22964/angriff-auf-zoll-computer-hacker-ueberlisten-antiviren-software_aid_646219.html']"
152,Anonymous Copyright Operation,Piracy activists have carried out coordinated attacks on websites owned by the music and film industry. The attacks were declared on notorious message-board 4chan and were reportedly in retaliation for anti-piracy efforts against file-sharing websites.,2010-09-01,2010-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['United States', 'United Kingdom', 'Australia', 'Spain']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['OC'], ['EUROPE', 'NATO', 'EU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theregister.co.uk/2010/10/07/anonymous_ent_biz_ddos_hits_spain/', 'https://www.theregister.co.uk/2010/10/04/ministry_of_sound_ddos/', 'https://www.theregister.co.uk/2010/09/22/acs_4chan/', 'https://www.bbc.com/news/technology-11371315', 'https://www.itnews.com.au/news/operation-payback-directs-ddos-attack-at-afact-233573']"
153,Myanmar Election DDoS,"An ongoing computerattack has knocked Burma off the internet, just days ahead of its first election in 20 years. More over, Burmese exiled mediagroups are calling for international support in ending cyberattacks that have crippled two news websites over the past week.The Democratic Voice of Burma (DVB) and TheIrrawaddy magazine, which provide independent coverage of current affairs in Burma,have been the target of intense attacks which it is believed originate from the Burmese government.",2010-09-27,2010-11-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,"['Myanmar', 'Thailand']","[['ASIA', 'SEA'], ['ASIA', 'SEA']]","[['State institutions / political system', 'Critical infrastructure', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Media']]","[['Government / ministries', 'Telecommunications', ''], ['Government / ministries', 'Telecommunications', '']]",,['Myanmar'],['State'],,1,2010-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,,,,Myanmar,State,,[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.bbc.com/news/technology-11693214']
154,Stealing the NASDAQ,"Hackers, most likely from Russia, manage to hack into NASDAQ and plant malware that let several hackergroups operate freely ;another allegations states that the Russian hackers tried to clone the NASDAQ",2010-10-01,2010-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking without Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Finance']],,['Russia'],"['Non-state actor, state-affiliation suggested']",,2,2014-01-01; 2014-01-01,"Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Media-based attribution,,,,,Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://arstechnica.com/information-technology/2014/07/how-elite-hackers-almost-stole-the-nasdaq/', 'https://www.wired.com/2011/03/nsa-investigates-nasdaq-hack/', 'https://web.archive.org/web/20170712031930/https://www.bloomberg.com/news/articles/2014-07-17/how-russian-hackers-stole-the-nasdaq']"
155,Wikileaks DDoS,It's possible that the DDoS against Wikileaks was orchestrated by a government in effort to retaliate against the leak and disrupt access to the documents.,2010-11-30,2010-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Disruption,,['Sweden'],"[['EUROPE', 'EU', 'NORTHEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]",,,['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2010-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://arstechnica.com/information-technology/2010/11/wikileaks-moves-to-amazons-cloud-to-evade-massive-ddos/']
156,French Ministry of Finance Hack,Unknown hackers hack into French Finance ministry to get information about France's G20 presidency,2010-12-01,2011-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],,['China'],"['Non-state actor, state-affiliation suggested']",,1,2011-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,,,,China,"Non-state actor, state-affiliation suggested",,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://spectrum.ieee.org/riskfactor/telecom/internet/spectacular-cyber-attack-gains-access-to-frances-g20-files']
157,Infiltration of British Foreign Office,Unknown hackers infiltrates British Foreign Office's staff computers with a data-stealing viruses,2010-12-01,2010-12-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/technology/2011/feb/06/hacking-william-hague-munich']
158,Pakistani Hackers vs. India,Pakistani hackergroup shuts down Indian Central Bureau of Investigation website,2010-12-03,2010-12-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Police']],['Pakistani Cyber Army'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pakistani Cyber Army,Pakistan,Non-state-group,Hacktivist(s),[],Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.aljazeera.com/news/asia/2010/12/20101241373583977.html']
159,"Operation ""Payback""","Hackers attack Mastercard, Visa and Postfinance in the so-called ""Operation Payback"" because of the banks refusal to transfer money to Wikileaks accounts.",2010-12-08,2010-12-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['United States', 'Switzerland']","[['NATO', 'NORTHAM'], ['EUROPE', 'WESTEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['Anonymous/4Chan'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous/4Chan,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.spiegel.de/netzwelt/web/operation-payback-hacker-grossangriff-auf-mastercard-visa-co-a-733520.html']
160,Retaliation for Kim Jong Il Hack,"In recent days hackers from the South have poked fun at the Kim dynasty, rulers of NorthKorea for more than 60 years, and their Northern counter parts retaliated by temporarily disabling a popular South Korean website suspected of being behind the attacks.",2011-01-01,2011-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,"[""Korea, Democratic People's Republic of""]",['State'],,1,2011-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,,,,"Korea, Democratic People's Republic of",State,,['https://www.theguardian.com/world/2011/jan/11/korea-hackers-mount-cyber-skirmishes'],System / ideology,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/world/2011/jan/11/korea-hackers-mount-cyber-skirmishes']
161,Ke3chang aka APT 15,"As the crisis in Syria escalates, Fire Eye researchers have discovered a cyberespionage campaign, which is called “Ke3chang,” that falsely advertises information updates about the ongoing crisis to compromise MFA networks in Europe",2011-01-01,2014-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,['Europe (region)'],,"[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Energy', 'Defence industry', '']]",['Ke3chang/Vixen Panda/APT 15'],['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Ke3chang/Vixen Panda/APT 15,China,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf']
162,Longhorn Group,"Spying tools and operational protocols of the CIA, detailed in the recent Vault 7 leak have been used in cyberattacks against at least 40 targets in 16 different countries by a group Symantec calls Longhorn, Chinese IT Company Qi'anxin Threat Intelligence Center directly refers to it in its report as the CIA tools.",2011-01-01,2017-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['EU (region)', 'Mena Region (region)', 'Asia (region)', 'Africa', 'China']","[['EU'], [], [], [], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', ''], ['Government / ministries', '', '', '', '']]","['Longhorn/The Lamberts', 'CIA']","['United States', 'United States']","['State', 'State']",,1,2017-01-01; 2017-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Longhorn/The Lamberts; CIA,United States; United States,State; State,,"['https://www.bankinfosecurity.com/symantec-links-longhorn-group-to-cia-hacking-files-a-9824', 'https://www.bleepingcomputer.com/news/security/longhorn-cyber-espionage-group-is-actually-the-cia/']",International power,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bankinfosecurity.com/symantec-links-longhorn-group-to-cia-hacking-files-a-9824', 'https://www.bleepingcomputer.com/news/security/longhorn-cyber-espionage-group-is-actually-the-cia/']"
163,First Phase Dragonfly aka EnergeticBear (2011-2014),"The Dragonfly group, which is also known by other vendors as EnergeticBear, appears to have been in operation since at least 2011 and may have been active even longer than that. Dragonfly initially targeted defense and aviation companies in the US and Canada before shifting its focus mainly to US and European energy firms in early 2013. In their campaign against companies and organizations in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies. they used the malware ""Havex"". 
An US indictment from August 26, 2021 charged three Russian hackers from the Military Unit 71330 or “Center 16” of the FSB for the campaign. ",2011-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Canada']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM']]","[['Critical infrastructure'], ['Critical infrastructure']]","[['Defence industry'], ['Defence industry']]","['Pavel Aleksandrovich Akulov (FSB, Center 16, Military Unit 71330)', 'Mikhail Mikhailovich Gavrilov (FSB, Center 16, Military Unit 71330)', 'Marat Valeryevich Tyukov (FSB, Center 16, Military Unit 71330)']","['Russia', 'Russia', 'Russia']","['State', 'State', 'State']",,2,2022-03-24; 2022-03-24; 2022-03-24; 2014-07-07,"Domestic legal action; Domestic legal action; Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker,US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); Symantec,,United States; United States; United States; United States,"Pavel Aleksandrovich Akulov (FSB, Center 16, Military Unit 71330); Mikhail Mikhailovich Gavrilov (FSB, Center 16, Military Unit 71330); Marat Valeryevich Tyukov (FSB, Center 16, Military Unit 71330); Energetic Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035 (FSB, 16th Center)",Russia; Russia; Russia; Not available,State; State; State; Unknown - not attributed,,"['https://www.reuters.com/article/us-usa-russia-sanctions-energygrid/in-a-first-u-s-blames-russia-for-cyber-attacks-on-energy-grid-idUSKCN1GR2G3', 'https://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical', 'https://www.reuters.com/article/us-usa-russia-sanctions-energygrid/in-a-first-u-s-blames-russia-for-cyber-attacks-on-energy-grid-idUSKCN1GR2G3', 'https://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html', 'https://www.theguardian.com/world/2022/mar/24/us-charges-russian-hackers-cyber-attacks', 'https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers']"
164,The Jasmine Revolution,"Tunisia’s Jasmine Revolution included the hacking of user names and passwords for the entire online population of Tunisia by AMMAR, the country’s government-run Internet Services Provider.",2011-01-01,2011-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft,,['Tunisia'],"[['AFRICA', 'NAF', 'MENA']]",[['End user(s) / specially protected groups']],,['AMMAR'],['Tunisia'],['State'],,1,2011-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,AMMAR,Tunisia,State,,['http://web.mit.edu/smadnick/www/wp/2017-10.pdf'],National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://web.mit.edu/smadnick/www/wp/2017-10.pdf', 'https://cpj.org/blog/2011/01/tunisia-invades-censors-facebook-other-accounts.php']"
165,Winnti vs. Gaming Industry,"According to Kasperskys estimations, the Chinese Winnti Group has been active for several years and specializes in cyberattacks against the online video game industry. The group’s main objective is to steal sourcecodes for online game projects as well as the digital certificates of legitimate software vendors. In addition, they are very interested in how network infrastructure (including the production of gaming servers) is setup, and new developments such as conceptual ideas, design and more.",2011-01-01,2013-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,['Global (region)'],,[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://401trg.com/burning-umbrella/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://401trg.com/burning-umbrella/', 'https://securelist.com/winnti-more-than-just-a-game/37029/']"
166,Winnti vs. Korean Social Media,South Korea has blamed Chinese hackers (according to an IT company the Winnti Group) for stealing data from 35 million accounts on a popular social network.,2011-01-01,2011-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2018-01-01; 2018-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044; APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://401trg.com/burning-umbrella/', 'https://securelist.com/winnti-more-than-just-a-game/37029/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://401trg.com/burning-umbrella/', 'https://securelist.com/winnti-more-than-just-a-game/37029/', 'https://www.bbc.com/news/technology-14323787']"
167,Attack against Moodys,An APT  linked to Chinese military attacked the American rating agency moodys.,2011-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Finance']],"['APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)', 'Boyusec']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01,"Domestic legal action; Domestic legal action; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by third-party; Attribution by third-party,,,,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Boyusec; APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Boyusec",China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/'],International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.justice.gov/opa/pr/us-charges-three-chinese-hackers-who-work-internet-security-firm-hacking-three-corporations', 'https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/']"
168,MagicKitten vs. Iranian Activists outside Iran,"The Iranian APT MagicKitten started a phishing campaign against Iranian exile activists, trying to access their data. Those attacks continued at least until mid 2013.",2011-01-01,2013-07-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['United States', 'Canada', 'Europe (region)', 'Mena Region (region)']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], [], []]","[['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure']]","[['', 'Telecommunications'], ['', 'Telecommunications'], ['', 'Telecommunications'], ['', 'Telecommunications']]",['Magic Kitten/Group 42'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2013-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,,,,Magic Kitten/Group 42,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/'],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://carnegieendowment.org/files/Iran_Cyber_Final_Full_v2.pdf', 'https://security.googleblog.com/2013/06/iranian-phishing-on-rise-as-elections.html', 'https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/']"
169,Dagger Pandas East Asian Campaign,"A new APT-Dagger Panda-emerged against the nations of South Korea, Japan and Taiwan, attacking their government(espacially)military networks with spearphishing",2011-01-01,2013-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Taiwan', 'Korea, Republic of', 'Japan']","[['ASIA', 'SCS'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Media', 'Science']]","[['Government / ministries', 'Military', 'Telecommunications', 'Defence industry', '', ''], ['Government / ministries', 'Military', 'Telecommunications', 'Defence industry', '', ''], ['Government / ministries', 'Military', 'Telecommunications', 'Defence industry', '', '']]",,['Unknown'],['Non-state-group'],['Private technology companies / hacking for hire groups without state affiliation / research entities'],1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securelist.com/the-icefog-apt-a-tale-of-cloak-and-three-daggers/57331/']
170,BlackEnergy usage against American SCADA Systems,"The U.S. Department of Homeland Security issued an updated alert last week stating that a variant of the BlackEnergy malware had infiltrated the SCADA systems that control critical infrastructure, including oil and gas pipelines, water distribution systems and the power grid. ABC News reported that national security experts believe hackers sponsored by the Russian government are responsible.",2011-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Hijacking without Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Critical infrastructure']]","[['Energy', 'Water']]","['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2014-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,['https://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.greentechmedia.com/articles/read/dhs-russian-hackers-infiltrated-us-energy-infrastructure#gs.fWFJYmqF', 'https://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476']"
171,Operation Ababil,"The hackergroup Cyberfighters of IzzAd-Din AlQassam attacks US American banks in a third wave of attacks, protesting an islamophobic video on youtube. The alleged hackers indicted in 2016 are believed to be responsible for the distributed denial-of-service (DDoS) attacks launched against 46 U.S. banks between late 2011 and mid-2013. One of the suspects, Hamid Firoozi, has also been charged in connection to a hackerattack targeting the Bowman DaminRye, NewYork. Authorities said here peatedly breached the dam's computersystems between August and September 2013, allowing him to obtain information about the status and operation of the facility.",2011-01-01,2011-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption; Hijacking without Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Critical infrastructure']]","[['Energy', 'Finance']]",['Cyber fighters of Izz Ad-Din Al Qassam/ITSec Company/Mersad (IRGC)'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,2,2012-01-01; 2012-01-01,"Statement in media report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,Cyber fighters of Izz Ad-Din Al Qassam/ITSec Company/Mersad (IRGC); Cyber fighters of Izz Ad-Din Al Qassam/ITSec Company/Mersad (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.justice.gov/opa/file/834996/download', 'https://www.recordedfuture.com/iran-hacker-hierarchy/', 'http://www.startribune.com/group-halts-bank-cyberattacks/188944711/?refer=y', 'https://www.forbes.com/sites/thomasbrewster/2017/09/20/iran-hacker-crew-apt33-heading-for-destructive-cyberattacks/#38b0b8454a48', 'https://www.washingtonpost.com/world/national-security/iran-blamed-for-cyberattacks/2012/09/21/afbe2be4-0412-11e2-9b24-ff730c7f6312_story.html']",System / ideology; International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.justice.gov/opa/file/834996/download', 'https://www.recordedfuture.com/iran-hacker-hierarchy/', 'http://www.startribune.com/group-halts-bank-cyberattacks/188944711/?refer=y', 'https://www.forbes.com/sites/thomasbrewster/2017/09/20/iran-hacker-crew-apt33-heading-for-destructive-cyberattacks/#38b0b8454a48', 'https://www.washingtonpost.com/world/national-security/iran-blamed-for-cyberattacks/2012/09/21/afbe2be4-0412-11e2-9b24-ff730c7f6312_story.html', 'https://www.darkreading.com/attacks-breaches/to-safeguard-critical-infrastructure-go-back-to-basics']"
172,Countering the Hacktivists,Hacker collectives Anonymous and LulzSec have both been the targets of cyber attacks by UK government spy agency GCHQ,2011-01-01,2011-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,['Unknown'],,[['Social groups']],[['Hacktivist']],['GCHQ'],['United Kingdom'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,,[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.bbc.com/news/technology-26049448', 'http://www.wired.co.uk/article/gchq-ddos-attack-anonymous']"
173,E-Mail Theft of Australian Parliament,Hackers have broken into Federal Parliamentary email accounts to gain access to emails between ministers and Australian companies mining in China.,2011-01-01,2011-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,['Australia'],[['OC']],"[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'State institutions / political system']]","[['Government / ministries', '', 'Legislative']]",,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.australianmining.com.au/news/chinese-hack-australian-miners-emails/']
174,Operation Newscaster (aka CharmingKitten),"Iranian hackers use social engineering tactics and other hacking tools to access socialmedia accounts and accounts on other platforms of high-ranking officials, personnel and communityleader, accessing vast amounts of confidential data.The group has been later linked to the Iranian government under the name CharmingKitten.",2011-01-01,2014-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Saudi Arabia', 'Israel', 'Yemen', 'Venezuela', 'United States', 'Iraq', 'United Kingdom', 'Afghanistan', 'Kuwait', 'Egypt']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['SOUTHAM'], ['NATO', 'NORTHAM'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'SASIA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['MENA', 'MEA', 'AFRICA', 'NAF']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Legislative', 'Military', ''], ['Government / ministries', 'Legislative', 'Military', ''], ['Government / ministries', 'Legislative', 'Military', ''], ['Government / ministries', 'Legislative', 'Military', ''], ['Government / ministries', 'Legislative', 'Military', ''], ['Government / ministries', 'Legislative', 'Military', ''], ['Government / ministries', 'Legislative', 'Military', ''], ['Government / ministries', 'Legislative', 'Military', ''], ['Government / ministries', 'Legislative', 'Military', ''], ['Government / ministries', 'Legislative', 'Military', '']]",['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://cyber-peace.org/wp-content/uploads/2014/08/NEWSCASTER-An-Iranian-Threat-Inside-Social-Media-iSIGHT-Partners.pdf', 'https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/iran-hackers/rpt-iranian-hackers-use-fake-facebook-accounts-to-spy-on-u-s-others-idUSL1N0OF06R20140529', 'https://www.timesofisrael.com/iran-spied-on-israel-saudi-arabia-with-major-cyberattack/', 'https://cyber-peace.org/wp-content/uploads/2014/08/NEWSCASTER-An-Iranian-Threat-Inside-Social-Media-iSIGHT-Partners.pdf', 'https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf']"
175,RSA breached,"RSA is hacked with a Trojanhorse and Secure ID Token, its security technology in use by several governments and private firms around the globe. RSA later states that two probably state-sponsored groups intiated the attack, U.S. government and parts of the IT security community make China responsible.",2011-01-01,2011-03-17,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['China'],['State'],,2,2011-01-01; 2011-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Receiver attributes attacker,,,,,China; China,State; State,,"['https://nakedsecurity.sophos.com/2011/10/11/rsa-blames-nation-state-attack/', 'https://www.darkreading.com/attacks-breaches/china-hacked-rsa-us-official-says/d/d-id/1137409', 'https://www.security-insider.de/so-knackten-hacker-die-sicherheit-bei-rsa-und-lockheed-martin-a-393338/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://searchsecurity.techtarget.com/magazineContent/The-RSA-breach-One-year-later', 'https://nakedsecurity.sophos.com/2011/10/11/rsa-blames-nation-state-attack/', 'https://nakedsecurity.sophos.com/2011/03/18/security-firm-rsa-warns-that-its-servers-have-been-hacked/', 'https://www.darkreading.com/attacks-breaches/china-hacked-rsa-us-official-says/d/d-id/1137409', 'https://www.vanityfair.com/news/2011/09/chinese-hacking-201109', 'https://www.security-insider.de/so-knackten-hacker-die-sicherheit-bei-rsa-und-lockheed-martin-a-393338/']"
176,Phishing Norways National Security Authority,"Norway's National Security Authority (NSM) on Friday confirmed that systems associated with the country's energy and defence sectors were hit with a cyber attack, resulting in a loss of sensitive information.",2011-01-01,2011-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,['Norway'],"[['EUROPE', 'NATO', 'NORTHEU']]","[['Critical infrastructure', 'Critical infrastructure']]","[['Energy', 'Defence industry']]",,['Unknown'],['Unknown - not attributed'],,1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://uk.pcmag.com/news/114528/norway-cyber-attack-targets-countrys-oil-gas-systems']
177,Citigroup hacked,"Citigroup Inc. C 0.01% plans to send replacement credit cards to about 100,000 North American customers after its systems were breached by a hacking attack affecting about 200,000 accounts. Possibly the attack was even worse, leading to a breach of up to 300.000 Creditcards",2011-01-01,2011-01-01,"Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]",,,['Unknown'],['Non-state-group'],['Criminal(s)'],1,,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Unknown,Non-state-group,Criminal(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.huffingtonpost.com/2011/06/27/citigroup-hack_n_885045.html', 'https://www.reuters.com/article/us-citi/regulators-pressure-banks-after-citi-data-breach-idUSTRE7580TM20110609']"
178,APT 6 vs. US government,"The feds warned that ""a group of malicious cyber actors,"" whom security experts believe to be the government-sponsored hacking group known as APT 6, ""have compromised and stolen sensitive information from various government and commercial networks"" since at least 2011, according to an FBI alert obtained by Motherboard.",2011-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]",['APT 6'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",3,2016-01-01; 2016-01-01; 2016-01-01,"Political statement / report (e.g., on government / state agency websites); Attribution given, type unclear; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Media-based attribution; IT-security community attributes attacker,,,,APT 6; APT 6; APT 6,China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://motherboard.vice.com/en_us/article/qkjkxv/fbi-flash-alert-hacking-group-has-had-access-to-us-govt-files-for-years']
179,Attack on various Australian Networks,Australian government computer networks breached in cyber attacks by Chinese hackers,2011-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft,,['Australia'],[['OC']],[['State institutions / political system']],[['Government / ministries']],,['China'],"['Non-state actor, state-affiliation suggested']",,2,2016-01-01; 2016-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Attribution given, type unclear",Attribution by receiver government / state entity; Media-based attribution,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.abc.net.au/news/2016-08-29/chinese-hackers-behind-defence-austrade-security-breaches/7790166']
180,IMF Hack,"The International Monetary Fund (IMF) is investigating a serious cyber-attack in which some of its systems were compromised and used to access internal data. Security experts said the source seemed to be a ""nation state""aiming to gain a ""digital insider presence""on the network of the IMF",2011-01-01,2011-06-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,[['International Monetary Fund (IMF) ']],['United States'],"[['NATO', 'NORTHAM']]",[['International / supranational organization']],,,['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution,,,,,Unknown,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-imf-cyberattack/imf-cyber-attack-aimed-to-steal-insider-information-expert-idUSTRE75A20720110612', 'https://www.theguardian.com/business/2011/jun/12/imf-cyber-attack-hack', 'https://www.nytimes.com/2011/06/12/world/12imf.html?_r=3']"
181,PutterPanda cyberespionage vs. Canada,"Chinas hackers gain access to highly classified federal information of the Canadian Finance Department, Treasury Board and a defense research institution through hijacking government computers. The named institutions are forced offline.",2011-01-01,2011-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,['Canada'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Critical infrastructure', 'Science']]","[['Government / ministries', 'Defence industry', '']]",['Putter Panda/APT 2'],['China'],['State'],,2,2011-01-01; 2011-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,Putter Panda/APT 2; Putter Panda/APT 2,China; China,"State; Non-state actor, state-affiliation suggested",,['https://www.reuters.com/article/us-china-canada-cybersecurity/hacking-attack-in-canada-bears-signs-of-chinese-army-unit-expert-idUSKBN0G13X220140801'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cbc.ca/news/politics/foreign-hackers-attack-canadian-government-1.982618', 'https://www.cbc.ca/news/politics/hackers-stole-secret-canadian-government-data-1.990875', 'https://www.reuters.com/article/us-china-canada-cybersecurity/hacking-attack-in-canada-bears-signs-of-chinese-army-unit-expert-idUSKBN0G13X220140801']"
182,Anonymous vs. Tunisian Government,Anonymous attacks several Tunisian government websites.,2011-01-01,2011-01-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Tunisia'],"[['AFRICA', 'NAF', 'MENA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/01/anonymous-hacktivists-attack-african.html']
183,FatalErrorCrew vs. President of Brazil,Hackers attack several Brazilian government websites.,2011-01-01,2011-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Brazil'],[['SOUTHAM']],[['State institutions / political system']],[['Government / ministries']],['Fatal Error Crew'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Fatal Error Crew,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/01/police-probe-hacker-attack-on-brazil.html']
184,PakBugs vs. Kerala Pradesh Congress Commitee,Website of the Indian party Kerala Pradesh Congress Committee is hacked and pro-Pakistani remarks are left.,2011-01-02,2011-01-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Political parties']],['PakBugs'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,PakBugs,Pakistan,Non-state-group,Hacktivist(s),[],International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/01/kerala-pradesh-congress-committee-kpcc.html']
185,Fine Gael defacement of Anonymous,The website of the main Irish opposition party Fine Gael was hacked and defaced with a critical message by Anonymous in January 2011. The data of 2000 users were compromised.,2011-01-09,2011-01-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,[['Fine Gael']],['Ireland'],"[['EUROPE', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Political parties']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://www.theguardian.com/technology/2011/jan/10/fine-gael-website-anonymous-hackers', 'http://www.thejournal.ie/fine-gael-website-defaced-by-anonymous-hacktivists-66151-Jan2011/']"
186,Breach of Sarkozys Facebook,Hackers managed to break into the Facebook page of French President Nicolas Sarkozy to announce he would be quitting next year.,2011-01-24,2011-01-24,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Political parties']],,['Unknown'],['Unknown - not attributed'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,,['https://www.france24.com/en/20110125-france-president-nicolas-sarkozy-facebook-hacked'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.telegraph.co.uk/technology/facebook/8278200/Nicolas-Sarkozys-Facebook-page-hacked.html', 'https://www.france24.com/en/20110125-france-president-nicolas-sarkozy-facebook-hacked']"
187,Anonymous vs. Egypt 2011,"Sites belonging to Egypt’s cabinet, the Ministry of the Interior and the Ministry of Communications and Information Technology were inaccessible, after DDoS attacks by Anonymous.",2011-01-26,2011-01-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Egypt'],"[['MENA', 'MEA', 'AFRICA', 'NAF']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.nbcnews.com/id/41280813/ns/technology_and_science-security/t/anonymous-hacktivists-attack-egyptian-websites/#.W7IzEuF1NEY']
188,Lybia anti-Government DDOS,Anti-government activists Tuesday accused Libyan leader Moamer Gaddafi of hacking websites reporting on Libya's pro-democracy demonstrations.,2011-02-01,2011-02-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Libya'],"[['AFRICA', 'MENA', 'MEA', 'NAF']]","[['Social groups', 'Media']]","[['Political opposition / dissidents / expats', '']]",,['Unknown'],['State'],,1,2011-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,State,,[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/03/libyan-opposition-websites-hacked.html']
189,Anonymous vs. Egypt 2011 II,The online group Anonymous said Wednesday that it had paralyzed the Egyptian government’s Web sites in support of the antigovernment protests.,2011-02-02,2011-02-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Egypt'],"[['MENA', 'MEA', 'AFRICA', 'NAF']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.nytimes.com/2011/02/03/world/middleeast/03hackers.html']
190,Anonymous vs. Yemen Ministry of Information,"Anonymous takes down the websites of Yemen’s Ministry of Information, as well as Yemeni President Ali Abdullah Saleh",2011-02-03,2011-02-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Yemen'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.digitaltrends.com/computing/anonymous-hackers-strike-back-against-governments-of-egypt-yemen/']
191,Al-Jazeera fake advertising,Hackers insert false news into Al Jazeera website in protest against its coverage of protests in Egypt.,2011-02-09,2011-02-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Qatar'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Media-based attribution,,,,,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/02/hackers-insert-rogue-content-on-al.html']
192,Anonymous posts Aaron Barrs Mails,"Anonymous has already posted around 50,000 emails of Aaron Barr, the CEO of sister organisation HPGary Federal, which revealed a report by the firm looking at ways to sabotage WikiLeaks in collaboration with Palantir Technologies and Berico Technologies. The emails also show that Bank of America, a potential target of WikiLeaks, was to hear the proposal via its outside law firm Hunton & Williams. The proposal's recommendations included a disinformation campaign against WikiLeaks and cyber attacks on its Web site.",2011-02-11,2011-02-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.forbes.com/sites/parmyolson/2011/02/11/anonymous-ready-to-dump-more-hbgary-e-mails-launch-anonleaks/#2d6a31f4698f', 'https://www.theguardian.com/commentisfree/cifamerica/2011/jun/22/hacking-anonymous']"
193,Iranian cyber Army hacks Voice of America,"Iranian Cyber Army, a hackergroup that might be affiliated with the Iranian government, hacks the website of Voice of America and leaves political messages critical of the US foreign policy.",2011-02-21,2011-02-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Iranian Cyber Army'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2011-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Iranian Cyber Army,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/02/voice-of-america-voa-website-hacked-by.html']
194,Anonymous vs. Westboro Baptist Church,Anonymous hacks several websites of Westboro Baptist Church to protest its worldviews.,2011-02-24,2011-02-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Religious']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/02/anonymous-hackers-send-video-message-to.html']
195,DoD hacked by nation state,"Pentagon systems are penetrated in sophisticated attack, probably by other nation state, confidential data is stolen.",2011-03-01,2011-03-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],,,['Unknown'],['State'],,1,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Unknown,State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.nytimes.com/2011/07/15/world/15cyber.html?mtrref=www.google.com&gwh=33D9E59FC84D0817FABA517CD46991C8&gwt=pay']
196,PakCyber Combat Squad vs. Western Sites,"Pakistani hackers deface websites of the Indian embassy in Sweden and Australian beer and wine companies, leave political messages about Kashmir.",2011-03-02,2011-03-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"['Sweden', 'Australia']","[['EUROPE', 'EU', 'NORTHEU'], ['OC']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', '']]",['Pak Cyber Combat Squad'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pak Cyber Combat Squad,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology; Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://thehackernews.com/2011/03/26-australian-beerwine-shop-websites.html', 'https://thehackernews.com/2011/03/indian-embassy-of-sweden-hacked-by.html']"
197,Dark Seoul 2011,DDoS and Disk wiping attacks in South Korea.,2011-03-04,2011-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,2,2011-01-01; 2011-01-01,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Unknown","Non-state actor, state-affiliation suggested; Individual hacker(s)",,"['https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/', 'https://www.mcafee.com//wp-content/uploads/2011/07/McAfee-Labs-10-Days-of-Rain-July-2011.pdf', 'https://www.sans.org/reading-room/whitepapers/critical/tracing-lineage-darkseoul-36787', 'http://english.chosun.com/site/data/html_dir/2013/04/11/2013041100648.html']",System / ideology,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/', 'https://www.mcafee.com//wp-content/uploads/2011/07/McAfee-Labs-10-Days-of-Rain-July-2011.pdf', 'https://www.sans.org/reading-room/whitepapers/critical/tracing-lineage-darkseoul-36787', 'http://english.chosun.com/site/data/html_dir/2013/04/11/2013041100648.html']"
198,Attack on Norway after Lybia Bombing,"The Norwegian military has been the victim of a serious cyber attack , a day after Norwegian F-16 fighter jets for the first time carried out bombings in Libya. According to military officials, no sensitive information was lost.",2011-03-25,2011-03-27,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['Norway'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['State institutions / political system']],[['Military']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.abs-cbn.com/global-filipino/world/05/19/11/norway-army-says-faced-cyber-attack-after-libya-bombing']
199,Zcompany Hacking Crew vs. Government of Orissa,"Pakistani hacker defaces the website of the government of Orissa, India, and leaves political messages on Kashmir.",2011-04-05,2011-04-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Zcompany Hacking Crew'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zcompany Hacking Crew,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology; Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/04/govt-of-orissa-website-owned-by-zhc.html']
200,North Korea disrupts South Korean Bank Service,"NorthKorea hacks SouthKorean bank with over 30 million customers, disrupts service for almost a week and deletes transaction data.",2011-04-12,2011-04-17,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Disruption,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,"[""Korea, Democratic People's Republic of""]",['State'],,1,2011-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,,[],System / ideology; Territory; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.bbc.com/news/world-asia-pacific-13263888']
201,Playstation Network Outage,"The 2011 PlayStation Network outage was the result of an ""external intrusion""on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to turn off the PlayStation Network on April 20. On May 4 Sony confirmed that personally identifiable information from each of the 77 million accounts had been exposed. The outage lasted 23days.",2011-04-17,2011-05-14,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,,['Japan'],"[['ASIA', 'SCS', 'NEA']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]",,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bbc.com/news/technology-13192359', 'https://www.telegraph.co.uk/technology/news/8475728/Millions-of-internet-users-hit-by-massive-Sony-PlayStation-data-theft.html', 'https://www.flickr.com/photos/playstationblog/sets/72157626521862165/', 'https://web.archive.org/web/20110505041135/http://blumenthal.senate.gov/press/release/index.cfm?id=82698973-255D-4B92-9E18-39E5937C9361']"
202,Chinese DDOS vs. Change.Org,"Change.org, an online petitioning platform,has come under an ongoing distributed denial of service (DDoS) attack originating from China after the site hosted a call urging Chinese authorities to release artist Ai Weiwei from custody.",2011-04-19,2011-04-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['China'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Media-based attribution,,,,,China,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/04/ddos-attack-on-changeorg-from-china.html']
203,Gmail Hack,"Google claims that hundreds of users of Gmail, its e-mailservice, had been the targets of clandestine attacks apparently originating in China that were aimed at stealing their passwords and monitoring their e -mail. Victims included senior government officials in the United States, Chinese political activists, officials in several Asian countries, military personnel and journalists.",2011-05-01,2011-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,"['United States', 'Korea, Republic of', 'Asia (region)']","[['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'NEA'], []]","[['State institutions / political system', 'State institutions / political system', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Media']]","[['Government / ministries', 'Military', ''], ['Government / ministries', 'Military', ''], ['Government / ministries', 'Military', '']]",,['China'],"['Non-state actor, state-affiliation suggested']",,1,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2011/06/02/technology/02google.html', 'https://money.cnn.com/2011/06/01/technology/gmail_hack/index.htm']"
204,Anonymous vs. Iran,Anonymous attacks several Iranian government websites.,2011-05-01,2011-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Legislative', 'Police', 'Political parties']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/05/anonymous-attacks-iranian-state.html']
205,XtReMiSt defaces Indian government pages,Pakistani hacker defaces several Indian government and commercial websites and leaves political messages about Kashmir.,2011-05-21,2011-05-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]",['XtReMiSt'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,XtReMiSt,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology; Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/05/200-important-some-govt-websites-of.html']
206,ALLAH`U EKBER-Team defaces webpage of Thai Democratic Party,Hacker defaces a website of the Thai Democratic Party.,2011-05-22,2011-05-22,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Thailand'],"[['ASIA', 'SEA']]",[['State institutions / political system']],[['Political parties']],['ALLAH`UEKBER-Team'],['Unknown'],['Unknown - not attributed'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,ALLAH`UEKBER-Team,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/05/democrat-website-youngdemocratorg.html']
207,Anonymous vs. US Chamber of Commerce,The hacker collective Anonymous took down the US chamber of commerce in response to an planed copyright act,2011-05-27,2011-05-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/05/anonymous-takes-down-us-chamber-of.html']
208,Lulzsec vs. PBS,"The hacking group LulzSec breaks into PBS and pastes in a report that says Tupac Shakur is living in NewZealand, in protest against critical reporting on WikiLeaks.",2011-05-30,2011-05-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['LulzSec'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cnet.com/news/pbs-hacked-says-tupac-is-still-alive/', 'https://www.forbes.com/sites/andygreenberg/2011/05/30/pbs-hacked-after-critical-wikileaks-show/#2a90db8a2fb0']"
209,China vs. Vietnam Hacker,"Computer hackers from Vietnam and China have attacked websites including portals run by each other's governments, amid a sea-border row.",2011-06-01,2011-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Vietnam'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],,,['China'],['Non-state-group'],['Hacktivist(s)'],1,,"Attribution given, type unclear",Media-based attribution,,,,,China,Non-state-group,Hacktivist(s),[],System / ideology; Territory,Territory; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.bbc.com/news/world-asia-pacific-13707921']
210,China vs. Vietnam Hacker,"Computer hackers from Vietnam and China have attacked websites including portals run by each other's governments, amid a sea-border row.",2011-06-01,2011-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['State institutions / political system']],,,['Vietnam'],['Non-state-group'],['Hacktivist(s)'],1,,"Attribution given, type unclear",Media-based attribution,,,,,Vietnam,Non-state-group,Hacktivist(s),[],System / ideology; Territory,Territory; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
211,Strider attack against various countries through Remsec malware,"A previously unknown hacking group known as ""Strider"" or ""ProjectSauron"" has carried out a cyber espionage campaign against targets in Russia, Belgium, China, Iran, Sweden and Rwanda. The Strider crew has apparently been active since at least 2011. Their capabilities and the nature of the targets prompts experts to suspect that it is a nation-state group. The Strider group is using a sophisticated strain of malware dubbed Remsec.",2011-06-01,2016-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of', 'Sweden', 'China', 'Russia', 'Belgium']","[['ASIA', 'MENA', 'MEA'], ['EUROPE', 'EU', 'NORTHEU'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EU', 'NATO', 'WESTEU']]","[['State institutions / political system', 'Critical infrastructure', 'Other', 'State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Other', 'State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Other', 'State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Other', 'State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Other', 'State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Telecommunications', '', 'Military', 'Finance'], ['Government / ministries', 'Telecommunications', '', 'Military', 'Finance'], ['Government / ministries', 'Telecommunications', '', 'Military', 'Finance'], ['Government / ministries', 'Telecommunications', '', 'Military', 'Finance'], ['Government / ministries', 'Telecommunications', '', 'Military', 'Finance']]",['Strider/Project Sauron'],['Unknown'],['State'],,1,2016-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,Strider/Project Sauron,Unknown,State,,['https://securityaffairs.co/wordpress/50119/intelligence/projectsauron-apt-stride.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://securelist.com/faq-the-projectsauron-apt/75533/', 'https://securityaffairs.co/wordpress/50119/intelligence/projectsauron-apt-stride.html']"
212,Syria information war,Release of dozens of revealing Syrian messages points to a newer a of information warfare,2011-06-01,2012-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft & Doxing,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],,['Syria'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Syria,Unknown - not attributed,,[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-syria-assads-emails-naked/sexy-photo-in-hacked-assad-e-mails-causes-comment-idUSBRE82G09L20120317', 'https://in.reuters.com/article/syria-hacking/syria-e-mail-hack-points-to-new-information-war-idINDEE82F0HX20120316']"
213,Anonymous vs. Indian National Informatics Centre,Anonymous defaces the website of the Indian National Informatics Centre to protest government corruption.,2011-06-05,2011-06-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Civil service / administration']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/06/national-informatics-centre-nic-india.html']
214,Zcompany HackingCrew UNICEF Defacement,Pakistani hackers deface the website of UNICEF and leave political messages on Kashmir and in support of Palestinians.,2011-06-07,2011-06-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['International / supranational organization']],,['Zcompany Hacking Crew'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zcompany Hacking Crew,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology; Territory; International power,System/ideology; Territory; International power; Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/06/united-nations-childrens-fund-unicef.html']
215,Anonymous vs. Turkey 2011,Official Turkish websites were attacked by Internet vigilante group Anonymous on Thursday as part of a protest against what it says is government Internet censorship.,2011-06-09,2011-06-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-turkey-election-internet/turkish-websites-attacked-by-anonymous-before-vote-idUSTRE7583DV20110609']
216,Anonymous vs. Spain National Police,"The website of Spain's national police force has been briefly knocked offline by hacker collective Anonymous, in protest against the arrest of three hackers.",2011-06-12,2011-06-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Spain'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.bbc.com/news/technology-13749181']
217,LulzSec access to Senate,"LulzSec broke into the Senate's Website and was able to gain access to the server's directory and file structure, the contents of which the group published on ist own site.",2011-06-13,2011-06-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Legislative']],['LulzSec'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.cnet.com/news/lulzsec-hackers-attack-senate-site/']
218,LulzSec takes down the CIA page,The public website of the US Central Intelligence Agency has gone down after the hackergroup LulzSecurity said it had launched an attack.,2011-06-15,2011-06-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Intelligence agencies']],['LulzSec'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.telegraph.co.uk/news/worldnews/northamerica/usa/8578704/CIA-website-hacked-by-Lulz-Security.html']
219,Anonymous vs. Censorship in Malaysia,"Hackers have attacked dozens of government websites in Malaysia, days after a hacking group criticised the country over censorship.",2011-06-15,2011-06-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Malaysia'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.bbc.com/news/world-asia-pacific-13788817']
220,Ktoki defacement of Lybian Sites,"Several Libyan private and public media outlets are in accessible, websites defaced with message against Gaddafi.",2011-06-18,2011-06-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Libya'],"[['AFRICA', 'MENA', 'MEA', 'NAF']]","[['State institutions / political system', 'Media']]",,['Ktoki'],['Libya'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Ktoki,Libya,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/06/libyan-satellite-tv-website-hacked-by.html']
299,Leviathan vs. Maritime & Defense Targets,"Chinese APT Leviathan targets defense contractors, universities (particularly those with military research ties), legal organizations and government agencies. The actor has particular interest in naval industries including shipbuilding and related research.",2011-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['United States', 'Austria', 'Cambodia', 'Canada', 'Germany', 'India', 'Malaysia', 'Norway', 'Saudi Arabia', 'United Kingdom']","[['NATO', 'NORTHAM'], ['EUROPE', 'EU', 'WESTEU'], ['ASIA', 'SEA'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'SEA'], ['EUROPE', 'NATO', 'NORTHEU'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', ''], ['Government / ministries', '', '']]","['APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company)', 'Hainan Xiandun Company/MSS']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2020-01-01; 2020-01-01; 2020-01-01; 2020-01-01,"Domestic legal action; Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company); Hainan Xiandun Company/MSS; APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company); Hainan Xiandun Company/MSS",China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion', 'https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets', 'https://www.fireeye.com/blog/threat-research/2019/03/APT 40-examining-a-china-nexus-espionage-actor.html']",International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion', 'https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets', 'https://www.fireeye.com/blog/threat-research/2019/03/APT 40-examining-a-china-nexus-espionage-actor.html']"
221,Operation AntiSec,"As part of Operation AntiSec, the related hackergroups Anonymous and LulzSec take down several websites with DDoS attacks, including Tunisian, Turkish and Brazilian government websites and the websites of a US Court of Appeals, a  Chinese government district and the British Serious Organised CrimeAgency.",2011-06-20,2011-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,"['Tunisia', 'United Kingdom', 'China', 'Brazil', 'United States', 'Turkey']","[['AFRICA', 'NAF', 'MENA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['SOUTHAM'], ['NATO', 'NORTHAM'], ['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Judiciary', 'Police', ''], ['Government / ministries', 'Judiciary', 'Police', ''], ['Government / ministries', 'Judiciary', 'Police', ''], ['Government / ministries', 'Judiciary', 'Police', ''], ['Government / ministries', 'Judiciary', 'Police', ''], ['Government / ministries', 'Judiciary', 'Police', '']]","['Anonymous', 'LulzSec']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; LulzSec,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.webcitation.org/5zxp1vmNv', 'https://uk.pcmag.com/news/107520/anonymous-antisec-operation-targets-viacom-universal-music', 'https://www.pcworld.com/article/235184/Anonymous_Attacks_Turkish_Websites_Again.html', 'https://www.bbc.com/news/technology-13878888', 'http://www.gmanetwork.com/news/scitech/content/224612/hacktivist-spree-continues-tunisian-govt-site-latest-target/story/', 'https://www.webcitation.org/5zbHJFF18', 'https://www.webcitation.org/61TbdSoz8', 'https://www.webcitation.org/5zdkR3nOy', 'https://www.theinquirer.net/inquirer/news/2082148/anonymous-hacks-anguilla-brazil-zimbabwe-australia-governments', 'https://www.cnet.com/news/lulzsec-takes-down-brazil-government-sites/', 'https://www.webcitation.org/5zaPT1ekX']"
223,Operation AntiSec,"As part of Operation AntiSec, the related hackergroups Anonymous and LulzSec hack several political and commercial entities and publish data, often times including confidential information. The hacked organisations include police and cyberterrorism agencies in the USA, Italy and Brazil, US government contractors and multinational businesses.",2011-06-20,2011-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,"['United States', 'Brazil', 'Italy', 'Anguilla', 'Zimbabwe', 'Australia']","[['NATO', 'NORTHAM'], ['SOUTHAM'], ['EUROPE', 'NATO', 'EU'], [], ['AFRICA', 'SSA'], ['OC']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Judiciary', 'Police', 'Political parties', ''], ['Government / ministries', 'Judiciary', 'Police', 'Political parties', ''], ['Government / ministries', 'Judiciary', 'Police', 'Political parties', ''], ['Government / ministries', 'Judiciary', 'Police', 'Political parties', ''], ['Government / ministries', 'Judiciary', 'Police', 'Political parties', ''], ['Government / ministries', 'Judiciary', 'Police', 'Political parties', '']]","['Anonymous', 'LulzSec']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; LulzSec,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://thehackernews.com/2011/08/another-government-contractor-pcs.html', 'https://uk.pcmag.com/news/107504/lulzboat-sails-on-anonymous-dumps-more-arizona-data', 'https://www.webcitation.org/5zijhtzV4', 'https://www.webcitation.org/5zwEwc1It', 'https://www.webcitation.org/5zxoSRQ4X', 'https://www.theinquirer.net/inquirer/news/2082148/anonymous-hacks-anguilla-brazil-zimbabwe-australia-governments', 'https://www.webcitation.org/5zxp1vmNv', 'https://www.hackmageddon.com/2011/08/07/the-lulz-boat-sails-to-brazil-and-leaks-8-gb-of-data/', 'https://thehackernews.com/2011/07/italys-police-it-network-vitrocisetit.html', 'https://www.webcitation.org/5zxppc1WY', 'https://www.webcitation.org/612Cy17OA', 'https://thehackernews.com/2011/08/operation-satiagraha-brazil-corruption.html', 'https://www.cnet.com/news/anonymous-ready-to-roll-in-post-lulzsec-world/', 'https://www.cyberwarnews.info/2011/12/25/new-york-city-public-advocate-hacked-and-database-dumped-by-anonymous/', 'https://www.hackmageddon.com/2011/10/22/another-friday-another-dump/', 'https://www.hackmageddon.com/2011/08/06/i-shot-the-sheriff/', 'https://www.webcitation.org/61TbdSoz8']"
222,Operation AntiSec,"As part of Operation AntiSec, the related hackergroups Anonymous and LulzSec deface several websites with their logo and political messages, including the websites of the British newspaper The Sun, of the Australian Casino, Liquor and Gaming Control Authority, of an Italian Prison Agency and of several Turkish businesses and governmental websites.",2011-06-20,2011-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,"['United Kingdom', 'Turkey', 'Australia', 'Italy']","[['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'NATO', 'MEA'], ['OC'], ['EUROPE', 'NATO', 'EU']]","[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]","[['Civil service / administration', 'Police', '', ''], ['Civil service / administration', 'Police', '', ''], ['Civil service / administration', 'Police', '', ''], ['Civil service / administration', 'Police', '', '']]","['Anonymous', 'LulzSec']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; LulzSec,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackmageddon.com/2011/08/05/italian-prison-guards-hacked/', 'https://www.webcitation.org/60HMbQTWj', 'https://www.cyberwarnews.info/2011/11/27/australian-government-website-defaced-by-anonymous/']"
225,Attack on Al-Qaida Comm-Systems,Communication networks of Al Qaida are disrupted for severeal days by unknown hacker.,2011-06-29,2011-07-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Unknown'],,[['Social groups']],[['Terrorist']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/06/hackers-target-al-qaida-internet.html']
226,Operation BlackTulip,"Presumably Iranian hackers gain access to a DutchSSL certificate supplier, is suing fraudulent certificates and thus gaining access to more than 300000 Iranian Google-Mail-Accounts.",2011-07-01,2011-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Data theft,,"['Iran, Islamic Republic of', 'Netherlands']","[['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Advocacy / activists (e.g. human rights organizations)', ''], ['Advocacy / activists (e.g. human rights organizations)', '']]",,"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,2,2011-01-01; 2011-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Media-based attribution,,,,,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/', 'https://nakedsecurity.sophos.com/2011/09/05/operation-black-tulip-fox-its-report-on-the-diginotar-breach/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2011/08/31/technology/internet/hackers-impersonate-google-to-snoop-on-users-in-iran.html?_r=3', 'https://spectrum.ieee.org/riskfactor/telecom/security/diginotar-certificate-authority-breach-crashes-egovernment-in-the-netherlands', 'https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/', 'https://nakedsecurity.sophos.com/2011/09/05/operation-black-tulip-fox-its-report-on-the-diginotar-breach/']"
227,LulzSec attack FoxNews Twitter,"LuzSec hackers take control of @fox newspolitics, post tweets about death of Barack Obama.",2011-07-04,2011-07-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['LulzSec'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/technology/2011/jul/04/hacking-twitter-feed-fix-news']
228,Energy Labs breached,"The Websites of the Energy Department's Pacific Northwest National Lab and Jefferson National Lab were down today in the after math of ""sophisticated"" attacks, no classified information has been stolen.",2011-07-06,2011-07-06,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],,,['Unknown'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.cnet.com/news/sophisticated-attack-targets-two-energy-dept-labs/']
229,Moodys Defaced,Portuguese hackers responded to a negative assessment of the country's ability to repay loans by defacing the website of credit reference agency Moody's.,2011-07-08,2011-07-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['Portugal'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Portugal,Non-state-group,Hacktivist(s),[],System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theregister.co.uk/2011/07/08/patriotic_portuguese_hackers_hit_moody/']
230,NN-Crew,"A group calling itself NN-Crew says it has broken into a server used by Germany's Federal Police and stole thousands of data used to GPS-track suspects under surveillance. The police apparently used the hacked server as a datapool and server to download GPS tracking software; it also contained instructions for installation and operation of that software, several usernames and passwords along with telephone numbers , licenseplate numbers, locations, and coordinates.Numerous internal documents used by the authorities were also stored on the server.",2011-07-08,2011-07-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Police']],['NN-Crew'],['Germany'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,NN-Crew,Germany,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.h-online.com/security/news/item/German-Federal-Police-servers-compromised-1276115.html']
231,Anonymous breach of Defense Contractor,"Anonymous announced  that it had penetrated a server belonging to the defense contractor Booz Allen Hamilton and released what it claims are 90,000 military email addresses, encrypted passwords and an assortment of data related to other companies and government networks.",2011-07-11,2011-07-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.forbes.com/sites/andygreenberg/2011/07/11/anonymous-hackers-breach-booz-allen-hamilton-dump-90000-military-email-addresses/#597956a376bb']
232,InjectorTeam vs. IOM,"The website of the International Organization for Migration is defaced by Libyanhackers, who leave a political message about the Libyan civilwar.",2011-07-12,2011-07-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Switzerland'],"[['EUROPE', 'WESTEU']]",[['International / supranational organization']],,['Inj3ct0rTeam'],['Libya'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Inj3ct0rTeam,Libya,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/07/international-organization-for.html']
233,Anonymous vs. GEMA,"German creative author's society GEMA is hacked, log-in credentials are leaked and the website is later replaced with political message.",2011-07-13,2011-08-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Media']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.heise.de/security/meldung/Anonymous-legt-GEMA-Seite-lahm-1327285.html', 'https://www.heise.de/security/meldung/Gema-offenbar-gleich-mehrfach-gehackt-1328737.html']"
234,Information Theft US Military,The US Deputy Defense Secretary William Lynn has revealed that a foreign intelligence agency was behind a hackattack that stole classified information about a topsecret weapons system which now has to be redesigned.,2011-07-13,2011-07-13,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Defence industry']],,['Unknown'],['State'],,1,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Unknown,State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://nakedsecurity.sophos.com/2011/07/15/hackers-governmentsecret-plans-pentagon/']
235,Israeli Websites hacked by Palestinian Hackers,"Palestinian hackers defaces several Israeli websites, demanding freedom for Palestine.",2011-07-18,2011-07-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]",,"['Dr. Torjan', 'Code 5']","['Palestine', 'Palestine']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Dr. Torjan; Code 5,Palestine; Palestine,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/07/israel-web-hosting-server-hacked-for.html']
236,Taliban Networks hacked,"The Taliban said their phones, email and website had been hacked to spread a false report that the movement’s spiritual leader, Mullah Omar, was dead. They identify US intelligence services behind the attack.",2011-07-20,2011-07-20,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,['Afghanistan'],"[['ASIA', 'SASIA']]",[['Social groups']],[['Terrorist']],,['United States'],['State'],,1,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,United States,State,,[],System / ideology,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-afghanistan-taliban-technology/tech-savvy-taliban-fights-war-in-cyberspace-idUSTRE76J1IL20110720']
237,Anonymous vs. NATO 2011,Anonymous claimed credit Thursday for hacking into NATO servers and stealing 1 gigabyte of sensitive information,2011-07-21,2011-07-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['NATO (region)'],,[['International / supranational organization']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.washingtonpost.com/world/national-security/nato-web-site-hacked-by-anonymous/2011/07/21/gIQACLFCSI_story.html?noredirect=on&utm_term=.f3d9e4435ee6']
238,Anonymous vs. Public Broadcaster,"Anon Austria hack data base of public broadcaster (GIS), leak personal information and bank details of 100 employees of police ministry of the interior.",2011-07-22,2011-07-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Austria'],"[['EUROPE', 'EU', 'WESTEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]",,['Anonymous'],['Austria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Austria,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://diepresse.com/home/techscience/internet/sicherheit/680144/GIS-gehackt_Anonymous-kapern-95954-Bankdaten']
239,Anonymous vs. Colombia National Police,Colombian hackers spambomb several addresses of the Colombian police and leak personal information on police officers.,2011-07-23,2011-07-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Colombia'],[['SOUTHAM']],[['State institutions / political system']],[['Police']],['Anonymous'],['Colombia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Colombia,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/07/colombian-anonymous-hackers-reveal.html']
240,Defacing Anonymous,"Unidentified hackers deface Anonplus, the social network of hacker group Anonymous, in retaliation against Turkish government websites earlier in July.",2011-07-23,2011-07-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Unknown'],,[['Social groups']],[['Hacktivist']],['Akincilar'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Akincilar,Turkey,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://gizmodo.com/5823351/hackers-hacked-the-hackers-anonplus-social-network']
241,Chinese Trojan Horse in Japan,"Computers and servers in the lower house of Japan's parliament became infected by a Trojan horse virus after one politician opened an email attachment. Computer IDs and passwords of all the lawmakers in the House of Representatives were leaked, e-mails sent to its lawmakers might have been accessible to hackers for a maximum of 15 days and computers were found to have made improper communications with overseas Websites",2011-07-25,2011-10-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Legislative']],,['China'],['Unknown - not attributed'],,1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,China,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://news.asiaone.com/News/Latest%2BNews/Asia/Story/A1Story20111116-310940.html', 'https://nakedsecurity.sophos.com/2011/10/25/japanese-parliament-hit-by-cyber-attack/', 'https://thenextweb.com/asia/2011/10/25/japanese-government-hit-by-chinese-trojan-horse-attack/']"
242,Anonymous vs. Italian Cyber Police,Anonymous leaks webpage data of Italian cyber police unit (CNAIPIC).,2011-07-25,2011-07-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.computerworld.com/article/2509444/government-it/anonymous-hacks-italy-s-cybercrime-police.html']
243,Anonymous vs. ManTech,"Anonymous hacks ManTech, a contractor that provides cyber security services to the FBI, releases 500mb of internal data.",2011-07-28,2011-07-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['End user(s) / specially protected groups']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.securityweek.com/anonymous-claims-it-hacked-mantech-fbi-cybersecurity-contractor']
244,Get Him Outgame,"Hackers have attacked Nicolas Sarkozy's official Elysee Palace website to create a video game called 'GetHimOut'. Under the formal banner introducing the site, a cartoon image of the French president was pictured on a go-kart heading towards the gates of the palace. For each click on a Facebook 'like' button beside the game, the French leader moved one step closer out into the street",2011-07-28,2011-07-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/07/nicolas-sarkozys-official-elysee-palace.html']
245,Anonymous vs. SpecialForces.com,"Members of the hacker collective Anonymous claim they have stolen about 14,000 user passwords and 8,000 credit card numbers from SpecialForces.com, a military and law enforcement equipment retailer. The data breach occurred several months ago, according to Anonymous, but the group only now decided to post the data online. The purloined password list had reportedly been posted online several weeks ago as well.",2011-08-01,2011-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.pcworld.com/article/247072/anonymous_hacks_specialforces_com_posts_passwords_and_credit_card_data.html']
246,Chinese Hack Japanese Defense Contractor,"Allegedly Chinese hackers gain access to 85 computers of Mitsubishi Heavy Industries, a Japanese defence supplier, stealing classified information.",2011-08-01,2011-09-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['Critical infrastructure']],[['Defence industry']],,['China'],['Unknown - not attributed'],,1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,China,Unknown - not attributed,,[],Decolonization,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/world/2011/sep/20/china-denies-hacking-attack-japan', 'https://nakedsecurity.sophos.com/2011/09/19/mitsubishi-defense-contractor-hack/']"
247,Attack against Endusers in ISR-EGY Cyberwar,"Egyptian hackers release a computer worm to US American and Israeli users condemning Israel's foreign policy, especially towards Egypt.",2011-08-01,2011-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['Israel', 'United States']","[['ASIA', 'MENA', 'MEA'], ['NATO', 'NORTHAM']]","[['End user(s) / specially protected groups'], ['End user(s) / specially protected groups']]",,,['Egypt'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Egypt,Unknown - not attributed,,[],System / ideology; Territory; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/08/cyber-war-against-israel-have-taken.html']
248,Operation Defense,Anonymous and colombian hackers spambomb several addresses of the Colombian police and leak personal information on police officers.,2011-08-02,2011-08-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Colombia'],[['SOUTHAM']],"[['State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Intelligence agencies', 'Political parties']]",['Anonymous'],['Colombia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Colombia,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/08/operation-defense-anonymous-shut-down.html']
249,Alexploiter hacks website of Yemens customs authority,Hacktivists defaces the website of Yemen's customs authority to protest the government.,2011-08-05,2011-08-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Yemen'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],,['Alexploiter'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Alexploiter,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/08/customs-authority-of-yemen-hacked-for.html']
250,Anonymous takes down Syrian defense ministry website,"The Syrian Ministry of Defense's website was inaccessible after it was hacked by Anonymous, which replaced its content by an anti-government message.",2011-08-07,2011-08-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://edition.cnn.com/2011/WORLD/meast/08/08/syria.ministry.site.hacked/index.html', 'https://thehackernews.com/2011/08/syrian-ministry-of-defense-hacked-by.html']"
251,Syrian ElectronicArmy vs. AnonPlus,"In retaliation for the defacement of the Syrian Ministry of Defense's website, the Syrian Electronic Army hacks and defaces AnonPlus, an alternative social network of Anonymous",2011-08-08,2011-08-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,['Unknown'],,[['Social groups']],[['Hacktivist']],['Syrian Electronic Army'],['Syria'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2011-01-01; 2011-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",System / ideology; National power; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.computerworld.com/article/2510039/cybercrime-hacking/syrian-hackers-retaliate--deface-anonymous--social-network.html', 'https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
252,Team P0ison vs. BlackBerry,Hacktivists left their mark of dissatisfaction on Blackberry's website after it announced that they would help police track down rioters in London,2011-08-09,2011-08-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Canada'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Team P0ison'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team P0ison,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.businessinsider.com/blackberry-hacked-london-riots-2011-8?IR=T']
253,Egyptian Hacker Defacement of Page of Israeli Prime Minister,"An Egyptian hacker managed on Sunday to hack into the website of Israeli Prime Minister, Benjamin Netanyahu, and placed a picture of Egyptian soldiers raising the Egyptian flag in Sinai during the October,6 , 1973, on the sites’ homepage. The hacker who managed to penetrate the webpage of Netanyahu wrote “AntiZionism”, the site was then gradually taken offline.",2011-08-21,2011-08-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Egyptian Hacker'],['Egypt'],['Non-state-group'],['Ethnic actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Egyptian Hacker,Egypt,Non-state-group,Ethnic actors,[],System / ideology; Territory; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/08/israeli-prime-minister-netanyahus.html']
254,Electr0nde faces NIC,"Hackers calling themselves “Electr0n”have defaced the nic.ly website, the main registry which administers .ly domainnames and replaced it with an anti-Gaddhafi message",2011-08-22,2011-08-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Libya'],"[['AFRICA', 'MENA', 'MEA', 'NAF']]",[['State institutions / political system']],,['Electr0n'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Electr0n,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://nakedsecurity.sophos.com/2011/08/22/hackers-deface-libya-anti-gadaffi/']
255,Breach of US contractor,An admirer of Anonymous acted independently to breach an outsourced provider and steal a customer list with log-in credentials. Many on the list were U.S. government employees.,2011-08-24,2011-08-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],,,['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Individual hacker(s),,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.eweek.com/security/cyber-attacker-dumps-log-ins-for-20-000-customers-u.s.-employees']
256,PrivateX vs. PNRI,"Private Xhackers defaced the website of the Philippine Nuclear Research Institute (PNRI) and left a message accusing another government agency of corruption, to support President Benigno AquinoIII and his State of the Nation Address",2011-08-25,2011-08-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]","[['State institutions / political system', 'Science']]",,['PrivateX'],['Philippines'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,PrivateX,Philippines,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/08/philippine-nuclear-research-institute.html']
257,DDOS vs. Wikileaks,"Website of WikiLeaks is disabled with a major DDoS attack, hours after classified documents of the USA find their way online.",2011-08-30,2011-08-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Unknown'],,[['Media']],,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.techspot.com/news/45314-wikileaks-website-targeted-by-hackers.html']
258,North Korea vs. Inche on Airport,"The south Korean police suspects that the North’s Reconnaissance General Bureau is behind a technical glitch in the flight data process or that paralyzed airtraffic control at Inche on International Airport for nearly an hour last Sept.15. It was presumably enabled by a botnet of south Korean computers, which have been infected by a compromised pc gaming version, distributed by a southKorean citizen, which was instructed by the Reconnaissance General Bureau of the Norths Military.",2011-09-01,2011-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Critical infrastructure']],[['Transportation']],"['South Korean Citizen', 'Reconnaissance General Bureau']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2012-01-01; 2012-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,South Korean Citizen; Reconnaissance General Bureau,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://threatpost.com/report-north-korea-accused-ddos-attack-south-korean-airport-060712/76664/'],System / ideology,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://koreajoongangdaily.joins.com/2012/06/04/socialAffairs/Incheon-Airport-cyberattack-traced-to-Pyongyang/2953940.html', 'https://threatpost.com/report-north-korea-accused-ddos-attack-south-korean-airport-060712/76664/']"
259,Chinese Phishing vs. US Gas Companies,"Allegedly Chinese cyberspies targeted 23 US American gas pipeline companies with e-mails crafted to deceive key personnel into clicking on malicious links or file attachments that let the attackers slip into company networks and obtain information,that would enable them to attack the country's whole gas system easily.",2011-09-01,2012-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Energy']],"['APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)', 'PLA Unit 61398']","['China', 'China']","['State', 'State']",,2,2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398; APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China; China; China,"State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.csmonitor.com/Environment/2013/0227/Exclusive-Cyberattack-leaves-natural-gas-pipelines-vulnerable-to-sabotage', 'https://www.recordedfuture.com/from-coercion-to-invasion-the-theory-and-execution-of-china-cyber-activity']"
260,Gauss,"Gauss, a Stuxnet-related malware was created to steal sensitive information mainly from Lebanon Banking Sector.",2011-09-01,2012-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Lebanon'],"[['ASIA', 'MENA', 'MEA']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Defence industry', '']]",['NSA/Equation Group'],['United States'],"['Non-state actor, state-affiliation suggested']",,2,2012-01-01; 2012-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,"Non-state actor, state-affiliation suggested; State",,"['https://bits.blogs.nytimes.com/2012/08/09/researchers-find-possible-state-sponsored-virus-in-mideast/?mtrref=undefined', 'https://www.golem.de/news/kaspersky-lab-gauss-ist-staatliche-malware-zum-kontenraub-1208-93780.html', 'https://de.securelist.com/kaspersky-security-bulletin-2012-cyberwaffen/59256/']",Unknown,Unknown,,Unknown,,0,,,,,,Yes,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.rsaconference.com/writable/presentations/file_upload/br-208_bencsath.pdf', 'https://bits.blogs.nytimes.com/2012/08/09/researchers-find-possible-state-sponsored-virus-in-mideast/?mtrref=undefined', 'https://www.golem.de/news/kaspersky-lab-gauss-ist-staatliche-malware-zum-kontenraub-1208-93780.html', 'https://de.securelist.com/kaspersky-security-bulletin-2012-cyberwaffen/59256/']"
261,Inj3ct0r Team vs. European Comission,"Hackinggroup Inj3ct0rTeam deface the website of the European Commission's Joint Research Service, leave political messages and publish server data.",2011-09-04,2011-09-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Belgium'],"[['EUROPE', 'EU', 'NATO', 'WESTEU']]",[['International / supranational organization']],,['Inj3ct0rTeam'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Inj3ct0rTeam,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/09/european-union-hacked-by-inj3ct0r-team.html']
262,Akincilar vs. Israel,Several Israeli websites are defaced by Turkish hackers who oppose Israel's foreign policy and its tensions with Turkey.,2011-09-04,2011-09-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]",,['Akincilar'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Akincilar,Turkey,Non-state-group,Hacktivist(s),[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/09/100s-of-israel-websites-hacked-by-cyber.html']
263,ScriptKiddies vs. NBC,Hackergroup the ScriptKiddies gain access to the NBC News Twitteraccount and post false tweets on terrorist attacks at Ground Zero.,2011-09-09,2011-09-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['ScriptKiddies'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,ScriptKiddies,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackmageddon.com/2011/09/11/an-e-mail-attack-to-ground-zero/']
264,Muslim Liberation Army vs. Christian Sites,20 Churches websites and Truth Alliance Network defaced by Muslim Liberation Army in support of Muslims in ongoing international conflicts and to protest against burings of Quran.,2011-09-11,2011-09-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Religious']],['Muslim Liberation Army'],['Unknown'],['Non-state-group'],['Religious actors'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Muslim Liberation Army,Unknown,Non-state-group,Religious actors,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/09/truth-alliance-network-and-20-churches.html']
265,FatalErrorCrew vs. Nigeria,Fatal Error Crew deface the official website of the Nigerian government with a message in Portuguese.,2011-09-12,2011-09-12,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Nigeria'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Fata Error Crew'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Attribution given, type unclear",Media-based attribution,,,,Fata Error Crew,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://nakedsecurity.sophos.com/2011/09/12/nigerian-government-website-defacement/']
266,Protest vs. David Camerons visit to Russia,"Unknown hackers take down the website of the Russian Embassy in the United Kingdom, presumably to protest the visit of PM David Cameron to Russia.",2011-09-12,2011-09-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/DDoS-Attack-Targets-Russian-Embassy-Website-221257.shtml']
267,Anonymous vs. INSA,"United States trade association for intelligence contractors Intelligence and National Security Association (INSA) was hacked, and personal information of its 3000 members, including e-mail and home addresses is leaked.",2011-09-14,2011-09-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['', 'Government / ministries', 'Police', 'Intelligence agencies']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.computerworld.com/article/2471073/endpoint-security/3-000-intelligence-officials--names--emails-leaked-as--insa-spies-.html', 'https://thehackernews.com/2011/09/intelligence-and-national-security.html']"
268,Mexican Independence Day Hack,Anonymous takes down several Mexican government websites on Mexico's Independence Day.,2011-09-15,2011-09-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Mexico'],,[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/09/operation-opindependencia-anonymous-hit.html']
269,Trick(ing) the City of Rennes,Website of the City of Rennes is defaced in protest against Anti-Islam policies.,2011-09-19,2011-09-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],['Trick'],['Unknown'],['Non-state-group'],['Religious actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Trick,Unknown,Non-state-group,Religious actors,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/09/city-of-rennes-france-hacked-against.html']
270,Anonymous Austria leaks Police Data,AnonAustria publishes personal information of almost 25000 police officials in protest against a draft law which would require telecommunications companies to store details of all telephone and internet traffic for six months and make them available to the police,2011-09-26,2011-09-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Austria'],"[['EUROPE', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Austria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Austria,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://nakedsecurity.sophos.com/2011/09/28/names-addresses-25000-police-officers-anonymous-cell/', 'https://www.bbc.co.uk/news/world-europe-15065931']"
271,Anonymous and RevoluSec Deface Syrian government pages,Hackers of Anomyous and RevoluSec deface websites of several Syrian government websites in support of the Syrian opposition.,2011-09-26,2011-09-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],"['Anonymous', 'RevoluSec']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; RevoluSec,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.aljazeera.com/news/middleeast/2011/09/201192692416534215.html']
272,SEA hacks Harvard page,Syrian Electronic Army hacks the website of Harvard University and leaves pro-Assad and anti-USA message.,2011-09-26,2011-09-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Science']],,['Syrian Electronic Army'],['Syria'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2013-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0', 'https://threatpost.com/pro-syrian-electronic-army-hacks-harvard-university-site-092711/75695/']",System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://thehackernews.com/2011/09/harvard-university-website-hacked-by.html', 'https://www.bbc.com/news/education-15061377', 'https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0', 'https://threatpost.com/pro-syrian-electronic-army-hacks-harvard-university-site-092711/75695/']"
273,Zombie_Ksa vs. SupremeCourtofPakistan,Website of the Supreme Court of Pakistan is hacked and political remarks are left.,2011-09-28,2011-09-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Judiciary']],['Zombie_Ksa'],['Saudi Arabia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zombie_Ksa,Saudi Arabia,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/09/supreme-court-of-pakistan-website.html']
274,Twitter of Thai PM hacked,"Thailand’s PrimeMinister, Yingluck Shinawatra, had her Twitter account hacked this weekend–meaning that her followers saw a stream of messages criticising her leadership.",2011-10-03,2011-10-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Thailand'],"[['ASIA', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],,['Thailand'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Thailand,Non-state-group,Hacktivist(s),[],System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://metro.co.uk/2011/10/03/thailands-prime-minister-yingluck-shinawatra-targeted-by-twitter-hackers-170901/', 'https://nakedsecurity.sophos.com/2011/10/03/thai-pm-is-twitter-hacked/']"
275,Iron Dome Hack,Three Israeli defense contractors responsible for building the “Iron Dome” missile shield currently protecting Israel from a barrage of rocket attacks were compromised by hackers and robbed of huge quantities of sensitive documents pertaining to the shield technology.,2011-10-10,2012-08-13,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Defence industry']],"['APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)', 'PLA Unit 61398']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2014-01-01; 2014-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/']
276,MNDF Website Hacked,The Maldives National Defence Force (MNDF) has confirmed that its website was hacked last night by an unknown attacker.,2011-10-16,2011-10-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,['Maldives'],"[['ASIA', 'SASIA']]",[['State institutions / political system']],[['Military']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/02/maldives-national-defence-force-mndf.html']
277,ZHC defaces page of Indian National Congress,Pakistani hackers deface the website of the Indian National Congress and leave political remarks on the Kashmir conflict.,2011-10-18,2011-10-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Political parties']],['Zcompany Hacking Crew'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zcompany Hacking Crew,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology; International power; Cyber-specific,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/10/indian-national-congress-party-official.html']
278,CabinCr3w vs. Citigroup,Hackers of CabinCr3w leak sensitive personal information of CitiGroup's CEO in support of the OccupyWallstreet movement.,2011-10-21,2011-10-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]",,['CabinCr3w'],['United States'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,CabinCr3w,United States,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/10/hackers-leak-citigroup-ceos-personal.html']
279,DDOS on Korean By-Election,Associates of the ruling party attacked the servers of the national electoral commision on the day of the 2011 Seoul-by-election,2011-10-26,2011-10-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Not available,Disruption,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Election infrastructure / related systems']],,"['Korea, Republic of']","['Non-state actor, state-affiliation suggested']",,1,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Korea, Republic of","Non-state actor, state-affiliation suggested",,[],National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://web.archive.org/web/20120108030022/http://koreatimes.co.kr/www/news/nation/2012/01/117_102260.html', 'http://www.koreatimes.co.kr/www/nation/2018/12/113_100097.html']"
280,Anonymous vs. Oakland,"Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors, taking down their websites with DDoS attacks.",2011-10-27,2011-10-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/10/anonymous-ddos-oakland-police-site.html']
281,Anonymous defaces Website of Political Candidate that colloborates with Cartels,"In a slate against the Mexican Drug Cartel Los Zetas, Anonymous Mexico defaces the website of the politician Gustavo Rosario Torres, claiming that he collaborates with the cartel.",2011-10-29,2011-10-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Mexico'],,[['State institutions / political system']],,['Anonymous'],['Mexico'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Mexico,Non-state-group,Hacktivist(s),[],System / ideology,Subnational predominance; Resources; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/10/anonymous-hackers-threatening-mexican.html']
282,DDOS vs. Palestinian Pages,"Internet services in the WestBank and Gaza have come under ""sustained attack"" in multiple locations, a day after Palestine's accession to the UNESCO. Palestinian officials hint at Israel as the inititator.",2011-11-01,2011-11-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption,,['Palestine'],"[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Telecommunications']],,['Israel'],['State'],,1,2011-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Israel,State,,[],System / ideology; Territory; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.aljazeera.com/indepth/opinion/2011/11/2011117151559601957.html', 'https://www.theguardian.com/world/2011/nov/01/palestinians-hit-cyber-attack-unesco']"
283,Anonymous vs. El Salvador,"The Anonymous hacking group launched an online strike against government websites in El Salvador last Saturday, forcing several of them to shut down to prevent the theft of high-ranking officials' personal information.",2011-11-05,2011-11-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['El Salvador'],[['CENTAM']],"[['State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Legislative', 'Police']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.nbcnews.com/id/45214010/ns/technology_and_science-security/t/hackers-hit-el-salvador-government-sites/#.W4k_4ScVREY']
284,Anonymous leaks finish Neo-Nazi site data,Anonymous hacks the database of a Finnish neo-nazi group and leaks data of 16000 members.,2011-11-08,2011-11-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Finland'],"[['EUROPE', 'EU', 'NORTHEU']]",[['Social groups']],[['Political opposition / dissidents / expats']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/11/anonymous-hackers-hack-neo-nazis.html']
285,DDOS in the preceding days of the russian parliament election,"DDoS have in the days preceding parliamentary elections shutdown a large number of media websites. Russia’s most popular bloggingsite, LiveJournal, was hobbled. The cyberattack also simultaneously crippled the websites of leading radio station EkhoMoskvy-owned by state energy monopoly Gazprom-Kommersant newspaper and other topmedia outlets. Russia’s main independent vote monitor, Golos, was another target.",2011-11-08,2011-11-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Media']],,,['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2011-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Russia,"Non-state actor, state-affiliation suggested",,['https://www.bbc.com/news/technology-16032402?print=true'],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.ccdcoe.org/publications/2012proceedings/2_1_Giles_RussiasPublicStanceOnCyberInformationWarfare.pdf', 'https://www.reuters.com/article/us-russia-protests-socialmedia/insight-social-media-makes-anti-putin-protests-snowball-idUSTRE7B60R720111207', 'https://www.bbc.com/news/technology-16032402?print=true']"
286,Q!sRQaTaR-Hacker Alajman vs. Ankara Government,Qatari hacker defaces several websites belonging to the Turkish government.,2011-11-10,2011-11-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Q!sRQaTaR - Hacker Alajman'],['Qatar'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Q!sRQaTaR - Hacker Alajman,Qatar,Individual hacker(s),,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Turkish-Government-Websites-Defaced-by-Qatar-Hacker-226486.shtml']
287,3xp1r3 Cyber Army vs. Supreme Court of Bangladesh,The website of the Supreme Court of Bangladesh is defaced with crude political messages.,2011-11-10,2011-11-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Bangladesh'],"[['ASIA', 'SASIA']]",[['State institutions / political system']],[['Judiciary']],['3xp1r3 Cyber Army'],['Unknown'],['Unknown - not attributed'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,3xp1r3 Cyber Army,Unknown,Unknown - not attributed,,['https://www.thedailystar.net/news-detail-209824'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://thehackernews.com/2011/11/bangladesh-supreme-court-website-hacked.html', 'https://www.thedailystar.net/news-detail-209824']"
288,Anonymous vs. The Muslim Brotherhood,Anonymous Hackers take down the The Muslim Brotherhood websites.,2011-11-11,2011-11-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Unknown'],,[['State institutions / political system']],[['Political parties']],['Anonymous'],"['France', 'Germany', 'Slovakia', 'United States']",['Non-state-group'],['Hacktivist(s)'],2,,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,,,,Anonymous; Anonymous; Anonymous; Anonymous; Anonymous; Anonymous; Anonymous; Anonymous,France; Germany; Slovakia; United States; France; Germany; Slovakia; United States,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/11/operation-brotherhood-shutdown-by.html']
289,Anonymous vs. Israeli Foreign Ministry,"To protest what they call the ""barbaric, brutal and despicable treatment of the Palestinian people,"" hackers from the collective Anonymous have been attacking a number of Israeli Web sites, including Israel’s Foreign Ministry and the municipal Web site for Tel Aviv.The group has also deleted the databases of the Israel Ministry of Foreign Affairs and Bank of Jerusalem, and leaked e-mail addresses and passwords for other sites.",2011-11-17,2011-11-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Military', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.washingtonpost.com/news/worldviews/wp/2012/11/17/anonymous-is-hacking-israeli-web-sites/?noredirect=on&utm_term=.eb177b12241b']
290,TeamP0ison leaks UN login data,"The TeaM p0isoN hacking gang has leaked over one hundred usernames, email addresses and passwords that appear to belong to individuals at the United Nations Development Programme (UNDP), Organisation for Economic Co-operation and Development (OECD), UNICEF, World Health Organisation(WHO) and other groups. The UN states that an old server had been compromised, and that the passwords would be outdated.",2011-11-29,2011-11-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,"['United States', 'France', 'Switzerland']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'WESTEU']]","[['International / supranational organization'], ['International / supranational organization'], ['International / supranational organization']]",,['Team P0ison'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team P0ison,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bbc.com/news/technology-15951883', 'https://nakedsecurity.sophos.com/2011/11/29/united-nations-hacked-email-addresses-and-passwords-leaked/']"
291,Attack on the Syrian MFA,An unknown actor attacked the Syrian MFA via a spear-phishing attack,2011-12-05,2011-12-05,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securelist.com/a-targeted-attack-against-the-syrian-ministry-of-foreign-affairs/34742/']
292,Indishell vs. Dawrn,"Indian hackers deface a big Pakistani news page and leak its database, presumably relating to Kashmeer conflict.",2011-12-08,2011-12-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Indishell'],['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Indishell,India,Non-state-group,Hacktivist(s),[],Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/12/biggest-pakistan-news-site-dawncom.html']
293,Anonymous vs. Coalition of Law Enforcement,Hacktivists leak the database with log-in credentials of the US Coalition of Law Enforcement and Retail in support of Occupy protests.,2011-12-12,2011-12-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['Media']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),['https://www.csoonline.com/article/2221299/lulzlover-hacked-coalition-of-law-enforcement--data-dumped-for-2-400-cops-and-feds.html'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://thehackernews.com/2011/12/coalition-of-law-enforcement-hacked.html', 'https://www.csoonline.com/article/2221299/lulzlover-hacked-coalition-of-law-enforcement--data-dumped-for-2-400-cops-and-feds.html']"
294,Anti-Israel Hack of Guyana,Hacker defaces the website of the President of Guyana and leaves anti-Israel messages.,2011-12-12,2011-12-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Guyana'],,[['State institutions / political system']],[['Government / ministries']],['The Hacker Team'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,The Hacker Team,Unknown,Non-state-group,Hacktivist(s),['https://news.softpedia.com/news/Presidency-of-Guyana-and-Anonymous-Websites-Defaced-by-Tha-Disaster-240003.shtml'],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://thehackernews.com/2011/12/president-of-guyanas-website-defaced-by.html', 'https://news.softpedia.com/news/Presidency-of-Guyana-and-Anonymous-Websites-Defaced-by-Tha-Disaster-240003.shtml']"
295,Anonymous leaks Senate Data,"Right after the National Defense Authorization Act (NDAA) passed through the Senate, hackers who operate under the name Anonymous leaked detailed information on many of the politicians.",2011-12-19,2011-12-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Legislative']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Anonymous-Leaks-Information-on-Senators-who-Passed-NDAA-241675.shtml']
296,Revenge for Bradley Menning,"Anonymous hacks the US American intelligence company Stratfor, leaking personal and creditcard information of its customers and donating over 500$ from said credit cards to charity. Action was supposedly motivated by frustration over treatment of US whistleblower Bradley Manning.",2011-12-24,2011-12-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://venturebeat.com/2011/12/25/anonymous-hackers-steals-data-stratfor-security/', 'https://venturebeat.com/2011/12/27/anonymous-stole-9k-credit-cards-stratfor-hack/', 'https://www.theguardian.com/technology/2011/dec/27/security-stratfor-hackers-credit-cards']"
297,Hack of french MP,"Turkish hackers deface the website of French parliamentarian Valerie Boyer, the author of a bill criminalizing the denial of the Armenian genocide, that had been adopted a couple of days earlier by the French National Assembly.",2011-12-26,2011-12-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Legislative']],['Turkish Hackers'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turkish Hackers,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/12/french-mp-valerie-boyers-website-hacked.html']
298,XDSpy Espionage campaign,New hacking group XDSpy got discovered stealing government secrets in Eastern Europe and the Balkans since 2011,2011-01-01,2020-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Eastern Europe', 'Balkans (region)']",,"[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Military', ''], ['Government / ministries', 'Military', '']]",['XDSpy'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,XDSpy,Unknown,Unknown - not attributed,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.welivesecurity.com/2020/10/02/xdspy-stealing-government-secrets-since-2011/', 'https://www.eset.com/us/about/newsroom/press-releases/eset-researchers-discover-xdspy-an-apt-group-stealing-government-secrets-in-europe-since-2011-2/']"
224,Team P0ison leaks Tony Blairs AdressBook,Pakistani hacker allegedly accessed Tony Blair's e-mail account and leak his addressbook.,2011-06-24,2011-06-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Legislative', 'Political parties', '']]",['Team P0ison'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team P0ison,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2011/06/teamp0ison-leak-former-british-pm-tony.html']
300,Operation Quantum Entanglement/Dragon OK,"The attack group “Dragon OK” (named after an event name in one of their payload executables 6) appears to operate out of the Jiangsu province in China, and is known to target high-tech and manufacturing companies in Japan and Taiwan",2012-01-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,"['Japan', 'Taiwan']","[['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['DragonOk'],['China'],['Unknown - not attributed'],,1,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DragonOk,China,Unknown - not attributed,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf']
301,Molerats aka Gaza Cybergang 2012,"Spear-Phishing campaign by the Group Molerats aka Gaza Cybergang against Israeli, US and UK government. The group has been later attributed to Hamas.",2012-01-01,2012-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'United Kingdom', 'Israel']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Media'], ['State institutions / political system', 'Media'], ['State institutions / political system', 'Media']]","[['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', '']]","['Molerats/Extreme Jackal', 'Gaza Cybergang 1 /Hamas']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,1,2016-01-01; 2016-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Molerats/Extreme Jackal; Gaza Cybergang 1 /Hamas,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,"['https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf', 'https://www.securityweek.com/gaza-cybergang-attacks-attributed-hamas', 'https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html', 'https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://blog.trendmicro.com/trendlabs-security-intelligence/new-xtreme-rat-attacks-on-usisrael-and-other-foreign-governments/', 'https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf', 'https://www.securityweek.com/gaza-cybergang-attacks-attributed-hamas', 'https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html', 'https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion']"
302,SpringDragon aka LotusBlossom,"Since as early as 2012, the maintargets of SpringDragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as well as companies from the telecommunications sector.",2012-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Taiwan', 'Indonesia', 'Philippines', 'Vietnam', 'Thailand']","[['ASIA', 'SCS'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Science']]","[['Government / ministries', 'Legislative', 'Political parties', 'Telecommunications', ''], ['Government / ministries', 'Legislative', 'Political parties', 'Telecommunications', ''], ['Government / ministries', 'Legislative', 'Political parties', 'Telecommunications', ''], ['Government / ministries', 'Legislative', 'Political parties', 'Telecommunications', ''], ['Government / ministries', 'Legislative', 'Political parties', 'Telecommunications', '']]",['Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030,Unknown,"Non-state actor, state-affiliation suggested",,"['https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf', 'https://unit42.paloaltonetworks.com/operation-lotus-blossom/']",Resources,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf', 'https://securelist.com/spring-dragon-updated-activity/79067/', 'https://unit42.paloaltonetworks.com/operation-lotus-blossom/']"
303,Dark Caracal,"Look out and EFF revealed a worldwide cyber-espionage-campaign, allegedly sponsored or conducted by Lebanon.",2012-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by IT-security company; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,,,,,['Dark Carceral'],['Lebanon'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Dark Carceral,Lebanon,"Non-state actor, state-affiliation suggested",,['https://www.vice.com/en_us/article/gyw3n9/lebanese-government-hackers-hit-thousands-of-victims-with-incredibly-simple-campaign'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.vice.com/en_us/article/gyw3n9/lebanese-government-hackers-hit-thousands-of-victims-with-incredibly-simple-campaign']
316,OperationCleaver/CuttingKitten,"Iranian hackers were identified in a report released Tuesday as the source of coordinated attacks against more than 50 targets in 16 countries, many of them corporate and government entities that manage critical energy, transportation and medical services.",2012-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,,"['United States', 'Canada', 'Israel', 'Germany', 'Saudi Arabia', 'Turkey', 'United Arab Emirates', 'United Kingdom', 'France', 'China']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Civil service / administration', 'Military', '', 'Energy', 'Transportation', 'Defence industry', ''], ['Civil service / administration', 'Military', '', 'Energy', 'Transportation', 'Defence industry', ''], ['Civil service / administration', 'Military', '', 'Energy', 'Transportation', 'Defence industry', ''], ['Civil service / administration', 'Military', '', 'Energy', 'Transportation', 'Defence industry', ''], ['Civil service / administration', 'Military', '', 'Energy', 'Transportation', 'Defence industry', ''], ['Civil service / administration', 'Military', '', 'Energy', 'Transportation', 'Defence industry', ''], ['Civil service / administration', 'Military', '', 'Energy', 'Transportation', 'Defence industry', ''], ['Civil service / administration', 'Military', '', 'Energy', 'Transportation', 'Defence industry', ''], ['Civil service / administration', 'Military', '', 'Energy', 'Transportation', 'Defence industry', ''], ['Civil service / administration', 'Military', '', 'Energy', 'Transportation', 'Defence industry', '']]",['Magic Hound/APT35/Cobalt Gypsy'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Magic Hound/APT35/Cobalt Gypsy,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,"['https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf', 'https://www.nytimes.com/2014/12/03/world/middleeast/report-says-cyberattacks-originated-inside-iran.html', 'https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf', 'https://www.nytimes.com/2014/12/03/world/middleeast/report-says-cyberattacks-originated-inside-iran.html', 'https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf']"
305,Operation Slingshot,"Kaspersky revealed an allegedly US-counter terrorism cybercampaign in MENA countries, especially Kenya and Yemen.",2012-01-01,2018-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Kenya', 'Yemen', 'Iraq', 'Middle East (region)', 'Africa']","[['AFRICA', 'SSA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], [], []]","[['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups']]","[['Terrorist'], ['Terrorist'], ['Terrorist'], ['Terrorist'], ['Terrorist']]",['Slingshot'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attacker confirms,,,,Slingshot; Slingshot,Unknown; United States,"Non-state actor, state-affiliation suggested; State",,"['https://www.cyberscoop.com/kaspersky-slingshot-isis-operation-socom-five-eyes/', 'https://securelist.com/apt-slingshot/84312/']",Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.scmagazine.com/home/security-news/apts-cyberespionage/slingshot-apt-campaign-exposed-after-six-years-of-sophisticated-spying/', 'https://www.cyberscoop.com/kaspersky-slingshot-isis-operation-socom-five-eyes/', 'https://securelist.com/apt-slingshot/84312/']"
306,IAEA Hack 2012,"Parastoo (aka Charming Kitten), an Iran-related group, claimed to have compromised computer systems at the International Atomic Energy Agency (IAEA).",2012-01-01,2012-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,[['International Atomic Energy Agency (IAEA; Austria)']],['Austria'],"[['EUROPE', 'EU', 'WESTEU']]",[['International / supranational organization']],,['Parastoo'],"['Iran, Islamic Republic of']",['Non-state-group'],['Hacktivist(s)'],2,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,,,,Parastoo; Parastoo,"Iran, Islamic Republic of; Iran, Islamic Republic of",Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),['https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.thedailybeast.com/did-irans-cyber-army-hack-into-the-iaeas-computers', 'https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf']"
307,Israel Police Hack,A virus struck the Israeli Police department and gathered data for more than a week. Israeli IT company AVNET attributes the attack to Iran as a state-sponsor.,2012-01-01,2012-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Police']],,"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2012-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.timesofisrael.com/how-israel-police-computers-were-hacked-the-inside-story/'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.timesofisrael.com/how-israel-police-computers-were-hacked-the-inside-story/']
308,Operation SoftCell,"In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with Chinese-affiliated threat actors, such as APT 10. This multi-wave attacks focused on obtaining data of specific, high-value targets and resulted in a complete takeover of the network.",2012-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Global (region)'],,[['Critical infrastructure']],[['Telecommunications']],"['APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)']",['China'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested",,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers', 'https://securityaffairs.com/143928/apt/operation-soft-cell-china-telecom-providers.html']"
309,US Recon on Russian Power Grids,"The US - according to former officials - targeted the Russian cybernetwork with reconnaissance operations, later on leading to agressive operations in 2019",2012-01-01,2019-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking without Misuse,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Critical infrastructure']],[['Energy']],['NSA/Equation Group'],['United States'],['State'],,1,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,NSA/Equation Group,United States,State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/87220/cyber-warfare-2/malware-russian-power-grid.html', 'https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html']"
310,NSA vs. System Administrators,"The American NSA hacked the computers of system admins globally, to gain access to the networks they manage.",2012-01-01,2014-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Global (region)'],,"[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]",,['NSA/Equation Group'],['United States'],['State'],,2,2014-01-01; 2014-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://theintercept.com/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/']
311,GCHQ vs. Taliban,"In Afghanistan, according to the 2012 presentation, the British used a blizzard of text messages, phone calls and faxes to “significantly disrupt” Taliban communications, with texts and calls programmed to arrive every minute.",2012-01-01,2012-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,['Afghanistan'],"[['ASIA', 'SASIA']]",[['Social groups']],[['Criminal']],['GCHQ'],['United Kingdom'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,GCHQ; GCHQ,United Kingdom; United Kingdom,State; State,,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.nbcnews.com/news/investigations/snowden-docs-british-spies-used-sex-dirty-tricks-n23091']
312,CSEC vs. Canadian travellers,The Canadian CSEC used airport wifi to spy on canadian travellers,2012-01-01,2012-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['Canada'],"[['NATO', 'NORTHAM']]",[['End user(s) / specially protected groups']],,['CSEC'],['Canada'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,CSEC; CSEC,Canada; Canada,State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881']
313,Operation Muscular,"The NSA and GCHQ managed to access the security parameters of Yahoo and Google, therefore bypassing the encription and getting access to the full data traffic",2012-01-01,2012-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'End user(s) / specially protected groups']]","[['Telecommunications', '']]","['NSA/Equation Group', 'GCHQ']","['United States', 'United Kingdom']","['State', 'State']",,2,2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution; Media-based attribution; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ; NSA/Equation Group; NSA/Equation Group; GCHQ; GCHQ,United States; United Kingdom; United States; United Kingdom; United States; United Kingdom; United States; United Kingdom,State; State; State; State; State; State; State; State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://arstechnica.com/information-technology/2013/10/how-the-nsas-muscular-tapped-googles-and-yahoos-private-networks/']
314,"BlackTech campaign ""PLEAD""",BlackTech attacked Taiwanese government and private actor networks with the goal of the theft of confidential documents,2012-01-01,2017-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Taiwan', 'Japan', 'Hong Kong']","[['ASIA', 'SCS'], ['ASIA', 'SCS', 'NEA'], ['ASIA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', '']]",['Blacktech'],['Unknown'],['Unknown - not attributed'],,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Blacktech,Unknown,Unknown - not attributed,,[],Secession,Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.trendmicro.com/en_us/research/17/f/following-trail-blacktech-cyber-espionage-campaigns.html']
315,Machete vs. Venezuelan Army,"A cyber-espionage group known as ""Machete"" has been observed stealing sensitive files from the Venezuelan military,according to an ESET report published today.",2012-01-01,2019-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Venezuela', 'Ecuador']","[['SOUTHAM'], []]","[['State institutions / political system'], ['State institutions / political system']]","[['Military'], ['Military']]",['Machete'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Machete,Unknown,Unknown - not attributed,,['https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/a-cyber-espionage-group-has-been-stealing-files-from-the-venezuelan-military/', 'https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf']"
322,Volatile Cedar,Volatile Cedar–Analysis of a Global Cyber Espionage Campaign,2012-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Canada', 'United Kingdom', 'Turkey', 'Israel', 'Lebanon']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA']]","[['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]","[['Telecommunications', 'Defence industry', '', ''], ['Telecommunications', 'Defence industry', '', ''], ['Telecommunications', 'Defence industry', '', ''], ['Telecommunications', 'Defence industry', '', ''], ['Telecommunications', 'Defence industry', '', ''], ['Telecommunications', 'Defence industry', '', '']]",['Volatile Ceder'],['Lebanon'],"['Non-state actor, state-affiliation suggested']",,1,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Volatile Ceder,Lebanon,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
317,"PLA vs. SolarWorld, ATI & USW",Chinese-government backed military hackers stole e-mails of German Solar company's executives containting solar panel technological innovations and manufacturing metrics. The same holds true for the companies ATI and USW in the respective year.,2012-01-01,2012-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft,,"['United States', 'Germany']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,,['China'],['State'],,1,2014-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,,China,State,,['https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor']
318,Leak of Israeli CreditCard Data,"Saudi hackers publish creditcard details of about 20000 Israelis, Israeli officials call cyberterrorism",2012-01-01,2012-01-06,"Attack on non-political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['End user(s) / specially protected groups', 'Other']]",,['OxOmar'],['Saudi Arabia'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,OxOmar,Saudi Arabia,Individual hacker(s),,['https://www.huffingtonpost.com/2012/01/06/israel-hack-saudi-arabia-oxomar_n_1188979.html'],System / ideology,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.jpost.com/International/Hackers-post-1000s-of-Israeli-credit-card-numbers', 'https://www.huffingtonpost.com/2012/01/06/israel-hack-saudi-arabia-oxomar_n_1188979.html', 'http://www.nytimes.com/2012/01/07/world/middleeast/cyberattack-exposes-20000-israeli-credit-card-numbers.html']"
319,Wikileaks leaks Stratfor Info,Hacked email from leading private US intelligence agency Stratfor,2012-01-01,2012-02-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Attribution given, type unclear",Media-based attribution,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.rt.com/news/stratfor-syria-secret-wikileaks-989/']
320,Wikileaks leaks US Info,WikiLeaks to release two million ‘humiliating’ hacked Syrian government emails,2012-01-01,2012-07-05,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,['Syria'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['', 'Government / ministries', 'Political parties', '']]",,['Unknown'],['Unknown - not attributed'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/wikileaks-to-release-two-million-humiliating-hacked-syrian-government-emails/']
321,Attack on Indian Navy,"China hackers enter Navy computers, plant bug to extract sensitive data",2012-01-01,2012-06-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Military']],,['China'],['Unknown - not attributed'],,1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,China,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://archive.indianexpress.com/news/china-hackers-enter-navy-computers-plant-bug-to-extract-sensitive-data/968897/']
304,StealthFalcon aka FruityArmor,"Spy-Campaign against dissidents, journalistis and activists, allegedly tied to the United Arab Emirates government.",2012-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,"['United Arab Emirates', 'United Kingdom']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Social groups', 'End user(s) / specially protected groups', 'Media'], ['Social groups', 'End user(s) / specially protected groups', 'Media']]",,['Stealth Falcon/Fruity Armor'],['United Arab Emirates'],"['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Stealth Falcon/Fruity Armor,United Arab Emirates,"Non-state actor, state-affiliation suggested",,[],National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://citizenlab.ca/2016/05/stealth-falcon/']
323,Belgian MFA hacked,"Belgium’s Ministry of Foreign Affairs Hacked, Foreign Policy Data Leaked",2012-01-01,2012-09-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['Belgium'],"[['EUROPE', 'EU', 'NATO', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],['NSA/Equation Group'],['United States'],['State'],,1,2013-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,NSA/Equation Group,United States,State,,[],International power,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Belgium-s-Ministry-of-Foreign-Affairs-Hacked-Foreign-Policy-Data-Leaked-384413.shtml']
324,Op Freedom Palestine Pak CyberPirates,800 Websites Hacked by Pak CyberPyrates for #op Freedom Palestine,2012-01-01,2012-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Unknown']],,['Pak Cyber Pirates'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pak Cyber Pirates,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/800-websites-hacked-by-pak-cyber-pyrates-for-opfreedompalestine/']
325,Bangladesh Cyber Army hack indian webpages,Indian Government and 30 websites hacked by Bangladesh Cyber Army,2012-01-01,2012-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Media']]",,['Bangladesh Cyber Army'],['Bangladesh'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Bangladesh,Non-state-group,Hacktivist(s),[],System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/indian-government-and-and-30-websites-hacked-by-bangladesh-cyber-army/']
326,Espionage Campaign targeting Japan,Espionage campaign targeting Japan,2012-01-01,2012-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Taiwan'],"[['ASIA', 'SCS']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['China'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,China,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,Yes,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/cyber-espionage-campaign-targeting-japan-may-have-ties-to-2012-taiwan-attacks-505607.shtml']
327,Telvent Hack,"A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.",2012-01-01,2012-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft,,['Canada'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)', 'PLA Unit 61398']","['China', 'China']","['State', 'State']",,1,2012-01-01; 2012-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398); PLA Unit 61398",China; China,State; State,,"['https://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/', 'https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/', 'https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html']"
328,Ocean Lotus (vs. China),"Last week, SkyEye, Qihoo 360’s threat intelligence service, released a report entitled OceanLotus. The report describes the working of an APT (Advanced Persistent Threat) group engaged for at least three years in cyber espionage against Chinese targets, including ocean affairs agencies, the departments in charge of China’s territorial waters, research institutes, and aviation, aeronautics, and shipping companies.",2012-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', 'Water', '', '']]",['APT32/Ocean Lotus/Sea Lotus'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus,Unknown,"Non-state actor, state-affiliation suggested",,['https://www.cfr.org/blog/oceanlotus-china-hits-back-its-own-cybersecurity-report'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.cfr.org/blog/oceanlotus-china-hits-back-its-own-cybersecurity-report']
329,Operation Beebus/APT 1,Allegedly a Chinese-state-sponsored group spied on US defense and aerospace  companies.,2012-01-01,2013-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Defence industry', '']]",,['China'],"['Non-state actor, state-affiliation suggested']",,1,2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,"Non-state actor, state-affiliation suggested",,['https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.html'],International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.html']
330,Operation Quantum Entanglement/MoafeeGroup,The attack group “Moafee” (named after their command and control infrastructure) appears to operate out of the Guangdong province in China and is known to target the governments and military organizations of countries with national interests in the South China Sea.,2012-01-01,2000-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,"['Southeast Asia (region)', 'United States']","[[], ['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military'], ['Government / ministries', 'Military']]",['Moafee Group'],['China'],['Unknown - not attributed'],,1,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Moafee Group,China,Unknown - not attributed,,[],Resources,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
331,Ox Omer leaks Saudi Credit Data,An Israeli hacker published details of hundreds of Saudi creditcards online in revenge for acts by Arab hackers.,2012-01-11,2012-01-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['End user(s) / specially protected groups']],,['OxOmer'],['Israel'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,OxOmer,Israel,Individual hacker(s),,['http://www.bbc.com/news/world-middle-east-16526067'],System / ideology,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://english.alarabiya.net/articles/2012/01/11/1', 'http://www.bbc.com/news/world-middle-east-16526067']"
332,Molerats deface Israeli Fire Service,A group of hackers claiming to be from the Gaza Strip succeeded on Thursday night in hacking into the Israeli Fire and Rescue Services' official website's homepage was changed to black with a sneering message from the hackers to the Israeli government.,2012-01-13,2012-01-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],"['Molerats/Extreme Jackal', 'Gaza Cybergang 1 /Hamas']","['Palestine', 'Palestine']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Molerats/Extreme Jackal; Gaza Cybergang 1 /Hamas,Palestine; Palestine,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),"['https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion', 'https://middle-east-online.com/en/cyber-war-gaza-hackers-deface-israel-fire-service-website']",System / ideology,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.ynetnews.com/articles/0,7340,L-4175183,00.html', 'https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion', 'https://middle-east-online.com/en/cyber-war-gaza-hackers-deface-israel-fire-service-website']"
333,Nightmare disrupts Israeli Site,"Saudi hackergroup 'Nightmare', lead by 0xOmar, shortly disrupted the websites of the Tel Aviv Stock Exchange, El Al Airlines and several commercial banks. ",2012-01-16,2012-01-16,"Attack on non-political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['Critical infrastructure', 'Critical infrastructure']]","[['Transportation', 'Finance']]",['Nightmare(OxOmar)'],['Saudi Arabia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Nightmare(OxOmar),Saudi Arabia,Non-state-group,Hacktivist(s),['https://www.telegraph.co.uk/news/worldnews/middleeast/israel/9019204/Hackers-disrupt-Tel-Aviv-Stock-Exchange-and-El-Al.html'],System / ideology,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-israel-hackers/israel-rattled-as-hackers-hit-bourse-banks-el-al-idUSTRE80F0V220120116', 'https://www.telegraph.co.uk/news/worldnews/middleeast/israel/9019204/Hackers-disrupt-Tel-Aviv-Stock-Exchange-and-El-Al.html']"
334,IDF-Team takes down Stock Exchanges,"Israeli hackers brought down the websites of both the Saudi Stock Exchange (Tadawul) and the Abu Dhabi Securities Exchange (ADX) Tuesday, in the latest episode of a continuing cyberwar between hackers in the two countries.",2012-01-17,2012-01-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['United Arab Emirates', 'Saudi Arabia']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['Critical infrastructure'], ['Critical infrastructure']]","[['Finance'], ['Finance']]",['IDF-Team'],['Israel'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,IDF-Team,Israel,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.haaretz.com/1.5166851']
335,Anonymous revenge for Megaupload Shutdown,"Department of Justice, FBI, and Universal Music sites hacked after Megaupload shutdown, Anonymous claims credit",2012-01-20,2012-01-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Civil service / administration', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),['https://www.hackread.com/us-top-government-security-website-hacked-by-anonymous-and-login-details-leaked/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.washingtonpost.com/business/economy/department-of-justice-site-hacked-after-megaupload-shutdown-anonymous-claims-credit/2012/01/20/gIQAl5MNEQ_story.html?utm_term=.a9426cb8a27d', 'https://www.hackread.com/us-top-government-security-website-hacked-by-anonymous-and-login-details-leaked/']"
336,Anonymous takes down Israeli hospital and newspaper websites,Anonymous Palestina shuts down two Israeli hospital websites and one newspaper website.,2012-01-25,2012-01-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['Critical infrastructure', 'Media']]","[['Health', '']]",['Anonymous'],['Palestine'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Palestine,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.haaretz.com/1.5174761', 'http://jerusalemworldnews.com/2012/01/25/palestinian-hackers-jam-israeli-hospital-websites/']"
337,Mofang_ShimRat,"A threatgroup called ""Mofang"" believed to be affiliated with  the Chinese government has been conducting cyberespionage operations against Myanmar and other countries for economic gain, using the malware""ShimRat"".",2012-02-01,2012-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Myanmar', 'United States', 'Germany', 'Canada', 'India', 'Singapore']","[['ASIA', 'SEA'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['NATO', 'NORTHAM'], ['ASIA', 'SASIA', 'SCO'], ['ASIA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', '']]",['Mofang'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Mofang,China,"Non-state actor, state-affiliation suggested",,['https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf'],Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/chinese-attackers-conduct-cyberespionage-economic-gain', 'https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf']"
338,Anonmyous leaks Conversation between FBI and Scotland Yard,"Anonymous hacks into phone call between FBI and Scotland Yard, leaks recordings.",2012-02-03,2012-02-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,"['United States', 'United Kingdom']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system'], ['State institutions / political system']]","[['Police'], ['Police']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/technology/2012/feb/03/anonymous-hacks-call-fbi-scotland-yard']
339,SilentHacker Defaces Bangladeshi Pages,"Indian hacker ""SilentHacker""defaces 30 Bangladeshi government websites.",2012-02-09,2012-02-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking without Misuse,,['Bangladesh'],"[['ASIA', 'SASIA']]",[['State institutions / political system']],[['Government / ministries']],['Silent Hacker'],['India'],['Non-state-group'],['Ethnic actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Silent Hacker,India,Non-state-group,Ethnic actors,[],Territory,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.infosecurity-magazine.com/news/cyberwar-between-india-and-bangladesh-escalates/']
340,Anonymous takedown of CIA website,Anonymous takes down CIA website in large-scale DDos attack.,2012-02-11,2012-02-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),['https://www.rt.com/news/anonymous-cia-interpol-down-702/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.bbc.com/news/world-us-canada-16993488', 'https://www.hackread.com/cia-website-hacked-taken-down-by-anonymous/', 'https://www.rt.com/news/anonymous-cia-interpol-down-702/']"
341,Indishell defaces Bangladeshi government pages,"Indians hacking Group ""Indishell"" deface 38 Bangladeshi government websites, including ministry of the ministries are communications, youth and sports, primary and mass education, Trading Corporation of Bangladesh, leaving remarks on border disputes.",2012-02-11,2012-02-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking without Misuse,,['Bangladesh'],"[['ASIA', 'SASIA']]",[['State institutions / political system']],[['Government / ministries']],['Indishell'],['India'],['Non-state-group'],['Ethnic actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Indishell,India,Non-state-group,Ethnic actors,[],Territory,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2012/02/38-bangladeshi-government-sites-defaced.html']
342,Black Hat Hackers defaces Indian Pages,"Bangaldeshi group Black Hat Hackers hack into roughly 10000 Indian websites, including governmental ones.",2012-02-12,2012-02-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking without Misuse,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['Black Hat Hackers'],['Bangladesh'],['Non-state-group'],['Ethnic actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Black Hat Hackers,Bangladesh,Non-state-group,Ethnic actors,[],Territory,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/over-200-bangladeshi-government-and-private-websites-hacked-by-indishell/', 'https://www.hackread.com/over-20000-indian-websites-hacked-by-bangladeshi-hackers/']"
343,Bangladesh Cyber Army hack indian regional government,"Bangladeshi hackers deface website of Indian local government (and claim to have hacked 20,000 other pages), leave message that calls for end of innocent killings at border.",2012-02-15,2012-02-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking without Misuse,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Bangladesh Cyber Army'],['Bangladesh'],['Non-state-group'],['Ethnic actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Bangladesh,Non-state-group,Ethnic actors,[],Territory,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/indian-kaliabor-sub-division-government-website-hacked-by-bangladesh-cyber-army/', 'https://www.kahawatungu.com/2012/02/15/bangladesh-hackers-engages-indian-hackers-in-major-cyber-warfare/']"
344,rOOtw0rm vs. UNEP,"The hacking group rOOtw0rm hacked and leaked the database of United Nations Environment Programme UNEP, including admin login and usersdata. UNEP's website service was also disrupted.",2012-02-28,2012-02-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['United Nations'],,[['International / supranational organization']],,['rOOtw0rm'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,rOOtw0rm,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/united-nations-environment-programme-database-leaked-by-r00tw0rm/']
345,Anonymous disrupt Interpol,"Anonymous disrupts website of Interpol with DDos attack, after the arrest of 25 alleged hackers.",2012-02-29,2012-02-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Interpol'],,[['International / supranational organization']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/technology/2012/feb/29/interpol-website-cyber-attack']
346,Op Freedom Palestine & Kashmir,OP Palestine and Kashmir,2012-03-01,2012-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Other']]",,['Pak Cyber Pirates'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pak Cyber Pirates,Pakistan,Non-state-group,Hacktivist(s),[],Secession,Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/over-400-indian-websites-hacked-pak-cyber-pyrates-for-opfreedom-palestine-kashmir/']
347,Anonymous takes down Vatikan Pages 2012,Anonymous brings down Vatican website,2012-03-01,2012-03-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Holy See (Vatican City State)'],[['EUROPE']],"[['State institutions / political system', 'Critical infrastructure']]","[['', 'Telecommunications']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/official-vatican-radio-website-hacked-once-again-by-anonymous/']
348,YeiZeta Data Leak,Pentagon and Mexican Presidential Servers Hacked,2012-03-01,2012-03-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,"['United States', 'Mexico']","[['NATO', 'NORTHAM'], []]","[['State institutions / political system', 'Media'], ['State institutions / political system', 'Media']]","[['Government / ministries', ''], ['Government / ministries', '']]",['YeiZeta'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,YeiZeta,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/pentagon-and-mexican-presidential-servers-hacked-by-yei-zeta-and-database-leaked/']
349,Muslim Liberation Army Defacement of Indian pages,Indian websites hacked by MLA,2012-03-01,2012-03-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Critical infrastructure', 'Media', 'Other']]","[['Government / ministries', 'Telecommunications', '', '']]",['Muslim Liberation Army'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Muslim Liberation Army,Unknown,Non-state-group,Hacktivist(s),[],Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/2300-indian-websites-hacked-including-government-and-online-channels-websites-by-muslim-liberation-army-mla/']
350,Guardian on Iranian cyber-attack,BBC fears Iranian cyber-attack over its Persian TV service,2012-03-02,2012-03-02,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2012-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/media/2012/mar/14/bbc-fears-iran-cyber-attack-persian']
351,Cyberwar against Israel for freedom of Palestine,34 Israeli Websites hacked by GaZaHaCkeRTeam,2012-03-21,2012-03-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['GaZaHaCkeRTeam'],['Palestine'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GaZaHaCkeRTeam,Palestine,Non-state-group,Hacktivist(s),[],National power,National power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/34-israeli-websites-hacked-by-gaza-hacker-team/']
352,Pirate Cr3wdoxxes Israeli Parliament,Massive Israeli Government Doxby PirateCr3w,2012-03-25,2012-03-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Government / ministries']]",['PirateCr3w'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,PirateCr3w,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/massive-israeli-government-dox-by-piratecr3w/']
353,Team P0ison Defaces NATO Website,Official NATO Croatia Website defaced,2012-04-01,2012-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Croatia'],"[['EUROPE', 'BALKANS', 'NATO', 'EU']]","[['State institutions / political system', 'International / supranational organization']]","[['Government / ministries', '']]",['Team P0ison'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team P0ison,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/official-nato-croatia-website-defaced-by-teamp0ison/']
354,AlQaedaSec DDOS vs. NYC,DDOS attack on the official site of New York City,2012-04-01,2012-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['Al Qaeda Sec'],['Syria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Al Qaeda Sec,Syria,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/AlQaedaSec-Launch-DDOS-Attack-on-New-York-City-Website-264960.shtml']
355,Anonymous attacks chinese government sited,Anonymous hackers attack Chinese govt websites,2012-04-01,2012-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'Media', 'State institutions / political system']]","[['Government / ministries', '', 'Military']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://tvnewswatch.blogspot.de/2012/04/anonymous-hackers-attack-chinese-govt.html']
356,Team GhostShell hack Uarkansas,Team GhostShell Hacks University of Arkansas Computer Store,2012-04-01,2012-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Science']],,['Team Ghostshell'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team Ghostshell,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Team-GhostShell-Hacks-University-of-Arkansas-Computer-Store-264675.shtml']
357,Anonymous DDOS CIA Part II,(DDOS) attacks against the official site of the Central Intelligence Agency,2012-04-01,2012-04-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Hackers-Launch-DDOS-Attacks-on-CIA-and-DOD-Sites-264665.shtml']
358,The Unknowns hack NASA,The Unknowns' hack NASA,2012-04-20,2012-04-20,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['The Unknowns'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,The Unknowns,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.pri.org/stories/2012-05-04/unknowns-hack-nasa']
359,Wiper,"Wiper was an aggressive piece of malware that targeted machines belonging to the Iranian Oil Ministry and the National Iranian Oil Company in April, sharing some similarities with Stuxnet, Duqu, Gauss and Flame, according to Kaspersky.",2012-04-21,2012-04-30,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Energy']]",['NSA/Equation Group'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,2,2012-01-01; 2012-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,Unknown; United States,"Non-state actor, state-affiliation suggested; State",,['https://securelist.com/what-was-that-wiper-thing-48/34088/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2012/04/24/world/middleeast/iranian-oil-sites-go-offline-amid-cyberattack.html', 'https://www.wired.com/2012/08/wiper-possible-origins/', 'https://securelist.com/what-was-that-wiper-thing-48/34088/']"
360,UgNazi vs. CIA,UG NaziHackers Launch DDOS Attacks on CIA,2012-04-24,2012-04-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]","[['Social groups', 'End user(s) / specially protected groups', 'Media']]",,['UGNazi'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,UGNazi,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/UGNazi-Hackers-Launch-DDOS-Attack-on-CIA-DOJ-Site-to-Protest-CISPA-266033.shtml']
361,Defacement of Taliban Website,Taliban website hacked,2012-04-26,2012-04-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Afghanistan'],"[['ASIA', 'SASIA']]",[['Social groups']],[['Terrorist']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/net-us-afghanistan-taliban-hacking/taliban-website-hacked-as-afghan-cyber-war-heats-up-idUSBRE83Q09I20120427']
362,Mofang_ShimRat Reporter,"A threatgroup called ""Mofang"" believed to be affiliated with the Chinese government has been conducting cyberespionage operations against Myanmar and other countries for economic gain, using the malware""ShimRatReporter"".",2012-05-01,2015-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Myanmar', 'Canada', 'Germany', 'United States', 'Korea, Republic of', 'Singapore']","[['ASIA', 'SEA'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'NEA'], ['ASIA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', '']]",['Mofang'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Mofang,China,"Non-state actor, state-affiliation suggested",,['https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf']
363,Anonymous vs. DOJ,Anonymous Hacks Department of Justice,2012-05-22,2012-05-22,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Judiciary']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],2,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Attacker confirms,,,,Anonymous; Anonymous,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://mashable.com/2012/05/22/anonymous-department-justice/#YTbwFNx45ZqN']
364,Zcompany Hacking Crew hacks government pages,Government & Civilian Websites Hacked by Zcompany Hacking Crew,2012-05-29,2012-05-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Other']]","[['Government / ministries', '']]",['Zcompany Hacking Crew'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zcompany Hacking Crew,Unknown,Non-state-group,Hacktivist(s),[],Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/1846-government-civilian-websites-hacked-by-z-company-hacking-crew/']
365,Bangladeshi Cyber Army Declares War,Bangladeshi Cyber Army Declares War on Myanmar,2012-06-01,2012-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Myanmar'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'International / supranational organization', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '', '']]",['Bangladesh Cyber Army'],['Bangladesh'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Bangladesh,Non-state-group,Hacktivist(s),[],Cyber-specific; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Bangladeshi-Cyber-Army-Declares-War-on-Myanmar-Attacks-Websites-276450.shtml']
366,Danish Car Register Hacked,Hackers have got into the identity register,2012-06-01,2012-06-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['Denmark'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Police']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://politiken.dk/newsinenglish/art5450702/Hackers-have-got-into-the-identity-register']
367,Anonymous vs. ARE,The hacking group Anonymous leaked data from the netfilter server of the United Arab Emirates,2012-06-01,2012-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft,,['United Arab Emirates'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]",,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Anonymous-Hackers-Leak-Data-from-United-Arab-Emirates-Netfilter-Servers-278274.shtml']
368,Project Hell Fire Leak,Massive Leak: Project Hell Fire Hackers Dump 1 Million Accounts from 100 Sites,2012-06-01,2012-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['Team Ghostshell'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team Ghostshell,Unknown,Non-state-group,Hacktivist(s),['https://www.imperva.com/blog/analyzing-the-team-ghostshell-attacks/'],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.csoonline.com/article/2223032/microsoft-subnet/massive-leak--project-hellfire-hackers-dump-1-million-accounts-from-100-sites.html', 'https://www.imperva.com/blog/analyzing-the-team-ghostshell-attacks/']"
369,Myanmar CyberArmy strikes back against Bangladesh,92 Bangladeshi Government Sites Taken Down,2012-06-19,2012-06-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Bangladesh'],"[['ASIA', 'SASIA']]","[['State institutions / political system', 'Media', 'Other']]","[['Government / ministries', '', '']]",['Myanmar Cyber Army'],['Myanmar'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Myanmar Cyber Army,Myanmar,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Myanmar-Hackers-Fight-Back-92-Bangladeshi-Government-Sites-Taken-Down-276714.shtml']
370,Hitcher vs. Knesset,Israeli Government Site Hacked,2012-06-26,2012-06-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Hitcher'],['Pakistan'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Hitcher,Pakistan,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Israeli-Government-Site-Hacked-in-Protest-Against-Mr-Badoo-s-Arrest-277842.shtml']
371,Iran Hack Security Team Hacks Israeli Pages,45 Israeli Websites hacked by Iran Hack SecurityTeam,2012-06-27,2012-06-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Iran Hack Security Team'],"['Iran, Islamic Republic of']",['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Iran Hack Security Team,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),[],System / ideology,Subnational predominance,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/45-israeli-websites-hacked-by-iran-hack-security-team/']
372,Anonymous vs. Tamil Cyber Crime Cell,Tamil Nadu’s Cyber Crime Cell website taken by Anonymous,2012-07-01,2012-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/tamil-nadus-cyber-crime-cell-website-taken-by-anonymous/']
373,Poltergeist h4cker hacks Iranian and Chinese Websites,66 Iranian and Chinese websites hacked by Poltergeist h4cker,2012-07-01,2012-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['Iran, Islamic Republic of', 'China']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['Unknown'], ['Unknown']]",,['Poltergeisth4cker'],['Netherlands'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Poltergeisth4cker,Netherlands,Non-state-group,Hacktivist(s),[],System / ideology,Third-party intervention / third-party affection,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/66-iranian-and-chinese-websites-hacked-by-poltergeisth4cker-from-netherlands/']
374,NullCrew vs. PBS and WHO,"PBS and World Health Organization Hacked, User Details Leaked",2012-07-01,2012-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]","[['International / supranational organization', 'Media']]",,['Null Crew'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Null Crew,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/PBS-and-World-Health-Organization-Allegedly-Hacked-User-Details-Leaked-281123.shtml']
375,Sharp-Cyber-Group vs. Indian Websites,216 Indian Websites hacked by Hcrack2ofSharp-CyberGroup,2012-07-13,2012-07-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Other']]","[['Political parties', '']]",['Sharp-Cyber-Group'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Sharp-Cyber-Group,Pakistan,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/216-indian-websites-hacked-by-hcrack2-of-sharp-cyber-group/']
376,OP Free Assange Part II,"Anonymous Attacks UK Home Office, DWP, Ministry of Justice in Op Free Assange",2012-08-01,2012-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'State institutions / political system']]","[['', 'Government / ministries']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),"['http://www.bbc.com/news/uk-wales-19381444', 'https://www.theguardian.com/technology/2012/aug/21/anonymous-hits-government-websites-julian-assange']",Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://news.softpedia.com/news/Anonymous-Attacks-UK-Home-Office-DWP-Ministry-of-Justice-in-OpFreeAssange-287189.shtml', 'http://www.bbc.com/news/uk-wales-19381444', 'https://www.theguardian.com/technology/2012/aug/21/anonymous-hits-government-websites-julian-assange']"
377,Anonymous vs. Uganda,"Uganda Government Websites Hacked By Anonymous In Defense Of Gay Pride, LGBT Rights",2012-08-01,2012-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Uganda'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
378,SEA vs. Reuters Round I 2012,Disinformation flies in Syria's growing cyberwar: Reuters Twitter Account hacked allegedly by Assad-supporters.,2012-08-03,2012-08-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Media']],,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],System / ideology,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-syria-crisis-hacking/disinformation-flies-in-syrias-growing-cyber-war-idUSBRE8760GI20120807']
379,Saudi Aramco/Shamoon,"Cyberattack on Saudi Firm Saudi Aramco, by the self-proclaimed Hacking Group ""Cutting Sword of Justice"". The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.",2012-08-15,2012-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,"['Saudi Arabia', 'Qatar']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['Critical infrastructure'], ['Critical infrastructure']]","[['Energy'], ['Energy']]",['APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,2,2012-01-01; 2012-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064; APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=281521ea-2d18-4bf9-9e88-8b1dc41cfdb6&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments', 'https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months', 'https://www.wired.com/2012/08/hack-attack-strikes-rasgas/', 'https://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html', 'https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=281521ea-2d18-4bf9-9e88-8b1dc41cfdb6&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments', 'https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/', 'https://www.reuters.com/article/saudi-attack-idUSL5E8N91UE20121209', 'https://arstechnica.com/information-technology/2022/12/effective-fast-and-unrecoverable-wiper-malware-is-popping-up-everywhere/', 'https://cyberscoop.com/pro-iranian-abraham-ax-saudi-israel-moses-staff/', 'https://twitter.com/780thC/status/1618571785276100609', 'https://twitter.com/DarkReading/status/1620558295672012807']"
380,Anonymous defaces Page of Pritish Prime Minister,Hackers Deface website of former British cabinet minister,2012-08-25,2012-08-25,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['United Kingdom'],['Non-state-group'],['Hacktivist(s)'],2,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Attacker confirms,,,,Anonymous; Anonymous,United Kingdom; United Kingdom,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2012/08/hackers-deface-website-of-former.html']
381,HonkerUnion attacks Japan,Chinese cyberattacks hit Japan over islands dispute,2012-09-01,2012-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Japan'],"[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Judiciary']]",['Honker Union'],['China'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Honker Union,China,Non-state-group,Hacktivist(s),[],Territory,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theglobeandmail.com/news/world/chinese-cyber-attacks-hit-japan-over-islands-dispute/article4553048/']
382,BedU33N vs. UN Department of Agriculture,US Department of Agriculture Sites Hacked by BedU33N against Anti-Islamic Movie,2012-09-01,2012-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['BedU33N'],['Bangladesh'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,BedU33N,Bangladesh,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/us-department-of-agriculture-sites-hacked-by-bedu33n-against-anti-islamic-movie/']
383,Phillipines CyberArmy vs. Government of Phillipines,Government of Philippines Hacked by Philippines CyberArmy,2012-09-01,2012-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Philippines Cyber Army'],['Philippines'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Philippines Cyber Army,Philippines,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/government-of-philippines-hacked-by-philippines-cyber-army/']
384,Domainer and Anonymous Leak Data of the South African Police Department,South African Police Database Hacked and Leaked by Domainer & Anonymous,2012-09-01,2012-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['South Africa'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Police']],"['Anonymous', 'Domainer']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; Domainer,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/south-african-police-database-hacked-and-leaked-by-domainer-anonymous/']
385,Sizzling Soulhacks Mexican Regional Governments,Three Mexican Government Websites Hacked by SizzlingSoul Against Anti-Islamic Movie,2012-09-01,2012-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Mexico'],,[['State institutions / political system']],[['Government / ministries']],['Sizzling Soul (Pakistan Cyber Army)'],['Pakistan'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Sizzling Soul (Pakistan Cyber Army),Pakistan,Individual hacker(s),,[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/three-mexican-government-websites-hacked-by-sizzling-soul-against-anti-islamic-movie/']
386,Bangladesh Cyber Army attacks Israeli and Bangladeshi Sites,"25 Israeli and 118 British, Including Government Websites Hacked by Bangladesh Cyber Army",2012-09-01,2012-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"['Israel', 'United Kingdom']","[['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Government / ministries', '', ''], ['Government / ministries', '', '']]",['Bangladesh Cyber Army'],['Bangladesh'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Bangladesh,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/25-israeli-and118-british-websites-hacked-by-bangladesh-cyber-army/']
387,TurkHackTeam vs. UN and UNESCO,UNESCO Cuba and UN Philippine Hacked By SaMuRa! Of TurkHackTeam,2012-09-01,2012-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"['Philippines', 'Cuba']","[['ASIA', 'SCS', 'SEA'], []]","[['International / supranational organization'], ['International / supranational organization']]",,['Turk Hack Team'],['Turkey'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turk Hack Team,Turkey,Individual hacker(s),,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/unesco-cuba-and-un-philippine-hacked-by-samura-of-turk-hack-team/']
388,Godzilla pentrated Database of Pakistan Army,IndianHacker Claims to Leak Database of Pakistan Army and KSE Websites,2012-09-01,2012-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Military']],['Godzilla'],['Pakistan'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Godzilla,Pakistan,Individual hacker(s),,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/indian-hacker-claims-to-leak-database-of-pakistan-army-and-kse-websites/']
389,RedHack leak Data of Turkish Ministry of Culture,Turkish Ministry of Culture & Tourism Website Taken Down by RedHack Hackers,2012-09-01,2012-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['RedHack'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/turkish-ministry-of-culture-tourism-website-taken-down-by-redhack-hackers/']
390,PennState University Hack,"Hackers from China infiltrated the computer systems of Pennsylvania State University‘s College of Engineering, gaining usernames and passwords in what investigators described as a sophisticated cyberattack that lasted more than two years.",2012-09-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Science']],,,['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,Unknown - not attributed,,['https://bits.blogs.nytimes.com/2015/05/15/penn-states-college-of-engineering-hit-by-cyberattack/?mtrref=www.google.com'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://bits.blogs.nytimes.com/2015/05/15/penn-states-college-of-engineering-hit-by-cyberattack/?mtrref=www.google.com']
391,Website of Al-Jazeera hacked,Al-Jazeera websites hacked,2012-09-05,2012-09-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Qatar'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['Media']],,,['Syria'],['Non-state-group'],['Hacktivist(s)'],1,,"Attribution given, type unclear",Media-based attribution,,,,,Syria,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://phys.org/news/2012-09-al-jazeera-websites-hacked.html']
392,Anonymous revenge for Pirate Bay,"Hackers Protest Against Arrest of TPB Co-Founder, 5,000 Documents Leaked",2012-09-11,2012-09-11,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Cambodia'],"[['ASIA', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Hackers-Protest-Against-Arrest-of-TPB-Co-Founder-5-000-Documents-Leaked-291495.shtml']
393,Anonymous vs. NTC Phillipines,ANONYMOUS BRINGS GOVERNMENT SITES OFFLINE IN PHILIPPINES,2012-10-01,2012-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://threatpost.com/anonymous-brings-government-sites-offline-philippines-petition-cybercrime-law-100112/77064/']
394,Kosova Hacker’s Security vs. Us_weather.gov,"US Weather.Gov hacked, Data leaked by Kosova Hacker’s Security",2012-10-01,2012-10-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['Kosova Hacker’s Security'],['United Kingdom'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kosova Hacker’s Security,United Kingdom,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/us-weather-gov-hacked-data-leaked-by-kosova-hackers-security/']
395,CapoO_TunisiAnoO hack vs. Israel,86 Israeli websites hacked by CapoO_TunisiAnoO,2012-10-01,2012-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Unknown']],,['CapoO_TunisiAnoO'],['Tunisia'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,CapoO_TunisiAnoO,Tunisia,Individual hacker(s),,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/86-israeli-websites-hacked-by-capoo_tunisianoo/']
396,BGHH defaces pages,54 Israeli Sites Defaced by Bangladesh Grey Hat Hackers,2012-10-01,2012-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Bangladesh Grey Hat Hackers'],['Bangladesh'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/54-Israeli-Sites-Defaced-by-Bangladesh-Grey-Hat-Hackers-303008.shtml']
397,LolSec leak Nigerian National Assembly Data,"Nigerian National Assembly Hacked, Huge Database Leaked by @LolSec",2012-10-01,2012-10-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Nigeria'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['LolSec'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LolSec,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/nigerian-national-assembly-hacked-huge-database-leaked-by-lolsec/']
398,Mike Mullen Hacked,US Ex-Military Head Mike Mullen Computers Hacked by Unknown hackers,2012-10-01,2012-11-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],,['China'],['State'],,1,2012-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,State,,[],International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/us-ex-military-head-mike-mullen-computers-hacked-by-unknown-hackers/']
399,US Media Outlets hacked by the Chinese,"The networks of the WashingtonPost, NewYork Times, Wall Street Journal and Bloomberg have been attacked by Chinese hackers",2012-10-01,2013-02-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Media']],,,['China'],['State'],,1,2013-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,China,State,,['https://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-of-media-hacked-by-the-chinese.html'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html?mtrref=undefined&gwh=7F43CD54F8B386F686DA4E46DE17163F&gwt=pay', 'https://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-of-media-hacked-by-the-chinese.html']"
400,Op Israel 2012 Bangladeshi Part,Bangladeshi Hackers Deface 20 Israeli Websites in Support for the People of Palestine,2012-11-01,2012-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Unknown']],,['Pakistan Grey Hat Hackers'],['Bangladesh'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pakistan Grey Hat Hackers,Bangladesh,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Resources; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Bangladeshi-Hackers-Deface-20-Israeli-Websites-in-Support-for-the-People-of-Palestine-308272.shtml']
401,Zcompany Hacking Crew hacks government pages in Israel,"Hackers Breach Israeli Vice PM's Twitter, Facebook, YouTube and Blogger Accounts",2012-11-01,2012-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Zcompany Hacking Crew'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Zcompany Hacking Crew,Unknown,Non-state-group,Hacktivist(s),[],Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Hackers-Breach-Israeli-Vice-PM-s-Twitter-Facebook-YouTube-and-Blogger-Accounts-308464.shtml']
402,Muslim Liberation Army vs. Israel,Israel’s Ministry of National Infrastructures Websites Hacked by Muslim Liberation Army,2012-11-01,2012-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Muslim Liberation Army'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Muslim Liberation Army,Unknown,Non-state-group,Hacktivist(s),[],Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/israels-ministry-of-national-infrastructures-webites-hacked-by-muslim-liberation-army/']
403,Yourikan counter attack OP Israel,Pro-Israel Hacker Disrupts Palestinian Hamas Websites,2012-11-01,2012-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Palestine'],"[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Telecommunications']],['Yourikan'],['Israel'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Yourikan,Israel,Individual hacker(s),,[],Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Pro-Israel-Hacker-Disrupts-Palestinian-Hamas-Websites-308821.shtml']
404,Op Syria,Anonymous Leak Confidential Emails from Syrian Ministry of Foreign Affairs for #Op Syria,2012-11-01,2012-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-leak-emails-from-syrian-government/']
405,Anonymous Cyberwar vs. Israel,Anonymous declares 'cyberwar' on Israel,2012-11-12,2012-11-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]","[['Government / ministries', 'Intelligence agencies', '', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.huffingtonpost.com/2012/11/17/anonymous-hacks-israel-all-your-base_n_2150881.html', 'https://edition.cnn.com/2012/11/19/tech/web/cyber-attack-israel-anonymous/index.html', 'https://www.hackread.com/anonymous-destroys-israel-by-hacking-websites-destroying-databases-leaking-emails-passwords-for-opisrael/']"
406,Accidental Syrian Internet Blackout,The NSA accidentally took down the syrian internet in an attempt to infiltrate the syrian telecommunication provider.,2012-11-29,2012-11-29,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Telecommunications']],['NSA/Equation Group'],['United States'],['State'],,2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,United States; United States,State; State,,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/world/2014/aug/13/snowden-nsa-syria-internet-outage-civil-war#maincontent']
407,Pakistan CyberArmy vs. Bangladesh,"Pakistan CyberArmy declares war on Chinese, Bangladeshi sites",2012-12-01,2012-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['China', 'Bangladesh']","[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['ASIA', 'SASIA']]","[['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries']]",['Bangladesh Cyber Army'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Pakistan,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theregister.co.uk/2012/12/10/pakistan_cyber_army_hack_bangladesh_china/']
408,MoroccanGhosts attack South Africa,100 South African Websites hacked by MoroccanGhosts,2012-12-01,2012-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['South Africa'],"[['AFRICA', 'SSA']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]",,['Moroccan Ghosts'],['Morocco'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Moroccan Ghosts,Morocco,Non-state-group,Hacktivist(s),[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/100-south-african-websites-hacked-by-moroccan-ghosts/']
409,BGHH vs. Sri Lanka,22 Sri Lankan Ministry Websites Hacked by Bangladesh Gray Hat Hackers,2012-12-01,2012-12-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Sri Lanka'],"[['ASIA', 'SASIA']]",[['State institutions / political system']],[['Government / ministries']],['Bangladesh Grey Hat Hackers'],['Bangladesh'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/22-srilankan-ministry-websites-hacked-by-bangladesh-gray-hat-hackers/']
410,BGHH vs. Pakistan,"Bangladeshi Hackers Fight Back, Hack Pakistani Government Sites",2012-12-01,2012-12-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Media']]","[['Judiciary', 'Military', 'Government / ministries', '']]",['Bangladesh Grey Hat Hackers'],['Bangladesh'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Bangladeshi-Hackers-Fight-Back-Hack-Pakistani-Government-Sites-313309.shtml']
411,H4ksniper vs. SouthAfrica,Three SA government websites hacked,2012-12-09,2012-12-09,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['South Africa'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['H4ksniper'],['Morocco'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,H4ksniper,Morocco,Non-state-group,Hacktivist(s),[],Subnational predominance,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://mg.co.za/article/2012-12-09-three-government-websites-hacked']
412,OP India,"#Op India: BSNL Server Hacked, Database Leaked by Anonymous India",2012-12-13,2012-12-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['Media']],,['Anonymous'],['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,India,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/op_india-bsnl-server-hacked-database-leaked-by-anonymous-india/']
413,Brazil HackTeam vs. Interpol,Interpol Indonesia Hacked and Defaced by HighTech Brazil HackTeam,2012-12-25,2012-12-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Indonesia'],"[['ASIA', 'SCS', 'SEA']]",[['International / supranational organization']],,['Brazil Hack Team'],['Brazil'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Brazil Hack Team,Brazil,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/interpol-indonesia-hacked-and-defaced-by-hightech-brazil-hackteam/']
414,Guatemala state surveillance,"The Guatemalan government purchased surveillance tools (Pegasus, Circles) in order to monitor political opponents, activists and journalists.",2012-01-01,2015-05-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['Guatemala'],[['CENTAM']],"[['Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Political opposition / dissidents / expats', '', '']]",['General Directoral of Civil Intelligence (DIGICI)'],['Guatemala'],['State'],,2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by third-party; Media-based attribution,,,,General Directoral of Civil Intelligence (DIGICI); General Directoral of Civil Intelligence (DIGICI),Guatemala; Guatemala,State; State,,['https://translate.google.com/translate?sl=auto&tl=de&u=https%3A%2F%2Fnomada.gt%2Fpais%2Fla-corrupcion-no-es-normal%2Fespionaje-ilegal-del-gobierno-aqui-esta-la-investigacion-de-nuestro-diario-parte-i%2F'],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/', 'https://translate.google.com/translate?sl=auto&tl=de&u=https%3A%2F%2Fnomada.gt%2Fpais%2Fla-corrupcion-no-es-normal%2Fespionaje-ilegal-del-gobierno-aqui-esta-la-investigacion-de-nuestro-diario-parte-i%2F']"
415,Moroccan government vs. Human rights organization,"The Moroccan human rights activist Hisham Almiraat accuses the moroccan government of compromising his organization ""Mamfakinch"" after it won the Google-Global Voices Breaking Border award for promoting dialogue and democratic values.",2012-07-01,2012-07-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Morocco'],"[['AFRICA', 'NAF', 'MENA']]",[['Social groups']],[['Advocacy / activists (e.g. human rights organizations)']],,['Morocco'],['State'],,2,2016-01-01; 2016-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker; Attribution by third-party,,,,,Morocco; Morocco,State; State,,['https://www.amnesty.org/en/latest/research/2016/12/how-a-hacking-campaign-helped-shut-down-an-award-winning-news-site/'],System / ideology,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.amnesty.org/en/latest/research/2016/12/how-a-hacking-campaign-helped-shut-down-an-award-winning-news-site/']
416,North Korea espionage campaign,"North Korean state-sponsored hacking group APT37 conducted a perennial espionage campaign on South Korea, Japan, Vietnam and the Middle East.",2012-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Korea, Republic of', 'Japan', 'Vietnam', 'Middle East (region)']","[['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'SEA'], []]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Social groups', 'Media']]","[['Government / ministries', 'Military', 'Transportation', 'Health', 'Telecommunications', 'Finance', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Military', 'Transportation', 'Health', 'Telecommunications', 'Finance', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Military', 'Transportation', 'Health', 'Telecommunications', 'Finance', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Military', 'Transportation', 'Health', 'Telecommunications', 'Finance', 'Defence industry', 'Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', '']]",['APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf'],System / ideology; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf']
417,ShiqiangGroup vs. Taiwan,"Targeted Attack On Taiwanese Government & Tibetan Activists Open, allegedly by the Chinese Shiqianggang.",2013-01-01,2014-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Taiwan', 'China']","[['ASIA', 'SCS'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', '']]",['Shiqiang Group'],['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Shiqiang Group,China,Unknown - not attributed,,"['https://www.nytimes.com/2014/05/23/world/asia/us-case-offers-glimpse-into-chinas-hacker-army.html', 'https://www.fireeye.com/blog/threat-research/2013/04/new-targeted-attack-on-taiwanese-government-tibetan-activists-open-up-a-can-of-worms-graypigeon-hangame-shiqiang-gang.html']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2014/05/23/world/asia/us-case-offers-glimpse-into-chinas-hacker-army.html', 'https://www.fireeye.com/blog/threat-research/2013/04/new-targeted-attack-on-taiwanese-government-tibetan-activists-open-up-a-can-of-worms-graypigeon-hangame-shiqiang-gang.html']"
418,Operation WiltedTulip,Espionage Campaign by the allegedly Iranian APT Copykittens,2013-01-01,2017-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Israel', 'United States', 'Turkey', 'Saudi Arabia', 'Germany', 'Jordan']","[['ASIA', 'MENA', 'MEA'], ['NATO', 'NORTHAM'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', 'Military', 'Defence industry', '', ''], ['Government / ministries', 'Military', 'Defence industry', '', ''], ['Government / ministries', 'Military', 'Defence industry', '', ''], ['Government / ministries', 'Military', 'Defence industry', '', ''], ['Government / ministries', 'Military', 'Defence industry', '', ''], ['Government / ministries', 'Military', 'Defence industry', '', '']]",['CopyKittens/Slayer Kitten/G0052'],"['Iran, Islamic Republic of']",['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,CopyKittens/Slayer Kitten/G0052,"Iran, Islamic Republic of",Unknown - not attributed,,['https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.ibtimes.co.uk/copykittens-iran-linked-cyber-espionage-group-lacks-sophistication-still-successful-1632024', 'https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf']"
419,ThripGroup,"A sophisticated hacking campaign launched from computers in China burrowed deeply into satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, security researchers at Symantec Corp said.",2013-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,"['Southeast Asia (region)', 'United States']","[[], ['NATO', 'NORTHAM']]","[['Critical infrastructure'], ['Critical infrastructure']]","[['Telecommunications'], ['Telecommunications']]",['Thrip'],['China'],['Unknown - not attributed'],,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Thrip,China,Unknown - not attributed,,['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-china-usa-cyber/china-based-campaign-breached-satellite-defense-companies-symantec-idUSKBN1JF2X0', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets']"
420,Operation Iron Tiger Part2/Emissary Panda,"In 2013, Iron Tiger’s targets individuals in US defense-and technology-related fields like a erospace, energy, etc. It’s important to note that research has not shown an explicit, state-sponsored connection but the case shows that attackers don’t need to be connected to a state to engage in politically motivated activities.",2013-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Telecommunications', 'Defence industry', '']]",['Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2015-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177', 'https://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states']",System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.erai.com/CustomUploads/ca/wp/2015_12_wp_operation_iron_tiger.pdf', 'https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177', 'https://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states']"
421,Ajax Security Team aka Rocket Kitten 2013-2014,With the aim of cyber-espionage the at least state-encouraged Iranian hacking group  Ajax Security Team have attacked companies in the U.S. and domestic users of anti-censorship technology.,2013-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Iran, Islamic Republic of']","[['NATO', 'NORTHAM'], ['ASIA', 'MENA', 'MEA']]","[['Critical infrastructure', 'End user(s) / specially protected groups'], ['Critical infrastructure', 'End user(s) / specially protected groups']]","[['Defence industry', ''], ['Defence industry', '']]","['Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130', 'Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2013-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf'],System / ideology; National power; International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf', 'https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf']"
422,Operation SnowMan-->DeputyDog aka APT 17,"Hackers from APT 17, an alleged Chinese state-proxy, according to Proofpoint and Intrusion Truth years later, are using a zero day vulnerability in Microsoft's Internet Explorer webbrowser and targeting US military personnels in an active attack campaign via the US Veterans of Foreign Wars website.",2013-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'End user(s) / specially protected groups']]","[['Military', '']]","['Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\xa0Winnti Umbrella/G0044\xa0']",['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2014-01-01; 2014-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ; Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://intrusiontruth.wordpress.com/2019/07/24/APT 17-is-run-by-the-jinan-bureau-of-the-chinese-ministry-of-state-security/', 'https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-APT -actors-use-fake-game-thrones-leaks-lures']",System / ideology,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html', 'https://intrusiontruth.wordpress.com/2019/07/24/APT 17-is-run-by-the-jinan-bureau-of-the-chinese-ministry-of-state-security/', 'https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-APT -actors-use-fake-game-thrones-leaks-lures']"
423,Operation“Kimsuky”,"The Kimsuky cyberespionage campaign appears to be originated in NorthKorea and hit numerous organizations, eleven of which located in the South Korea and two in China. The attackers infected victims with a malware able to remote controls the PC, loggingkey strokes, stealing HWP documents.",2013-01-01,2013-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Korea, Republic of', 'China']","[['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', 'Government / ministries', '', ''], ['Government / ministries', 'Government / ministries', '', '']]",['Kimsuky/Velvet Chollima/STOLEN PENCIL/Thallium/Black Banshee/G0094'],"[""Korea, Democratic People's Republic of""]",['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Thallium/Black Banshee/G0094,"Korea, Democratic People's Republic of",Unknown - not attributed,,['https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/']
424,APT  41,"FireEye Intelligence released a comprehensive report detailing APT 41, a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in parallel with financially motivated operations.",2013-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,"[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,['https://content.fireeye.com/APT -41/website-APT 41-blog'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://content.fireeye.com/APT-41/website-APT41-blog', 'https://content.fireeye.com/APT -41/website-APT 41-blog']"
425,Attor Spyplatform,"Unknown actors developed an spyplatform that managed to misuse various sites in the Russian language space, to force an targeted espionage campaign",2013-01-01,2019-01-01,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Russia', 'Ukraine', 'Slovakia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Telecommunications', ''], ['Government / ministries', 'Telecommunications', ''], ['Government / ministries', 'Telecommunications', '']]",,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.welivesecurity.com/2019/10/10/eset-discovers-attor-spy-platform/']
426,Finnish MFA Hacked by Turla,Finnish Foreign Ministry hacked by Turla,2013-01-01,2016-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,['Finland'],"[['EUROPE', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],"['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,2,2016-01-01; 2016-01-01,"Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.scmagazine.com/finlands-foreign-ministry-hacked-by-russian-or-chinese-spies/article/528907/', 'https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548']"
427,Anonymous vs. Azerbaijani Government,Anonymous leaked internal data of the Special State Protection Service of Azerbaijan,2013-01-01,2013-01-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Azerbaijan'],"[['ASIA', 'CENTAS']]","[['State institutions / political system', 'State institutions / political system']]","[['Police', 'Intelligence agencies']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.databreaches.net/1-7gb-documents-leaked-from-special-state-protection-service-of-azerbaijan/']
428,Operation Toohash,"Targeted attack campaign against various governments and companies in the Great Chinese Area, reported by German IT Company G data.",2013-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,"[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,,['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf']
429,Guccifer Affair Leak,The Romanian Hacker Guccifer leaked Emails between Colin Powell and MEP Corina Cretu,2013-01-01,2013-01-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,"['United States', 'Romania']","[['NATO', 'NORTHAM'], ['EUROPE', 'BALKANS', 'NATO', 'EU']]","[['State institutions / political system', 'End user(s) / specially protected groups'], ['State institutions / political system', 'End user(s) / specially protected groups']]","[['Legislative', ''], ['Legislative', '']]",['Guccifer'],['Romania'],['Individual hacker(s)'],,2,,"Domestic legal action; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attribution by receiver government / state entity; Attacker confirms,,,,Guccifer; Guccifer,Romania; Romania,Individual hacker(s); Individual hacker(s),,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.nbcnews.com/news/world/guccifer-hacker-who-leaked-bush-paintings-sentenced-jail-n124556']
430,Cobalt Dickens (Mabna Institute),"US Department of Justice accuses Iranian hackers going by the handle ""Cobalt Dickens""(Secure works) of stealing data from universities in the US, Germany and 20 other countries.",2013-01-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft,,"['United States', 'Germany', 'Australia', 'Canada', 'China', 'Denmark', 'Israel', 'Italy', 'Japan', 'United Kingdom']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['OC'], ['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU'], ['ASIA', 'SCS', 'NEA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]",,"['COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute)', 'Islamic Revolutionary Guard Corps (IRGC)']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01; 2018-01-01; 2018-01-01,"Domestic legal action; Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,,,,COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute); Islamic Revolutionary Guard Corps (IRGC); COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute); Islamic Revolutionary Guard Corps (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities', 'https://www.justice.gov/opa/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic-revolutionary']",International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.heise.de/newsticker/meldung/US-Justizministerium-beschuldigt-Iraner-massiver-Hackerangriffe-4003100.html', 'https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities', 'https://www.justice.gov/opa/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic-revolutionary']"
431,OPM Hack,"US Office of Personal Management is hacked twice by Chinese hackers. Personal information of about 21 million US government employees and former applicants is compromised, including fingerprints. The APT  Group DeepPanda has been blamed for it, Fire Eye however, claimed that DeepPanda was not responsible for the OPM Hack, but another Chinese group, later be named as Turbine Panda. Hackers involved have been arrested by the FBI in 2017.",2013-01-01,2015-03-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],"['APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau)', 'MSS/JSSD']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,3,2015-01-01; 2015-01-01; 2015-01-01; 2015-01-01; 2015-01-01; 2015-01-01,"Domestic legal action; Domestic legal action; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Not available; Not available",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Contested attribution; Contested attribution,,,,"APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD; APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD; APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau); MSS/JSSD",China; China; China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","; ; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; ","['https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/', 'https://freebeacon.com/national-security/fbi-alert-reveals-groups-behind-opm-hack/', 'https://www.vox.com/2015/6/19/11563730/fireeye-identifies-chinese-group-behind-federal-hack', 'https://australiancybersecuritymagazine.com.au/new-intelligence-report-from-crowdstrike-turbine-panda/', 'https://securityaffairs.co/wordpress/92649/APT /turbine-panda-aerospace-espionage.html', 'https://edition.cnn.com/2017/08/24/politics/fbi-arrests-chinese-national-in-opm-data-breach/index.html']",International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/', 'https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/', 'https://abcnews.go.com/US/exclusive-25-million-affected-opm-hack-sources/story?id=32332731#:~:text=The%20attack%20on%20OPM%20began%20in%20late%202013%2C,to%20two%20days%20of%20testimony%20on%20Capitol%20Hill.', 'https://freebeacon.com/national-security/fbi-alert-reveals-groups-behind-opm-hack/', 'https://www.vox.com/2015/6/19/11563730/fireeye-identifies-chinese-group-behind-federal-hack', 'https://australiancybersecuritymagazine.com.au/new-intelligence-report-from-crowdstrike-turbine-panda/', 'https://securityaffairs.co/wordpress/92649/APT /turbine-panda-aerospace-espionage.html', 'https://edition.cnn.com/2017/08/24/politics/fbi-arrests-chinese-national-in-opm-data-breach/index.html', 'https://www.theguardian.com/technology/2015/jun/04/us-government-massive-data-breach-employee-records-security-clearances', 'https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/', 'https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/']"
432,APT32/Ocean Lotus Group,"Espionage-Hacks against Vietnamese Dissidents and Journalists, as well as foreign governments.",2013-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"['Vietnam', 'Southeast Asia (region)', 'China']","[['ASIA', 'SCS', 'SEA'], [], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Media']]","[['Government / ministries', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Political opposition / dissidents / expats', ''], ['Government / ministries', 'Political opposition / dissidents / expats', '']]",['APT32/Ocean Lotus/Sea Lotus'],['Vietnam'],"['Non-state actor, state-affiliation suggested']",,2,2014-01-01; 2014-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,APT32/Ocean Lotus/Sea Lotus; APT32/Ocean Lotus/Sea Lotus,Vietnam; Vietnam,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html', 'https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html', 'https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal']"
433,National Inventory of Dams Hack,"U.S. intelligence agencies traced a recent cyber intrusion into a sensitive infrastructure database on vulnerabilities of US Dams to the Chinese government or military cyberwarriors, according to U.S.officials.",2013-01-01,2013-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],,['China'],"['Non-state actor, state-affiliation suggested']",,1,2013-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.washingtontimes.com/news/2013/may/1/sensitive-army-database-us-dams-compromised-chines/', 'https://securityaffairs.co/wordpress/14089/security/us-army-corps-engineers-national-inventory-of-dams-nid-hacked.html']"
434,DOE breach,"US Energy Department was breached, no sensitive data stolen.",2013-01-01,2013-02-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['China'],['State'],,1,2013-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,,China,State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.businessinsider.com/doe-attack-by-chinese-hackers-2013-2?IR=T']
435,Iron Tiger Attack(related to OPMhack),Chinese HackerGroup IronTiger leakes sensitive data from several defence contractors,2013-01-01,2015-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Defence industry']],['Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://threatpost.com/APT -group-gets-selective-about-data-it-steals/114103/'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,Yes,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.forbes.com/sites/lisabrownlee/2015/09/17/chinese-cyber-attacks-on-us-military-interests-confirmed-as-advanced-persistent-and-ongoing/#28d21d12694f%C2%A0', 'https://threatpost.com/APT -group-gets-selective-about-data-it-steals/114103/']"
436,Bangladesh Cyber Army vs. India,"The Bangladesh Cyber Army claims to have defaced over 1,000 Indian websites, including India's biggest telecommunications providers BSNL, as a form of protest against the country’s Border Security Force (BSF).",2013-01-07,2013-01-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Bangladesh Cyber Army'],['Bangladesh'],['Non-state-group'],['Ethnic actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Cyber Army,Bangladesh,Non-state-group,Ethnic actors,[],Subnational predominance; Territory,Subnational predominance,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Bangladesh-Cyber-Army-Attacks-Indian-Sites-in-Memory-of-15-Year-Old-Girl-Video-319234.shtml']
437,RedHack vs. Turkish Council of Higher Education,Turkish hackergroup RedHack gains access to a database of Turkey's Council of Higher Education. They publish data which they claim proves corruption incidents at several Turkish universities.,2013-01-10,2013-01-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['Science']],,['RedHack'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Turkey-s-Council-of-Higher-Education-Hacked-by-RedHack-60-000-Documents-Leaked-319958.shtml']
438,LulzSec Peru vs. Chilean Army,Hackergroup LulzSec Peru hacks the website of the Chilean army.,2013-01-15,2013-01-15,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Chile'],[['SOUTHAM']],[['State institutions / political system']],[['Military']],['LulzSec Peru'],['Peru'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Army-of-Chile-Website-Hacked-by-LulzSec-Peru-321097.shtml']
439,DavyJones vs. Government of SriLanka,"Website of Sri Lankan Minister of Sports hacked,website data published.",2013-01-26,2013-01-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Sri Lanka'],"[['ASIA', 'SASIA']]",[['State institutions / political system']],[['Government / ministries']],['Davy Jones'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Davy Jones,Unknown,Individual hacker(s),,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/sri-lankas-minister-of-sports-website-hacked-data-leaked-by-davy-jones/']
440,Japan MFA leak,Unidentified hackers steal non-confidential data from Japan's Ministry of Foreign Affairs.,2013-01-28,2013-01-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/20-Documents-Stolen-by-Hackers-from-Japan-s-Ministry-of-Foreign-Affairs-327205.shtml']
441,Anonymous vs. Egypt government Part II,Hacker collective Anonymous takes down several Egyptian government websites with DDoS attacks to protest police violence against protesters.,2013-02-03,2013-02-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Egypt'],"[['MENA', 'MEA', 'AFRICA', 'NAF']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.ehackingnews.com/2013/02/opegypt-egyptian-government-websites.html']
442,Anonymous leaks Data of Fed,The hacker collective Anonymous obtains and publishes personal data of 4000 employees of the US central bank 'Federal Reserve Bank'.,2013-02-03,2013-02-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,[['Federal Reserve Bank (United States)']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Finance']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.reuters.com/article/net-us-usa-fed-hackers/fed-says-internal-site-breached-by-hackers-no-critical-functions-affected-idUSBRE91501920130206']
443,Anonymous vs. Mongolian National Police,Anonymous-affiliated hacker defaces website of the Mongolian National Police.,2013-02-16,2013-02-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Mongolia'],"[['ASIA', 'EASIA', 'NEA']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Website-of-Mongolian-National-Police-Hacked-by-Viru-Noir-330201.shtml']
444,Malaysia Deparment of Information attacked by Hacker,Hackers gain access to the Malaysian Department of Information and post a notice on the PM's resignation.,2013-02-18,2013-02-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Malaysia'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Hackers-Publish-PM-Resignation-Notice-on-Malaysian-Government-Website-330327.shtml']
445,Anonymous vs. US State Department,"Anonymous hacks and publishes data from the US State Department's website, defaces the website of George K. Baum & Company, in anti-US offensive.",2013-02-19,2013-02-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.rt.com/usa/anonymous-hacks-state-department-617/']
446,Kuwaiti Hackers vs. Lebanese Parliaments,"Hacking team KuwaitiHackers defaces webpage of the Lebanese parliament, accusing the government of supporting Assad in the Syrian civilwar.",2013-02-23,2013-02-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Lebanon'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Legislative']],['Kuwaiti Hackers'],['Kuwait'],['Non-state-group'],['Ethnic actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kuwaiti Hackers,Kuwait,Non-state-group,Ethnic actors,[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.dailystar.com.lb/News/Local-News/2013/Feb-23/207634-lebanese-parliament-website-hacked.ashx', 'https://www.hackread.com/lebanon-parliament-website-hacked-by-team-kuwaiti-hackers/']"
447,Chinese Attack on DRDO,"Indian Defence Research and Development Organization (DRDO,part of the Ministry of Defense) was hacked.Highly sensitive , strategic data was stolen and collected on a server in China.",2013-03-01,2014-03-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'Science']]","[['Government / ministries', 'Military', '']]",,['China'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,China,Unknown - not attributed,,[],International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.newindianexpress.com/nation/2013/mar/14/chinese-hack-drdo-computers-antony-seeks-report-458371.html', 'https://www.hackread.com/indian-defence-organisation-drdo-servers-hacked-china-among-the-suspects/', 'https://timesofindia.indiatimes.com/india/DRDO-computers-hacked/articleshow/18955837.cms']"
448,phr0zen myst pakistani dataleak,"Hacker publishes databases and login data,after breaching the websites of the Bangladeshi Ministry of Agriculture and the Supreme Court, in protest against violence at demonstrations.",2013-03-06,2013-03-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Bangladesh'],"[['ASIA', 'SASIA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Judiciary']]",['phr0zenmyst'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,phr0zenmyst,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Other,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/bangladeshi-supreme-court-ministry-of-agriculture-websites-breached-user-accounts-leaked-phr0zenmyst/']
449,OP BlackSummer,"With support of Chinese hackers, hackers of the Tunisian CyberArmy and the Al-Qaeda ElectronicArmy steal data from the website of the Pentagon and other US-American government websites.",2013-03-10,2013-03-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],"['Tunisian Cyber Army', 'Al-Qaeda Electronic Army']","['China', 'Tunisia', 'China', 'Tunisia']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,,,,Tunisian Cyber Army; Tunisian Cyber Army; Al-Qaeda Electronic Army; Al-Qaeda Electronic Army,China; Tunisia; China; Tunisia,Non-state-group; Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s),['https://blog.sensecy.com/tag/opblacksummer/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.ehackingnews.com/2013/03/al-qaeda-electronic-army-hack-us-government.html', 'http://www.ehackingnews.com/2013/03/hackers-infect-pentagon-admin-by.html', 'https://blog.sensecy.com/tag/opblacksummer/']"
450,Godzilla vs. Pakistani Government,"After gaining access to an important government server, an Indian hacker shuts down several Pakistani government websites. He later also publishes admin login data for several servers. He accuses Pakistan of supporting and executing terrorism.",2013-03-11,2013-03-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Godzilla'],['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Godzilla,India,Non-state-group,Hacktivist(s),[],System / ideology; International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Indian-Hacker-Causes-Several-Pakistani-Government-Sites-to-Become-Inaccessible-336159.shtml']
451,Anti-NK DDOS,"North Korea has been hit by a massive cyber attack according the declaration of a South Korean government official that also added the government of Seoul is investigating on the event denying every responsibility. Russia’s ITAR-TASS news agency, which has an office in Pyongyang, reported the events on Wednesday night, all web sites of the country went offline until late Thursday afternoon.",2013-03-13,2013-03-14,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,"[""Korea, Democratic People's Republic of""]","[['ASIA', 'NEA']]","[['Critical infrastructure', 'Media']]","[['Telecommunications', '']]",,"['Korea, Republic of', 'United States']",['State'],,1,2013-01-01; 2013-01-01,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,,"Korea, Republic of; United States",State; State,,[],System / ideology; Territory; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://securityaffairs.co/wordpress/13005/security/n-korea-hit-by-large-scale-cyber-attackrepercussions-in-cyberspace.html']
452,Anonymous vs. Iranian Parliament,"Hacker affiliated with Anonymous takes down Iranian websites of parliament, Economic Research Institute and Aerospace Industries Organization.",2013-03-14,2013-03-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Legislative', '', '']]",['Cyper (Anonymous)'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyper (Anonymous),Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/OpIran-Hacktivists-Launch-DDOS-Attacks-Against-Major-Iranian-Sites-337585.shtml']
453,Going Greyhat,German hacker publishes login data of Turkish Ministry of Economy and Central Finance and Contracts Unit's websites to show their vulnerabilities.,2013-03-18,2013-03-18,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['D35m0nd142'],['Germany'],['Non-state-group'],['Private technology companies / hacking for hire groups without state affiliation / research entities'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,D35m0nd142,Germany,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Turkey-s-Ministry-of-Economy-and-Central-Finance-and-Contracts-Unit-Hacked-338107.shtml']
454,Dark Seoul 2013I,"Two South Korean banks and television broadcasters experience disruption after""logicbomb"" is (allegedly) placed by NorthKorea.",2013-03-20,2013-03-20,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]",,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]",['State'],,2,2013-01-01; 2013-01-01,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","State; Non-state actor, state-affiliation suggested",,"['https://www.reuters.com/article/us-sony-cybersecurity-northkorea/for-north-koreas-cyber-army-long-term-target-may-be-telecoms-utility-grids-idUSKBN0JX0JW20141219', 'https://www.wsj.com/articles/SB10001424127887324136204578639540757695644']",System / ideology,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.wired.com/2013/03/logic-bomb-south-korea-attack/', 'https://www.reuters.com/article/us-sony-cybersecurity-northkorea/for-north-koreas-cyber-army-long-term-target-may-be-telecoms-utility-grids-idUSKBN0JX0JW20141219', 'https://www.wsj.com/articles/SB10001424127887324136204578639540757695644', 'https://www.theguardian.com/world/2013/mar/20/south-korea-under-cyber-attack', 'https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/']"
455,Syrian Electronic Army vs. BBCs Twitter,Hackers from 'Syrian Electronic Army' post tweets on BBC account apparently backing Basharal-Assad,2013-03-21,2013-03-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Media']],,['Syrian Electronic Army'],['Syria'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/media/2013/mar/21/bbc-weather-twitter-syrian-regime', 'https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html']"
456,Sector404 vs. Mossad,"The hacktivist group ""Sector404"" has launched a distributed denial-of-service (DDOS) attack against mossad.gov.il, the official website of the Israeli Secret Intelligence Service.",2013-03-23,2013-03-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Intelligence agencies']],['Sector 404'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Sector 404,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Hackers-Take-Down-Official-Mossad-Website-Details-of-30-000-Israeli-Officials-Leaked-339742.shtml']
457,Anonymous and RedHack Leak,"Hackers of Anonymous and RedHack published the personal details of more than 30,000 people, including politicians, government employees, military and police officials.",2013-03-23,2013-03-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military', 'Police']]","['RedHack', 'Anonymous']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,RedHack; Anonymous,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
458,Shutdown of Pakistan Electoral Commission,"Website of Pakistan's Electoral Commission Website is attacked, probably by""Russian and Asianhackers"", and inaccessable.",2013-03-29,2013-03-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Civil service / administration', 'Election infrastructure / related systems']]",['Not available'],"['India', 'Russia', 'Asia (region)']",['Unknown - not attributed'],,3,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Attribution given, type unclear; Attribution given, type unclear; Attribution given, type unclear",Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Media-based attribution; Media-based attribution; Media-based attribution; Contested attribution; Contested attribution; Contested attribution,,,,,India; Russia; Asia (region); India; Russia; Asia (region); India; Russia; Asia (region),Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.hackread.com/massive-cyber-attack-on-election-commission-of-pakistan-servers-by-asian-russian-hackers/', 'https://advox.globalvoices.org/2013/04/01/cyber-attack-on-pakistans-electoral-commission-website/']"
459,Anonymous vs. North Korea,"Hacker collective Anonymous repeatedly hacks into North Korean propaganda websites and online accounts, posts pictures that mock Kim Jong Un.",2013-04-04,2013-04-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"[""Korea, Democratic People's Republic of""]","[['ASIA', 'NEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cnet.com/news/anonymous-again-hacks-into-north-korean-web-sites/', 'https://arstechnica.com/information-technology/2013/04/anonymous-hackers-take-control-of-north-korean-propaganda-sites/']"
460,Anonymous attack on Israel (Holocaust Remebrance Day),"Anonymous attacks Israeli websites, twitter and bank accounts on Holocaust memorial day, to protest its policy towards Palestine. Israeli officials say that not much damage has been done.",2013-04-07,2013-04-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]","[['Government / ministries', '', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Territory; International power,System/ideology; Resources; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theatlantic.com/international/archive/2013/04/anonymous-hits-israel-massive-cyber-attack-israel-attacks-back/316538/']
461,Anonymous vs. Gabon Part II,Hacker collective Anonymous takes down webpages of Gabonese government to protest ritual killings.,2013-04-19,2013-04-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Gabon'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/OpGabon-Gabon-Ministry-of-Justice-Other-Government-Sites-Attacked-by-Anonymous-346887.shtml']
462,AP Twitter Hack SEA,"Hackers of the Syrian Electronic Army prompt a 143-point fall in the Dow Jones industrial average after sending a message from the Twitter feed of the Associated Press, saying the White House had been hit by two explosions and that Barack Obama was injured. The fake tweet, which was immediately corrected by Associated Press employees, caused a sensation on Twitter and in the stock market. Later on, three Members of the SEA have been indicted for the attack by the US.",2013-04-23,2013-04-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Media']],,['Syrian Electronic Army'],['Syria'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2013-01-01; 2013-01-01,"Domestic legal action; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attribution by receiver government / state entity; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0', 'https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html', 'https://www.ap.org/ap-in-the-news/2016/us-indicts-3-it-ties-to-syrian-electronic-army-for-hacking']",System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/syrian-electronic-army-members-face-hacking-charges', 'https://www.washingtonpost.com/news/worldviews/wp/2013/04/23/syrian-hackers-claim-ap-hack-that-tipped-stock-market-by-136-billion-is-it-terrorism/?noredirect=on&utm_term=.b4388c4184ad', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0', 'https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html', 'https://www.ap.org/ap-in-the-news/2016/us-indicts-3-it-ties-to-syrian-electronic-army-for-hacking', 'https://www.theguardian.com/business/2013/apr/23/ap-tweet-hack-wall-street-freefall']"
463,Syrian Electronic Army vs. Guardian,"Syrian Electronic Army hackers capture twitteraccounts of the Guardian ,post pro-Assad messages.",2013-04-30,2013-04-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Media']],,['Syrian Electronic Army'],['Syria'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2013-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0', 'https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html']",System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.independent.co.uk/news/media/press/syrian-electronic-army-hackers-attack-guardian-twitter-accounts-8597629.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0', 'https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html']"
464,Australia Theft of Spy Headquarters,Chinese hackers have stolen the blueprints of a new multi-million-dollar Australian spy headquarters and other confidential information from the Australian Secret Intelligence Service.,2013-05-01,2013-05-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,['Australia'],[['OC']],[['State institutions / political system']],[['Intelligence agencies']],,['China'],['Unknown - not attributed'],,1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-australia-hacking-idUSBRE94R02A20130528?feedType=RSS', 'https://www.theguardian.com/world/2013/may/28/china-asio-australian-spy-hq-hacking-claims']"
465,RedHack vs. Government of Istanbul,"Turkish hackergroup RedHack defaces webpage of the Government of Istanbul, leaves anti-government messages.",2013-05-06,2013-05-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['RedHack'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.ehackingnews.com/2013/05/istanbul-government-website-hacked-by.html']
466,Anonymous attacks Romanias Authority for Qualifications,The website of Romania's National Authority for Qualifications is hacked and user and admin passwords are leaked. The website is later defaced by hackers of the hacker collective Anonymous.,2013-05-11,2013-05-11,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Romania'],"[['EUROPE', 'BALKANS', 'NATO', 'EU']]",[['State institutions / political system']],[['Civil service / administration']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Romania-s-National-Authority-for-Qualifications-Hacked-User-Data-Leaked-352508.shtml']
467,DDOS vs. Phillipines,"Taiwanese hackers launch DDoS attacks and deface Philippino websites, leak government data, in response to the Philippino coast guard opening fire on a Taiwanese vessel.",2013-05-13,2013-05-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],,['Taiwan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Taiwan,Non-state-group,Hacktivist(s),[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Filipino-Government-Sites-Attacked-After-Philippines-Refuses-to-Apologize-to-Taiwan-352522.shtml']
468,Counter DDOS against Taiwan,Phillipino hackers launch DDoS attacks against Taiwanese government websites in response to Taiwanese hacking attacks.,2013-05-13,2013-05-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Taiwan'],"[['ASIA', 'SCS']]",[['State institutions / political system']],[['Government / ministries']],,['Philippines'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Philippines,Unknown - not attributed,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/DDOS-Attacks-Launched-by-Filipino-Hackers-Disrupt-Several-Taiwan-Government-Sites-352676.shtml']
469,Anonymous vs. Phillipine National Telecommunication,"Filipino hackers, affiliated with Anonymous, deface the website of the Philippines National Telecommunications Commission, urging the government to ""defend it s sovereignity against Malaysian airstrikes in Sabah.",2013-05-18,2013-05-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Philippines'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Philippines,Non-state-group,Hacktivist(s),[],National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Philippines-National-Telecommunications-Commission-Defaced-by-Anonymous-Hackers-338062.shtml']
470,Syrian Electronic Army vs. Saudi Arabian Ministry of Defense,Hackers from Syrian Electronic Army known for their hard core support for Syrian President Bashar Ul Assad have claimed to have breached the Saudi Arabian Ministry of Defense Email system and as a result number of secret emails correspondence have been leaked online.,2013-05-19,2013-05-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft & Doxing,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['State institutions / political system']],[['Government / ministries']],['Syrian Electronic Army'],['Syria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),"['https://www.hackread.com/saudi-arabian-defense-ministry-mail-system-breached-secret-emails-leaked-by-syrian-electronic-army/', 'https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/saudi-arabian-defense-ministry-mail-system-breached-secret-emails-leaked-by-syrian-electronic-army/', 'https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
471,Op Saudi,"Saudi branch of Anonymous hacktivist has launched cyberattack on Saudi Government websites, the operation has been named as ""#Op Saudi"".",2013-05-25,2013-05-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Civil service / administration']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.ehackingnews.com/2013/05/opsaudi-anonymous-launched-cyber-attack.html']
472,HpHack vs. Syrian Ministry of Legal Affairs,Saudi hackergroup Hp-Hack defaces website of Syrian Ministry of Legal Affairs in support of anti-government protests.,2013-06-01,2013-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Disruption,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['HpHack'],['Saudi Arabia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,HpHack,Saudi Arabia,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Saudi-Arabian-Hackers-Breach-Syrian-Ministry-of-Legal-Affairs-Website-357738.shtml']
473,Iran vs. USNavy,Iranian hackers enter non-classified navy computer systems.,2013-06-01,2013-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],,"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2013-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.theverge.com/2013/9/27/4778400/us-officials-say-iranian-hackers-compromised-navy-computers'],International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theverge.com/2014/2/18/5421636/us-navy-hack-by-iran-lasted-for-four-months-say-officials', 'https://www.theverge.com/2013/9/27/4778400/us-officials-say-iranian-hackers-compromised-navy-computers']"
474,Op Turkey,Turkish hackers take down two government websites in solidarity with anti-government protests.,2013-06-05,2013-06-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Turk Hack Team'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turk Hack Team,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/turkish-govt-hacked-by-turk-hack-team/']
475,SEA vs. Turkish Government,Hackergroup Syrian Electronic Army downs Turkish government websites and allegedly obtains personal information on PM staffers. Private e-mail addresses are leaked.,2013-06-05,2013-06-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Syrian Electronic Army'],['Syria'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0', 'https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html']",System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://news.softpedia.com/news/Syrian-Electronic-Army-Hacks-Website-of-Turkish-Ministry-of-Interior-358599.shtml', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0', 'https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html']"
476,Anonymous vs. Zimbabwe 2013,"Hacker collective Anonymous Africa attacks Zimbabwean Ministry of Defence, media outlets and South Africa's ANC to protest Robert Mugabe.",2013-06-14,2013-06-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['Zimbabwe', 'South Africa']","[['AFRICA', 'SSA'], ['AFRICA', 'SSA']]","[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Political parties', ''], ['Government / ministries', 'Political parties', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Anonymous-Africa-Attacks-African-National-Congress-Website-361073.shtml']
477,Anonymous vs. Phillipine President,Hacker collective Anonymous Philippines publishes unverified phone numbers of the Philippino President.,2013-06-15,2013-06-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Philippines'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Philippines,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Anonymous-Hacker-Leaks-Philippine-President-s-Phone-Numbers-361189.shtml']
478,Anonymous vs. Swaziland,Hacker collective Anonymous Africa takes down government websites of Swaziland and Zimbabwe for alleged crimes against democracy.,2013-06-24,2013-06-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['Swaziland', 'Zimbabwe']","[['AFRICA', 'SSA'], ['AFRICA', 'SSA']]","[['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Anonymous-Africa-Attacks-Swaziland-Government-Zimbabwe-Ministry-of-Defence-363029.shtml']
479,Dark Seoul 2013 II,"NorthKorea launches DDoS attacks against SouthKorea, hitting the websites of the president’s office, National Intelligence Service, the ruling party's website and local newspapers. Data of over 40000 US troops and two million workers of South Korea's ruling party are leaked.",2013-06-25,2013-06-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Data theft & Doxing; Disruption,,"['Korea, Republic of', 'United States']","[['ASIA', 'SCS', 'NEA'], ['NATO', 'NORTHAM']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Political parties', ''], ['Political parties', '']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)', 'Reconnaissance General Bureau']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['State', 'State']",,3,2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01; 2013-01-01,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Media-based attribution; Media-based attribution; IT-security community attributes attacker; IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","State; State; State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.bbc.com/news/world-asia-23324172(falseflagVersuchdurchAnonymous-Attribution)'],System / ideology; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/', 'https://www.bbc.com/news/world-asia-23324172(falseflagVersuchdurchAnonymous-Attribution)', 'https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/']"
480,Operation Armageddon by GamaredonGroup,"“Operation Armageddon,” active since at least mid-2013, exposes a cyberespionage campaign devised to provide a military advantage to Russian leadership by targeting Ukrainian government, law enforcement, and military officials. The Group has been later dubbed ""Gamaredon"" and seems to be sponsored by or the same as the 16th and 18th center of the FSB.",2013-06-26,2013-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military', 'Police', 'Political parties']]","['Gamaredon Group/Shuckworm/BlueAlpha/ACTINIUM/Primitive Bear/Armageddon/DEV-0157, Group G0047 (FSB, 18th Center, Crimea)', 'Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']","['Russia', 'Russia']","['State', 'State']",,2,2015-01-01; 2015-01-01; 2015-01-01; 2015-01-01,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,,,,"Gamaredon Group/Shuckworm/BlueAlpha/ACTINIUM/Primitive Bear/Armageddon/DEV-0157, Group G0047 (FSB, 18th Center, Crimea); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center); Gamaredon Group/Shuckworm/BlueAlpha/ACTINIUM/Primitive Bear/Armageddon/DEV-0157, Group G0047 (FSB, 18th Center, Crimea); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia; Russia; Russia; Russia,State; State; State; State,,"['https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf', 'https://lookingglasscyber.com/blog/threat-intelligence-insights/operation-armageddon-cyber-espionage-as-a-strategic-component-of-russian-modern-warfare/']",System / ideology; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf', 'https://lookingglasscyber.com/blog/threat-intelligence-insights/operation-armageddon-cyber-espionage-as-a-strategic-component-of-russian-modern-warfare/', 'https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf', 'https://securityaffairs.co/wordpress/129859/apt/armageddon-apt-targets-ukrainian-state-orgs.html', 'https://tarnkappe.info/artikel/hacking/ukraine-warnt-vor-cyber-angriffen-auf-den-telegram-messenger-219440.html', 'https://www.bleepingcomputer.com/news/security/russian-state-hackers-hit-ukraine-with-new-malware-variants/', 'https://blogs.blackberry.com/en/2022/11/gamaredon-leverages-microsoft-office-docs-to-target-ukraine-government']"
481,RedHack vs. Istanbul Part II,"Turkish hackergroup RedHack hacks into the Istanbul Administration website, claims to have erased citizens' utility debts to government.",2013-06-28,2013-06-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Civil service / administration']],['RedHack'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/RedHack-Breaches-Istanbul-Administration-Site-Hackers-Claim-to-Have-Erased-Debts-364000.shtml']
482,SEA vs. Israel,Israeli Defense Forces official Blog Hacked by Syrian Electronic Army,2013-07-01,2013-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Military']],['Syrian Electronic Army'],['Syria'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",System / ideology; Territory; Resources,System/ideology; Territory; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/syrian-electronic-army-hacks-israeli-defense-forces-blog/', 'https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
483,Turkish Ajan attack on US Air Force Culture Center,Turkish hackers deface the webpage of the US Air Force Culture and Language Center and leak personal data of soldiers.,2013-07-02,2013-07-02,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],['Turkish Ajan'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turkish Ajan,Turkey,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/us-air-force-culture-language-hacked-leaked/']
484,RedHack vs. Turkish Directorate of religous affairs,Turkish hackergroup RedHack defaces webpage of the Turkish Directorate of Religious Affairs to protest the government's religion policies.,2013-07-03,2013-07-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['RedHack'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Turkey-s-Ministry-of-Religious-Affairs-Hacked-by-RedHack-365149.shtml']
485,Turkish Hackers Uyghur Support,Turkish hackers deface 33 Chinese government websites to protest the killing of Uyghur Muslims in China.,2013-07-04,2013-07-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],"['Bozkurt', 'De4THBLoW']","['Turkey', 'Turkey']","['Non-state-group', 'Non-state-group']","['Religious actors', 'Religious actors']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Bozkurt; De4THBLoW,Turkey; Turkey,Non-state-group; Non-state-group,Religious actors; Religious actors,[],System / ideology,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/33-chinese-govt-sites-hacked-turkish-hacker/']
486,Anonymous Jordan vs. Egyptian Government,Egyptian government websites are defaced by Anonymous Jordan in solidarity with anti-government protesters.,2013-07-07,2013-07-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Egypt'],"[['MENA', 'MEA', 'AFRICA', 'NAF']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Jordan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Jordan,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/egyptian-ministry-sites-hacked-anonymous-jordan/']
487,H4x0rHuSsy vs. Government of Goan,The Indian government makes Pakistani hackers responsible for the defacement of several regional government websites.,2013-07-10,2013-07-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['H4x0rHuSsy'],['Pakistan'],['Non-state-group'],['Criminal(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,H4x0rHuSsy,Pakistan,Non-state-group,Criminal(s),[],International power,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.zdnet.com/article/india-pins-cyberattacks-on-pakistani-hackers/']
488,Afghan Cyber Army attack on Pakistan,"Afghan hackers deface six Pakistani government websites, leaving messages that accuse Pakistan of having orchestrated a suicide bombing in Kabul.",2013-07-11,2013-07-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Afghan Cyber Army'],['Afghanistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Afghan Cyber Army,Afghanistan,Non-state-group,Hacktivist(s),[],System / ideology; International power,Territory; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/afghan-cyber-army-hacks-pakistani-ministry-sites/']
489,LulzSecPeru vs. Peruvian Government 2013,LulzSec Peru defaces me in Peruvian government portal and dumps personal and login data in response to the NSA scandal.,2013-07-15,2013-07-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Peru'],[['SOUTHAM']],[['State institutions / political system']],[['Civil service / administration']],['LulzSec Peru'],['Peru'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/lulzsecperu-hacks-leaks-portal-nsa/']
490,"SyrianElectronicArmy vs. Truecaller, Tango & Viber","SEA hacked the Swedish site Truecaller, home to the world's largest online telephone directory, with over a billion phone numbers in over 100 countries. SEA claimed this attack also gave it accesscodes to more than a million Facebook, Twitter, LinkedIn, and Gmailaccounts. Other targets of this campaign were the free online calling application Viber as well as the textmessaging service Tango.",2013-07-16,2013-07-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,['Sweden'],"[['EUROPE', 'EU', 'NORTHEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]",,['Syrian Electronic Army'],['Syria'],['Unknown - not attributed'],,2,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,Unknown - not attributed; Non-state-group,; Hacktivist(s),"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
491,Anonymous vs. FEMA,Hacker collective Anonymous hacks into the database of the Federal Emergency Management Agency (FEMA) and allegedly obtains login data of government employees.,2013-07-17,2013-07-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.pri.org/stories/2013-07-17/fema-hacked-anonymous-hacks-us-server-defense-snowden-and-government-transparency']
492,Defacement of Transport Authority,Saudi hackers deface the page of the United Arab Emirate's National Transport Authority and leave a message accusing the ARE and Qatar of cooperating with Iran and the USA.,2013-07-20,2013-07-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United Arab Emirates'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['State institutions / political system']],[['Government / ministries']],,['Saudi Arabia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Saudi Arabia,Non-state-group,Hacktivist(s),[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/national-transport-authority-uae-hacked/']
493,Anonymous vs. Nauru,"Hacker group Anonymous brings down Nauruan government websites and main internet provider in solidarity with a riot at an Australian refugee camp on the island. Government has to be ""shut down"" for over four hours.",2013-07-22,2013-07-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Nauru'],[['OC']],"[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Telecommunications']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/world/2013/jul/22/anonymous-responsibility-nauruan-government-attack']
494,Reuters Hack-Syrian Electronic Army,The Reuters Twitter Account was hacked by the Syrian Electronic Army and broadcasted false tweets for a few hours,2013-07-29,2013-07-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Canada'],"[['NATO', 'NORTHAM']]",[['Media']],,['Syrian Electronic Army'],['Syria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),['https://www.theatlantic.com/technology/archive/2013/07/thomson-reuters-apparently-latest-pro-assad-twitter-hack-victim/312749/'],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theatlantic.com/technology/archive/2013/07/thomson-reuters-apparently-latest-pro-assad-twitter-hack-victim/312749/']
495,SEA vs. White House,"Syrian hackers gain access to three White House E-Mail accounts, send phishing mails to other employees.",2013-07-29,2013-07-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['Syrian Electronic Army'],['Syria'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'http://www.ehackingnews.com/2013/07/whitehouse-email-hacked.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
496,Cyber Jihad in Indonesia,"Bangladeshi hackers deface Indonesian commercial and public webpages, in retaliation against small attacks from Indonesia against Bangladeshi sites.",2013-07-30,2013-07-30,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Indonesia'],"[['ASIA', 'SCS', 'SEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]",['Bangladesh Grey Hat Hackers'],['Bangladesh'],['Non-state-group'],['Religious actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh Grey Hat Hackers,Bangladesh,Non-state-group,Religious actors,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.theregister.co.uk/2013/07/30/cyber_war_erupts_between_indonesia_and_bangladesh/']
497,Making the Dalai Lama a Watering hole,A prominent computer security firm warned that the Dalai Lama’s Chinese-language website has been hacked and is infecting visitors’ computers with viruses in what may to be an effort to spy on human rights activists who frequently visit the site.,2013-08-01,2013-08-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['Social groups']],[['Ethnic']],,['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,['http://www.bbc.com/news/technology-23680686'],System / ideology; Autonomy; Territory; Subnational predominance,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/net-us-tibet-cyberattack/dalai-lamas-china-site-hacked-infects-others-expert-idUSBRE97B0QU20130812?feedType=RSS&feedName=worldNews', 'http://www.bbc.com/news/technology-23680686']"
498,Op Myanmar,Website of Myanmar's president experiences DDoS attack.,2013-08-02,2013-08-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Myanmar'],"[['ASIA', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://news.softpedia.com/news/Official-Website-of-Myanmar-President-s-Office-Disrupted-by-Anonymous-Hackers-372683.shtml', 'https://twitter.com/780thC/status/1621464181152141312', 'https://twitter.com/Cyber_O51NT/status/1621313406367309825']"
499,Afghan Cyber Army attack on Pakistan Part II,Afghan hackers hack the webpage of the Pakistani National Database and Registration Authority in retaliation against airstrikes in Kunar and Jalalabad.,2013-08-03,2013-08-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Civil service / administration']],['Afghan Cyber Army'],['Afghanistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Afghan Cyber Army,Afghanistan,Non-state-group,Hacktivist(s),[],Territory,Territory; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.ehackingnews.com/2013/08/nadra-pk-hacked-by-afghan-hackers.html']
500,Hack of TwitterAccount of AEC,"Twitter account of the Australian Electoral Commission hacked, phishing messages sent.",2013-08-06,2013-08-06,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Australia'],[['OC']],"[['State institutions / political system', 'State institutions / political system']]","[['Civil service / administration', 'Election infrastructure / related systems']]",,['Unknown'],['Non-state-group'],['Criminal(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Unknown,Non-state-group,Criminal(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Twitter-Account-of-Australian-Electoral-Commission-Hacked-373292.shtml']
501,Anonymous vs. Gabon,"All government websites of Gabon are disrupted by hacktivists, as part of an offensive against the government.",2013-08-08,2013-08-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Gabon'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/All-Gabon-Government-Websites-Disrupted-by-Anonymous-374149.shtml']
502,DDOS against Egypt,"Several Egyptian government websites were hit by DDoS attacks, with the attackers showing solidarity with anti-government protesters.
Their targets were the websites of the National Bank of Egypt, the State Information Service, the Ministry of Foreign Affairs, the Supreme Constitutional Court of Egypt, the Ministry of Information, the Cabinet Information and Decision Support Centre and the Egyptian Armed Forces.",2013-07-14,2013-08-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,[['National Bank (Egypt)']],['Egypt'],"[['MENA', 'MEA', 'AFRICA', 'NAF']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Finance']]",,['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Several-Egyptian-Government-Sites-Disrupted-by-Hackers-as-Violence-Continues-375441.shtml']
503,Hacker disrupt AlQaida Forums,Three Al-Qaida forums are disrupted by DDoS attacks from anonymous attackers.,2013-08-16,2013-08-19,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Unknown'],,[['Social groups']],[['Terrorist']],,['Unknown'],['Unknown - not attributed'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Three-Major-Al-Qaida-Forums-Disrupted-by-DDOS-Attack-376443.shtml']
504,Azerbaijan vs. Armenia August,An organization ran by Azerbaijani hackers known as ANTI-ARMENIA.ORG has hacked and defaced high profile Armenian government ministries websites.,2013-08-23,2013-08-23,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Armenia'],"[['ASIA', 'CENTAS', 'CSTO']]",[['State institutions / political system']],[['Government / ministries']],['Anti-Armenia Team'],['Azerbaijan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anti-Armenia Team,Azerbaijan,Non-state-group,Hacktivist(s),['https://www.hackread.com/aateam-hacks-armenian-ministries-websites/'],Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/aateam-hacks-armenian-ministries-websites/']
505,DDOS vs. Pirate Party,Website of the German party Piratenpartei becomes victim of DDoS attack.,2013-08-25,2013-08-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Political parties']],,['Unknown'],['Unknown - not attributed'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-Pirate-Party-of-Germany-Targeted-with-DDOS-Attack-378080.shtml']
506,China-DNS-Attack,The CINIC confirmed that China suffered a DDoS attack over the weekend causing the Internet inaccessibility for hours.,2013-08-25,2013-08-25,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['Critical infrastructure']],[['Telecommunications']],,['Unknown'],['Unknown - not attributed'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securityaffairs.co/wordpress/17327/cyber-crime/chinas-hit-ddos-attack.html']
507,Anonymous Support of Farmen Protest,Hackers deface page of Colombian regional government in support of farmers' protests.,2013-08-26,2013-08-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Colombia'],[['SOUTHAM']],[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Resources,System/ideology; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Colombian-Government-Website-Hacked-in-Support-of-Boyaca-Protests-378237.shtml']
508,Anonymous attack austrian MPS,Hacker group Anonymous Salzburg hacks the websites of four Austrian members of parliament.,2013-08-27,2013-08-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Austria'],"[['EUROPE', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Political parties']],['Anonymous Salzburg'],['Austria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous Salzburg,Austria,Non-state-group,Hacktivist(s),[],System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.vienna.at/anonymous-salzburg-hackte-abgeordneten-websites-verfassungsschutz-ermittelt/3682537']
509,Operation Ghost-->The Dukes aka CozyBear aka APT29 - 2019,ESET discovered an espionage-campaign conducted by APT 29 against European ministries of foreign affairs from 2013 until at least october 2019. This rejects the hither to existing notion of them being in active since their intervention into the US elections 2016.,2013-09-01,2019-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Europe (region)'],,[['State institutions / political system']],[['Government / ministries']],['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)'],['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/']
510,Kimsuky vs. SouthKorea,North Korean hackers are suspected of launching a covert cyber-espionage campaign against the South Korean government in an attempt to steal highly classified intelligence on defence and security.,2013-09-01,2013-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Government / ministries', '']]",['Kimsuky/Velvet Chollima/STOLEN PENCIL/Thallium/Black Banshee/G0094'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Thallium/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,[],System / ideology; Territory; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/technology/2013/sep/11/north-korean-hackers-cyber-espionage']
511,Anonymous attack on Mexican House of representatives,"Anonymous hackers have interrupted service of the Mexican House of Representatives' website and doxed personal data allegedly stolen from the Mexican state-owned petroleum company, in protest of privatization.",2013-09-02,2013-09-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Mexico'],,"[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Legislative', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-Mexico-s-House-of-Representatives-Attacked-by-Anonymous-Hackers-379826.shtml']
512,€Wagn3r leaks data of US Intelligence Officer,"Hacker publishes e-mail correspondence of US Intelligence Colonel, which shows that Syrian chemical weapon attack was staged.",2013-09-03,2013-09-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],['€Wagn3r'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,€Wagn3r,Unknown,Individual hacker(s),,[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/hacked-email-us-chemical-attack/']
513,Anonymous vs. Brazilian Airforce,"Hacker group Anonymous Brazil defaces website of Brazilian air force, calling for protest against the government.",2013-09-03,2013-09-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Brazil'],[['SOUTHAM']],[['State institutions / political system']],[['Military']],['Anonymous'],['Brazil'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Brazil,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Brazilian-Air-Force-Website-Hacked-and-Defaced-by-Anonymous-380015.shtml']
514,Shutdown of TollSystem,"Tollsystem of a tunnel in Haifa is shutdown by TrojanHorse, attackers unidentified.",2013-09-08,2013-10-27,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Transportation']],,['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,Hacktivist(s),['https://www.infosecurity-magazine.com/news/cyber-terrorism-shut-down-israels-carmel-tunnel/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.haaretz.com/expert-haifa-tunnel-hit-by-cyberattack-1.5280642', 'https://www.infosecurity-magazine.com/news/cyber-terrorism-shut-down-israels-carmel-tunnel/']"
515,Anonymous DDOS vs. Cambodia,"Over the past days, hackers of Anonymous Cambodia have launched distributed denial-of-service (DDOS) attacks against several local government websites in protest against the recent elections, which they call unfair.",2013-09-10,2013-09-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Cambodia'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Political parties']]",['Anonymous'],['Cambodia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Cambodia,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Cambodia-Attacks-Government-Websites-Video-382780.shtml']
516,Bangladesh Black HAT Hackers vs. India,"Private Indian websites are hacked, message against Indian border brutality against Bengalis is left.",2013-09-18,2013-09-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]",,['Bangladesh BlackHAT Hackers'],['Bangladesh'],['Non-state-group'],['Ethnic actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bangladesh BlackHAT Hackers,Bangladesh,Non-state-group,Ethnic actors,[],Subnational predominance; Territory,Subnational predominance,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/india-bangladesh-cyber-war-hacked/']
517,Anonymous Cambodia vs. Cambodia Government,"Anonymous Cambodia hacks government websites and publishes state anti-corruption unit data and credit card details to protest against the government. The list of targets includes the Press and Quick Reaction Unit, the Ministry of Foreign Affairs, the Ministry of Economy and Finance, and the National Bank of Cambodia.",2013-09-27,2013-09-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Cambodia'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Finance', '']]",['Anonymous'],['Cambodia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Cambodia,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Cambodia-Continues-Operations-Against-Government-386745.shtml']
518,Free Kashmir Defacement,"Pakistani hackers deface over 20000 Indian websites, leaving messages that call for a free Kashmir.",2013-09-29,2013-09-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]",,"['Dr@cul@', 'Muhammad Bilal']","['Pakistan', 'Pakistan']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Dr@cul@; Muhammad Bilal,Pakistan; Pakistan,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],Secession,Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/pakistani-hackers-hack-20k-indian-sites/']
519,OnionDog,"The HeliosTeam at 360 SkyEyeLabs recently revealed that a hackergroup named OnionDog has been infiltrating and stealing information from the energy, transportation and other infrastructure industries of Korean-language countries through the Internet. According to big data correlation analysis, OnionDog's first activity can be traced back to October, 2013 and in the following two years it was only active between late July and early September.",2013-10-01,2016-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['OnionDog'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OnionDog,Unknown,Unknown - not attributed,,['https://news.softpedia.com/news/korean-energy-and-transportation-targets-attacked-by-oniondog-apt-501534.shtml'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.prnewswire.com/news-releases/onion-dog-a-3-year-old-apt-focused-on-the-energy-and-transportation-industries-in-korean-language-countries-is-exposed-by-360-300232441.html', 'https://news.softpedia.com/news/korean-energy-and-transportation-targets-attacked-by-oniondog-apt-501534.shtml']"
520,LulzSecPeru Data leake age,"Hackinggroup LulzSec Peru gains root access to Venezuelan army computer, leaks confidential documents.",2013-10-09,2013-10-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Venezuela'],[['SOUTHAM']],[['State institutions / political system']],[['Military']],['LulzSec Peru'],['Peru'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Hackers-of-LulzSec-Peru-Leak-Files-Allegedly-Stolen-from-Venezuelan-Army-389574.shtml']
521,Op GoldenDawn,Anonymous hacks Greek Ministry of Foreign Affairs and OSCE.,2013-10-14,2013-10-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,"['Greece', 'Organization for Security and Cooperation in Europe']","[['EUROPE', 'NATO', 'EU', 'BALKANS'], []]","[['State institutions / political system', 'International / supranational organization'], ['State institutions / political system', 'International / supranational organization']]","[['Government / ministries', ''], ['Government / ministries', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Leaks-3-700-Documents-Stolen-From-Greek-Government-and-OSCE-390752.shtml']
522,RedHack attack on Turkish Enterprises Website,"Hackergroup Red Hack defaced the Union of Public Turkish Enterprises' website, in protest against the Turkish government and police violence.",2013-10-15,2013-10-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['RedHack'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Union-of-Turkish-Public-Enterprises-Hacked-by-RedHack-391160.shtml']
523,Anonymus attack on various Venezuelean Government Pages,"Anonymous Venezuela hacks and defaces websites of police, military and leaves anti-government remarks.",2013-10-16,2013-10-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Venezuela'],[['SOUTHAM']],"[['State institutions / political system', 'State institutions / political system']]","[['Military', 'Police']]",['Anonymous'],['Venezuela'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Venezuela,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-defaces-venezuela-army-sites/']
524,Pak Mad Hunters deface Pakistani government Data,"Hackergroup PakMad Hunters defaces 18 Pakistani government websites to ""send a  message""to the government.",2013-10-19,2013-10-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Pak Mad Hunters'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pak Mad Hunters,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/18-Pakistani-Government-Sites-Taken-Offline-After-Being-Hacked-392680.shtml']
525,Over-X vs. Algerian ministry of housing,"Algerian hacker Over-X hacks and defaces Algerian ministry of housing and urban planning over corruption and lack of housing, jobs.",2013-10-21,2013-10-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Algeria'],"[['AFRICA', 'NAF', 'MENA']]",[['State institutions / political system']],[['Government / ministries']],['Over-X'],['Algeria'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Over-X,Algeria,Individual hacker(s),,[],System / ideology,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-Algeria-s-Ministry-of-Housing-and-Urban-Development-Hacked-392910.shtml']
526,Dbuzz attacking Blog of US Embassy,Indonesian hacker hacks website of the US State Department.,2013-10-22,2013-10-22,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['Dbuzz'],['Indonesia'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Dbuzz,Indonesia,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/dbuzz-hacks-us-embassy-website-blog/']
527,TuNoVaTo attack on Paraguay National Police,"HackeTuNoVaTo defaces the website of Paraguay's National police, leaving revolutionary, anti-government remarks.",2013-10-22,2013-10-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Paraguay'],[['SOUTHAM']],[['State institutions / political system']],[['Police']],['TuNoVaTo'],['Paraguay'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,TuNoVaTo,Paraguay,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-Paraguay-s-National-Police-Hacked-and-Defaced-393322.shtml']
528,Anonymous vs. Ukrainian Ministry of Foreign Affaris,Hacker collective leaks sensible data from the Ukranian Ministry of Foreign Affairs.,2013-10-23,2013-10-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Anonymous-Hacks-Ukraine-s-Ministry-of-Foreign-Affairs-Documents-Leaked-393521.shtml']
529,Team HackingArgentino defaces Website of Argentinian Opposition Leader,"Hacktivists of Team HackingArgentino have breached and defaced the official website of Sergio Massa, the leader of the opposition in Argentina, leaving a message that he should keep his promises.",2013-10-27,2013-10-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Argentina'],[['SOUTHAM']],"[['State institutions / political system', 'Social groups']]","[['Political parties', 'Political opposition / dissidents / expats']]",['Team Hacking Argentino'],['Argentina'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team Hacking Argentino,Argentina,Non-state-group,Hacktivist(s),[],System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-Argentinian-Opposition-Leader-Sergio-Massa-Hacked-394772.shtml']
530,Syrian Electronic Army vs. Obama Campaign,"The Syrian ElectronicArmy announced that it had compromised the emailaccounts of several staffmembers of Organizing For Action (OFA), a non-profit organization that also maintains the US President’s website. They also compromised the URL shortening service account that the President used to share links through socialmedia and redirected users to a videocalled “Syria Facing Terrorism”.",2013-10-27,2013-10-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft & Doxing; Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['Syrian Electronic Army'],['Syria'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2013-01-01; 2013-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],System / ideology; International power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
531,Anonymous vs. Honduras 2013,"The official website of the Ministry of Industry and Trade in Honduras (sic.gob.hn) has been hacked by Anonymous hacktivists, who left anti-government statements.",2013-10-28,2013-10-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Honduras'],[['CENTAM']],[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-Honduras-Ministry-of-Industry-and-Trade-Hacked-394713.shtml']
532,MoroccanGhosts vs. Nigerian Ministry of Defense,Hackers of the MoroccanGhosts collective have breached and defaced the official website of Nigeria’s Ministry of Defense (mod.gov.ng). The attack seems to be related to a territorial dispute over Western Sahara.,2013-11-01,2013-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Nigeria'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Moroccan Ghosts'],['Morocco'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Moroccan Ghosts,Morocco,Non-state-group,Hacktivist(s),[],National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Nigeria-s-Ministry-of-Defense-Hacked-by-Moroccan-Ghosts-396205.shtml']
533,Blue Termite APT,"In October 2014, Kaspersky Lab began investigating the APT ""Blue Termite"", which mainly targets Japan. It has been active since at least November 2013 and has targeted hundreds of organisations, from government agencies to banks.",2013-11-01,2015-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Japan'],"[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Critical infrastructure', 'Media', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Energy', '', 'Transportation', 'Health', 'Chemicals', 'Telecommunications', 'Food', 'Finance']]",['Blue Termite/Cloudy Omega'],['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Blue Termite/Cloudy Omega,China,Unknown - not attributed,,['https://securelist.com/new-activity-of-the-blue-termite-APT /71876/'],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.securityweek.com/blue-termite-APT-targets-japanese-organizations', 'https://securelist.com/new-activity-of-the-blue-termite-APT /71876/']"
534,Bitten by Rats,Pakistan Government Officials Targeted with RATs in Cyber-Espionage Campaign,2013-11-01,2016-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/pakistan-government-officials-targeted-with-rats-in-cyber-espionage-campaign-509529.shtml']
535,Anonymous Ukraine vs. Estonia,The official website of Estonia’s Ministry of Defense (kaitseministeerium.ee) has been disrupted by hackers of Anonymous Ukraine in support of Ukrainian independence.,2013-11-01,2013-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Estonia'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Ukraine'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Ukraine,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Ukraine-Disrupts-Website-of-Estonia-s-Ministry-of-Defense-396183.shtml']
536,RBG Homs and Silent Injector vs. Syrian government,"A group of hackers allegedly based in Syria have breached and defaced three Syrian government websites and a few hundred commercial websites. On the defaced pages, the hackers posted a Syrian flag, a video that depicts violence in Syria, and an anti-government message.",2013-11-01,2013-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Syria'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]","['RBG Homs', 'Silent Injector']","['Syria', 'Syria']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2013-01-01; 2013-01-01,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,RBG Homs; Silent Injector,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Three-Government-Websites-from-Syria-Hacked-and-Defaced-396126.shtml']
537,Anonymous vs. Cambodia,"The official website of the Cambodia Tribunal, or the Extraordinary Chambers in the Courts of Cambodia (ECCC.gov.kh), has been disrupted by hackers of Anonymous Cambodia. The hackers say they’ve targeted the ECCC because it has tried to silence victims of crimes against humanity.",2013-11-02,2013-11-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Cambodia'],"[['ASIA', 'SEA']]",[['State institutions / political system']],[['Judiciary']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; National power; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Cambodia-Tribunal-Website-Disrupted-by-Anonymous-Hackers-396496.shtml']
538,Anonymous Defaces Phillipine Pages,"A group of hackers claiming ties with international activist group Anonymous defaced Philippine government websites on Sunday, calling for support for a planned anti-corruption protest in congress this week.",2013-11-03,2013-11-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://uk.reuters.com/article/uk-philippines-hacking/hackers-deface-philippine-websites-back-anti-corruption-protest-idUKBRE9A204P20131103']
539,OP Syria,"Anonymous hackers have leaked several files allegedly taken from the systems of the Syrian Customs, as part of Op Syria.",2013-11-04,2013-11-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Hackers-Leak-Data-Stolen-from-Syrian-Customs-Website-396729.shtml']
540,Fake NATO Defacement,"Four Ukranian government websites are defaced, showing a message that they were hacked by the NATO's CCDCOE, while the NATO denies having executed the attack.",2013-11-04,2013-11-04,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['Ukraine'],"[['EUROPE', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Legislative']]",,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Ukrainian-Government-Websites-Apparently-Hacked-by-NATO-396784.shtml']
541,Anonymous vs. NATO CCDC,Anonymous Ukraine has disrupted the official website of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). The hackers kept the website offline for close to two hours in response to NATO hacking a number of Ukrainian government websites.,2013-11-07,2013-11-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['NATO (region)'],,[['International / supranational organization']],,['Anonymous Ukraine'],['Ukraine'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous Ukraine,Ukraine,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Ukraine-Launches-DDOS-Attack-on-NATO-s-CCDCOE-Website-398063.shtml']
542,BMPoC vs. Brazilian Military,"Hacker group BMPoC hacks and defaces 21 sub-domains of the Brazilian military, leaving anti-government statements.",2013-11-10,2013-11-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Brazil'],[['SOUTHAM']],[['State institutions / political system']],[['Military']],['BMPoC'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,BMPoC,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/bmpoc-hacks-brazilian-military-domains/']
543,Op Killing Bay,"Anonymous continues  Op KillingBay, the campaign launched by hacktivists in protest against the Japanese government, particularly against the killing of dolphins in the town of Taiji. They disrupted service of government websites with DDoS attacks and published information on the alleged government program""DevoX"", in which dolphin meat is exported as tuna.",2013-11-15,2013-11-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/OpKillingBay-Hackers-Expose-Details-of-Japanese-Tuna-Exports-Program-400499.shtml']
544,LulzSec Peru vs. President of Peru,"Hackers of LulzSecPeru have breached and defaced the official website of Peru’s President, being unhappy about how Peru is governed.",2013-11-17,2013-11-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Peru'],[['SOUTHAM']],[['State institutions / political system']],[['Government / ministries']],['LulzSec Peru'],['Peru'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-Peru-s-President-Hacked-and-Defaced-by-LulzSec-Peru-401074.shtml']
545,Op GreenRights,"Anonymous hackers have launched distributed denial-of-service (DDOS) attacks against a number of Russian website in protest against the arrests of 30 Greenpeace activists, known as the Arctic 30. The attacks are part of Op GreenRights.",2013-11-18,2013-11-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Civil service / administration', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Attacks-Russian-Websites-for-the-Arrests-of-Greenpeace-Activists-Video-401262.shtml']
546,LulzSecPeru vs. Peruvian Police Force,"Peruvian hackergroup LuzSec hacks and defaces Peruvion policeforces 'webseite, accusing law enforcement authorities of being corrupt and inefficient and condemning police officials for taking money without “the slightest sense of shame.”",2013-11-19,2013-11-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Peru'],[['SOUTHAM']],[['State institutions / political system']],[['Police']],['LulzSec Peru'],['Peru'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-Peru-s-National-Police-Hacked-by-LulzSec-Peru-401451.shtml']
547,Code-Newbie Defacement of Chinese Agriculture Pages,A group of Indonesian and Malaysian hacker going with the handle of Code-Newbie has hacked and defaced 44 Chinese government sub-domains belonging to Fifth Agriculture Division of the country.,2013-11-21,2013-11-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Code-Newbie'],"['Indonesia', 'Malaysia']",['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Code-Newbie; Code-Newbie,Indonesia; Malaysia,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/code-newbie-hacks-44-chinese-govt-sites/']
548,Pakistan Hax or Crew vs. India Armed Force,The official website o f India‘s Armed Forces Tribunal (Regional Bench Jaipur) has been hacked and defaced by a Pakistani hacker going with the handle of Hunter from Pakistani Haxors Crew.,2013-11-22,2013-11-22,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Military']],['Pakistan Haxor Crew'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pakistan Haxor Crew,Pakistan,Non-state-group,Hacktivist(s),[],Cyber-specific,Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/indias-armed-forces-tribunal-website-hacked/']
549,Wifi of EP copied,"The European Parliament has shut down ist public Wi-Fi network in Strasbourg after a hacker was found to have ""captured the communication"" between smartphones and tablets.",2013-11-28,2013-11-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,['EU (region)'],[['EU']],[['International / supranational organization']],,,['Unknown'],['Individual hacker(s)'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Individual hacker(s),,['https://www.spiegel.de/netzwelt/netzpolitik/sicherheitsluecke-im-europaparlament-e-mails-von-abgeordneten-gehackt-a-934947.html'],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/european-parliaments-network-hacked-public-wi-fi-shutdown/', 'https://www.spiegel.de/netzwelt/netzpolitik/sicherheitsluecke-im-europaparlament-e-mails-von-abgeordneten-gehackt-a-934947.html']"
550,Hack Argentino team vs. Venezuela Government,"A hacker with twitter handle ""Libero america Mu"" from HackArgentinoteam, has gained access to multiple Venezuela Government websites and defaced them, leaving anti-government slogans.",2013-11-30,2013-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Venezuela'],[['SOUTHAM']],[['State institutions / political system']],[['Government / ministries']],['Hack Argentino Team'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Hack Argentino Team,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.ehackingnews.com/2013/12/venezuela-government-site-hacked-anonymous.html']
551,Moroccan Islamic Union-Mail vs. Embassy of Angola,The online hacktivist group ‘Moroccan Islamic Union-Mail’(MIUM) have hacked and defaced the official website of Republic of Angola Embassy in Abu Dhabi–U.A.E against alleged decision from the government of Angola to ban religion of Islam and shutdown all the mosques in the country.,2013-12-01,2013-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Angola'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],,['Moroccan Islamic Union-Mail'],['Morocco'],['Non-state-group'],['Religious actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Moroccan Islamic Union-Mail,Morocco,Non-state-group,Religious actors,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/opangola-angolan-embassy-hacked-by-mium/']
552,Anonymous vs. Angola,"Over the past couple of days, hacktivists have been launching distribute denial-of-service attacks against all Angola government websites, coinciding with nation-wide anti-government protests.",2013-12-01,2013-12-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Angola'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Hackers-Take-Down-Angola-Government-Websites-Amid-Protests-406000.shtml']
553,DRDO attacked by unknown forces,"In a major security breach, around 50 computers belonging to the armed forces and the DRDO were hacked sometime back and classified files could have been compromised. Readmoreat: //economictimes.indiatimes.com/articleshow/31550861.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst",2013-12-01,2013-12-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://economictimes.indiatimes.com/tech/internet/computers-of-armed-forces-and-drdo-hacked/articleshow/31550861.cms']
554,Anonymous vs. Ukrainian Government - Kiev Protest,Hackers of Anonymous Disrupt Ukrainian Government Websites During Kiev Protests,2013-12-02,2013-12-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Hackers-Disrupt-Ukrainian-Government-Websites-During-Kiev-Protests-405132.shtml']
555,Anonymous vs. Honduras 2013 Part II,Several high-profile websites from Honduras have been breached and defaced by Anonymous hackers in protest against the alleged election fraud that took place during the November 24 presidential vote.,2013-12-03,2013-12-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Honduras'],[['CENTAM']],"[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Police', 'Political parties', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Honduras-Protests-Against-Election-Fraud-by-Hacking-Government-Sites-405379.shtml']
556,MoroccanGhosts vs. Nigerian Ministry of Finance,"Hackers of the MoroccanGhosts group have breached and defaced the official website of the Federal Ministry of Finance in Nigeria, leaving messages that ""the Sahara is Moroccan"":",2013-12-14,2013-12-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Nigeria'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Moroccan Ghosts'],['Morocco'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Moroccan Ghosts,Morocco,Non-state-group,Hacktivist(s),[],National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Moroccan-Hackers-Deface-Site-of-Nigeria-s-Federal-Ministry-of-Finance-409243.shtml']
557,Islamic Cyber Resistance Group attack concerning assasination,A hacker collective calling itself the Islamic Cyber Resistance Group has leaked information on Israeli and Saudi military officials in response to the assassination of Hezbollah commander Hassan Lakkisin Beirut.,2013-12-16,2013-12-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,"['Israel', 'Saudi Arabia']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system'], ['State institutions / political system']]","[['Military'], ['Military']]",['Islamic Cyber Resistance Group'],['Unknown'],['Non-state-group'],['Religious actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Islamic Cyber Resistance Group,Unknown,Non-state-group,Religious actors,[],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Hackers-Avenge-Death-of-Hezbollah-Commander-by-Leaking-Al-Qaeda-Files-409520.shtml']
558,Anonymous vs. Cambodia DDOS,Hackers of Anonymous Cambodia have launched distributed denial-of-service (DDOS) attacks against over two dozen government and government-related websites.,2013-12-23,2013-12-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Cambodia'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Police']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power; Cyber-specific,System/ideology; National power; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Attacks-Cambodian-Government-Sites-During-Massive-Street-Protests-411788.shtml']
559,LulzSec Peru Leak of Peruvian Data,"Hacktivists of the LulzSec Peru group published various files, including documents, emails and screenshots, many of the which appear to be classified, to prove the government's vulnerability to cyberattacks.",2013-12-27,2013-12-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Peru'],[['SOUTHAM']],[['State institutions / political system']],[['Government / ministries']],['LulzSec Peru'],['Peru'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LulzSec Peru,Peru,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Hackers-of-LulzSec-Peru-Leak-Data-from-Peru-s-Ministry-of-Interior-412052.shtml']
560,Moroccan Islamic Union-Mail vs. South African Department of Health,"The official website of South Africa’s Department of Health (doh.gov.za) has been breached and its homepage defaced by hackers of a group called Moroccan Islamic Union-Mail, who left a message accusing South Africa of supporting the Polisario Front and stating that""the Sahara is Moroccan"".",2013-12-27,2013-12-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['South Africa'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Moroccan Islamic Union-Mail'],['Morocco'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Moroccan Islamic Union-Mail,Morocco,Non-state-group,Hacktivist(s),[],National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Moroccan-Hackers-Deface-Website-of-South-Africa-s-Department-of-Health-412121.shtml']
561,OP Bangladesh,"Hackers of Anonymous have launched distributed denial-of-service (DDOS) attacks against the websites of the Prime Minister’s Office (pmo.gov.bd), the Election Commission Bangladesh (ecs.gov.bd), and the country’s government portal (Bangladesh.gov.bd) in ""Op Bangladesh"".",2013-12-30,2013-12-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Bangladesh'],"[['ASIA', 'SASIA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Hackers-Target-Website-of-Prime-Minister-in-Operation-Bangladesh-412749.shtml']
562,BITTER vs. Pakistan,BITTER is a hacking campaign against pakistani nationals.,2013-01-01,2016-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Social groups']]","[['Government / ministries', 'Ethnic']]",['BITTER'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,BITTER,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.forcepoint.com/blog/x-labs/bitter-targeted-attack-against-pakistan']
563,Android spyware tools used by undefined Chinese APT against Uyghurs and Tibetans since at least 2015,"Four new Android spyware tools (SilkBean, DoubleAgent, CarbonSteal and GoldenEagle) have been used in a widespread APT campaign to spy on the Uyghurs, Tibetans and possibly wider Muslim communities since at least 2015, according to IT-company Lookout. ",2015-01-01,2020-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['Social groups']],[['Ethnic']],['Unknown'],['China'],['State'],,1,2020-06-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Lookout,,United States,Unknown,China,State,,['https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf'],System / ideology; International power,System/ideology; Subnational predominance; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://threatpost.com/four-android-spyware-tools-surveillance-campaign/157063/', 'https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf']"
564,Desert Falcons MEA Campaigns,"The Arab hacking group ""Desert Falcons"" compromised the network systems of a variety of victims, especially in the Middle East. In 2018, the group was attributed to the terrorist group ""Hamas"".",2013-01-01,2015-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Egypt', 'Palestine', 'Israel', 'Jordan']","[['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Military', 'Energy', 'Transportation', 'Finance', 'Defence industry', 'Religious', 'Advocacy / activists (e.g. human rights organizations)', ''], ['Government / ministries', 'Military', 'Energy', 'Transportation', 'Finance', 'Defence industry', 'Religious', 'Advocacy / activists (e.g. human rights organizations)', ''], ['Government / ministries', 'Military', 'Energy', 'Transportation', 'Finance', 'Defence industry', 'Religious', 'Advocacy / activists (e.g. human rights organizations)', ''], ['Government / ministries', 'Military', 'Energy', 'Transportation', 'Finance', 'Defence industry', 'Religious', 'Advocacy / activists (e.g. human rights organizations)', '']]",['Desert Falcons'],['Middle East (region)'],['Non-state-group'],['Criminal(s)'],1,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Desert Falcons,Middle East (region),Non-state-group,Criminal(s),['https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064309/The-Desert-Falcons-targeted-attacks.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064309/The-Desert-Falcons-targeted-attacks.pdf']
565,CyberBerkut NATO DDOS,Ukrainian hacktivists hit NATO websites with DDoS attack,2014-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['NATO (region)'],,[['International / supranational organization']],,['Cyber Berkut'],['Ukraine'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Berkut,Ukraine,Non-state-group,Hacktivist(s),[],System / ideology; Secession; Cyber-specific,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://securityaffairs.co/wordpress/23097/cyber-warfare-2/nato-websites-hit-ddos-attack.html']
566,Cozy Bear State Department Hack,"Cozybear hacked into the US State Department 2014, according to US officials. In 2018, it was revealed that they had their attribution information by the Dutch Intelligence Service AIVD, which had hacked into CozyBears server and linked it to Russian SVR.",2014-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],"['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)', 'SVR']","['Russia', 'Russia']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2017-01-01; 2017-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://nos.nl/nieuwsuur/artikel/2213767-dutch-intelligence-first-to-alert-u-s-about-russian-hack-of-democratic-party.html'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.washingtonpost.com/world/national-security/new-details-emerge-about-2014-russian-hack-of-the-state-department-it-was-hand-to-hand-combat/2017/04/03/d89168e0-124c-11e7-833c-503e1f6394c9_story.html', 'https://nos.nl/nieuwsuur/artikel/2213767-dutch-intelligence-first-to-alert-u-s-about-russian-hack-of-democratic-party.html']"
567,Molerats vs Israeli Ministry of Defense,Hackers broke into a Defense Ministry computer via an email attachment tainted with malicious software,2014-01-01,2014-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],,['Palestine'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,Palestine,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.jpost.com/Defense/Cyber-hackers-breach-Defense-Ministry-computer-339439']
568,Anti-Armenia Team vs. Armenia,"The total number of targeted websites is 64, which includes high profile Armenian government ministries such as Ministry of Education, police, city districts, Artsakh State University, Youth For Achievements” Educational NGO, Football Federation of Armenia and several other Armenian website.",2014-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Armenia'],"[['ASIA', 'CENTAS', 'CSTO']]","[['State institutions / political system', 'State institutions / political system', 'Science', 'Other']]","[['Government / ministries', 'Police', '', '']]",['Anti-Armenia Team'],['Azerbaijan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anti-Armenia Team,Azerbaijan,Non-state-group,Hacktivist(s),[],Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/armenian-govt-websites-hacked-by-azerbaijan-hackers/']
569,Svobod a defacement of Ukrainian Website,Hacktivists from Ukrainian neo-fascist ‘Svoboda’ party hacked and defaced more than 30 Ukrainian government and mediawebsites.,2014-01-01,2014-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Ukraine'],"[['EUROPE', 'EASTEU']]","[['State institutions / political system', 'Media']]","[['Government / ministries', '']]",['Svoboda'],['Ukraine'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Svoboda,Ukraine,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Other,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/ukrainian-government-websites-hacked-by-new-nazi-hackers/']
570,North korea prepare to attack against SK,Northkorea hacks several targets in SouthKorea in order to prepare larger strike. Sensitive defense data stolen and systems hijacked without being misused until recovery.,2014-01-01,2014-01-02,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Critical infrastructure']]","[['', 'Defence industry']]",,"[""Korea, Democratic People's Republic of""]",['State'],,1,2016-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,,[],System / ideology; Territory; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.reuters.com/article/us-northkorea-southkorea-cyber/north-korea-mounts-long-running-hack-of-south-korea-computers-says-seoul-idUSKCN0YZ0BE?mod=djemCIO_h']
571,US Postal Breach,"U.S. Postal Service hacked, allegedly by China.",2014-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,['China'],"['Non-state actor, state-affiliation suggested']",,2,2014-01-01; 2014-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Media-based attribution,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://arstechnica.com/information-technology/2014/11/all-us-postal-service-employees-personal-data-exposed-by-hackers/'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.usatoday.com/story/tech/2014/11/10/us-postal-service-post-office-hacked/18795289/', 'https://arstechnica.com/information-technology/2014/11/all-us-postal-service-employees-personal-data-exposed-by-hackers/']"
572,Duqu 2.0,"Kaspersky, as well as Hotels where the P5 + 1 Nuclear Talks with the Iran took place, got hacked by a Malware called Duqu-2.0, which is assumed to be the work of the Israeli Unit 8200.",2014-01-01,2015-06-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim; Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Europe (region)', 'Russia']","[[], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['Unit 8200'],['Unknown'],['Unknown - not attributed'],,1,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Unit 8200,Unknown,Unknown - not attributed,,"['https://resources.infosecinstitute.com/duqu-2-0-the-most-sophisticated-malware-ever-seen/#gref', 'https://www.theguardian.com/technology/2015/jun/11/duqu-20-computer-virus-with-traces-of-israeli-code-was-used-to-hack-iran-talks', 'https://securelist.com/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/70504/']",International power,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://resources.infosecinstitute.com/duqu-2-0-the-most-sophisticated-malware-ever-seen/#gref', 'https://www.theguardian.com/technology/2015/jun/11/duqu-20-computer-virus-with-traces-of-israeli-code-was-used-to-hack-iran-talks', 'https://securelist.com/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/70504/']"
573,IRS Hack,"Cyberhack got access to over 700,000 IRS accounts. The assumed Russian cyberthieves gained access to taxpayer accounts between January 2014, the launch for the GetTranscriptfunction, and May 2015, the IRS said.",2014-01-01,2015-05-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,['Russia'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Russia,Unknown - not attributed,,['https://www.cnet.com/news/russian-hackers-behind-50-million-irs-hack-report-says/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://eu.usatoday.com/story/money/2016/02/26/cyber-hack-gained-access-more-than-700000-irs-accounts/80992822/', 'https://www.cnet.com/news/russian-hackers-behind-50-million-irs-hack-report-says/']"
574,Yahoo Hack I,"Yahoo says that the user account information was stolen from its network in late 2014 by what it now believes to be a state-sponsored actor. In 2017, the us indicted Russian agents for the hack.",2014-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['FSB', 'Not available']","['Russia', 'Canada']","['Non-state actor, state-affiliation suggested', 'Individual hacker(s)']",,2,2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01,"Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker,,,,FSB; FSB; FSB; FSB; Not available; Not available; Not available; Not available; FSB; FSB; FSB; FSB; Not available; Not available; Not available; Not available,Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada,"Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s)",,"['https://techcrunch.com/2016/09/22/yahoo-confirms-state-sponsored-attacker-stole-personal-data-of-at-least-500-million-users/?_ga=2.215474910.832030079.1550578062-1170144247.1549987749', 'https://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html', 'https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://techcrunch.com/2016/09/22/yahoo-confirms-state-sponsored-attacker-stole-personal-data-of-at-least-500-million-users/?_ga=2.215474910.832030079.1550578062-1170144247.1549987749', 'https://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html', 'https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions', 'https://techcrunch.com/2017/02/27/yahoo-offers-new-details-on-breaches-to-senate-committee/']"
575,RedHack Defacement of Turkish Parliament,"First, the hackers exploited across-site scripting (XSS) vulnerability on the Parliament’s website (tbmm.gov.tr) to send a message to the government",2014-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Legislative', 'Political parties']]",['RedHack'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/RedHack-Hacks-Turkish-Contractors-Association-and-State-Railways-415876.shtml']
576,Redhack Disturbance of various Turkish government institutions,"The Redhack group disrupted the official website of the Turkish Central Bank to protest the fact that the central bank has allowed the Turkish lira to lose its value against foreign currencies.
The Ministry of Family and Social Policy was also targeted by the hacktivists to protest against ""child marriages and the death of women"".",2014-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,"[['Central Bank (Turkey) '], ['Ministry of Family and Social Policy (Turkey) ']]","['Turkey', 'Turkey']","[['ASIA', 'NATO', 'MEA'], ['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'Critical infrastructure', 'State institutions / political system'], ['State institutions / political system']]","[['Government / ministries', 'Finance', 'Other (e.g., embassies)'], ['Government / ministries']]",,['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-Turkey-s-Central-Bank-Disrupted-by-RedHack-417821.shtml']
577,OP Fullerton,#Op Fullerton: Anonymous takes down Fullerton police website against protesters arrest and Kelly Thomas tribute,2014-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-takes-down-fullerton-police-website-against-arrest/']
578,MSP Theft Campaign aka Operation Cloud Hopper,"The Chinese hackergroup APT 10 hacked the systems of the Norwegian company Visma (MSP)and various US-companies to steal important information about the companies clients. The hackergroup is linked to a Chinese intelligence agency. The attack is probably part of the operation""Cloud Hopper"".",2014-01-01,2018-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Brazil', 'Canada', 'Finland', 'France', 'Germany', 'India', 'Japan', 'Sweden', 'United Arab Emirates', 'United States']","[['SOUTHAM'], ['NATO', 'NORTHAM'], ['EUROPE', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'NEA'], ['EUROPE', 'EU', 'NORTHEU'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['NATO', 'NORTHAM']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,"['APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)']",['China'],['State'],,2,2017-01-01; 2017-01-01,"Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China; China,State; State,,['https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.msspalert.com/cybersecurity-breaches-and-attacks/APT%2010-attacked-msp-visma/', 'https://www.recordedfuture.com/APT%2010-cyberespionage-campaign/', 'https://baesystemsai.blogspot.com/2017/04/APT%2010-operation-cloud-hopper_3.html', 'https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion']"
579,Marriott Hack,"The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.",2014-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['MSS'],['China'],"['Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,MSS; MSS,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.wired.com/story/marriott-hack-china-2014-opm-anthem/', 'https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html', 'https://www.reuters.com/article/us-marriott-intnl-cyber-china-exclusive/exclusive-clues-in-marriott-hack-implicate-china-sources-idUSKBN1O504D', 'https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/', 'https://thehackernews.com/2023/01/is-once-yearly-pen-testing-enough-for.html']"
580,Pacifier APT aka Turla,"Bitdefender detected an ongoing cyber-espionage campaign against Romanian institutions and other foreign targets. The attacks started in 2014, with the latest reported occurrences in May of 2016. Later on, the campaign has been tied to the Russian state-sponsored group Turla.",2014-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"['Romania', 'Iran, Islamic Republic of', 'India']","[['EUROPE', 'BALKANS', 'NATO', 'EU'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries']]","['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://labs.bitdefender.com/2017/09/three-new-pacifier-apt-components-point-to-russian-linked-turla-group/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender-Whitepaper-PAC-A4-en_EN1.pdf', 'https://labs.bitdefender.com/2017/09/three-new-pacifier-apt-components-point-to-russian-linked-turla-group/']"
581,Leviathan aka APT 40,"Espionage efforts against US, western europe and south Chinese sea located targets, especially in the naval industry sector, but also research institutions and government entities. APT 40 is allegedly a Chinese state-proxy, according to Fire eye and the mysterious group Intrustion Truth.",2014-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Western Europe', 'South China Sea (region)']","[['NATO', 'NORTHAM'], [], []]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', 'Defence industry', '', ''], ['Government / ministries', 'Defence industry', '', ''], ['Government / ministries', 'Defence industry', '', '']]","['APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company)']",['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company)",China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets']
582,Dutch agency hacked CozyBear,"Hackers from the Dutch intelligence service AIVD have provided the FBI with crucial information about Russian interference with the American elections. For years, AIVD had access to the infamous Russian hacker group CozyBear.That's what de Volkskrant and Nieuwsuur have uncovered in their investigation.",2014-01-01,2016-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Intelligence agencies']],['AVID'],['Netherlands'],['State'],,1,2018-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,AVID,Netherlands,State,,"['https://www.volkskrant.nl/wetenschap/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~b4f8111b/?referer=https%3A%2F%2Fwww.google.com%2F', 'https://www.irishtimes.com/news/world/europe/the-spies-who-beat-russian-hackers-at-their-own-game-1.3455014']",Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.volkskrant.nl/wetenschap/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~b4f8111b/?referer=https%3A%2F%2Fwww.google.com%2F', 'https://www.irishtimes.com/news/world/europe/the-spies-who-beat-russian-hackers-at-their-own-game-1.3455014']"
583,TajMahal,"In the fall of 2018, Kaspersky detected an attack on a diplomatic organization belonging to a Central Asian country. The spyware called Taj Mahal has been in operation for the past five years and allows for all kinds of attack scenarios using various tools. The framework cannot be linked to any known threatactor.",2014-01-01,2018-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Central Asia (region)'],,[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,['https://securelist.com/project-tajmahal/90240/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.heise.de/security/meldung/Nach-fuenf-Jahren-unter-dem-Radar-Spionage-Malware-TajMahal-aufgetaucht-4370966.html', 'https://securelist.com/project-tajmahal/90240/']"
584,RUAG-Hack,"The Swiss government says that hackers used ""Turla"" malware to steal data from a state-owned defense firm RUAG, based in Bern, since 2014. In addition to the defense sector, state-owned RUAG operates in aerospace, aviation and other sectors. Where as the Swiss report does not attribute the hack to a specific actor, other actors have analyzed the used malware.",2014-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft; Hijacking with Misuse,,['Switzerland'],"[['EUROPE', 'WESTEU']]",[['Critical infrastructure']],[['Defence industry']],"['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,2,2016-01-01; 2016-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by receiver government / state entity; Media-based attribution,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.bankinfosecurity.com/swiss-government-ruag-hack-ties-to-turla-malware-a-9128'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.melani.admin.ch/melani/en/home/dokumentation/reports/technical-reports/technical-report_apt_case_ruag.html', 'https://www.bankinfosecurity.com/swiss-government-ruag-hack-ties-to-turla-malware-a-9128', 'https://www.swissinfo.ch/eng/parliament-committee_defence-ministry-criticised-over-cyberattack/44106062']"
585,ISIS vs. Russia,"The hacking division associated with ISIS (Islamic State of Iraq and Syria) extremist rebels CyberCaliphate has been hammering Russian online resources since autumn 2014, posting messages related to their cause.",2014-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Other']]",,['Cyber Caliphate'],['ISIS'],['Non-state-group'],['Terrorist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Caliphate,ISIS,Non-state-group,Terrorist(s),['https://news.softpedia.com/news/Cyber-Caliphate-Hackers-Deface-600-Russian-Internet-Resources-476718.shtml'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/Cyber-Caliphate-Hackers-Deface-600-Russian-Internet-Resources-476718.shtml']
586,Fancy Bear Ukraine Military App,"Fancy Bear which is linked to the Russian government and high-profile cyberattacks against Democrats during the U.S. presidential election likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016, according to a report by Crowd strike.",2014-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Military']],"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,['https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/'],System / ideology; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-cyber-ukraine-idUSKBN14B0CU', 'https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/']"
587,ELMachete-PartII,"Unidentified hackers, attributed to be of Brazilian origin attacked various high-profile targets - mostly in Latin America - with phishing attacks. Unlike the first phase of ElMachete, their targets also were Energy system providers.",2014-01-01,2017-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Ecuador', 'Venezuela', 'Peru', 'Argentina', 'Colombia', 'Korea, Republic of', 'United States', 'Bolivia', 'United Kingdom', 'Canada']","[[], ['SOUTHAM'], ['SOUTHAM'], ['SOUTHAM'], ['SOUTHAM'], ['ASIA', 'SCS', 'NEA'], ['NATO', 'NORTHAM'], ['SOUTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Military', 'Intelligence agencies', '', 'Energy', 'Chemicals', ''], ['Government / ministries', 'Military', 'Intelligence agencies', '', 'Energy', 'Chemicals', ''], ['Government / ministries', 'Military', 'Intelligence agencies', '', 'Energy', 'Chemicals', ''], ['Government / ministries', 'Military', 'Intelligence agencies', '', 'Energy', 'Chemicals', ''], ['Government / ministries', 'Military', 'Intelligence agencies', '', 'Energy', 'Chemicals', ''], ['Government / ministries', 'Military', 'Intelligence agencies', '', 'Energy', 'Chemicals', ''], ['Government / ministries', 'Military', 'Intelligence agencies', '', 'Energy', 'Chemicals', ''], ['Government / ministries', 'Military', 'Intelligence agencies', '', 'Energy', 'Chemicals', ''], ['Government / ministries', 'Military', 'Intelligence agencies', '', 'Energy', 'Chemicals', ''], ['Government / ministries', 'Military', 'Intelligence agencies', '', 'Energy', 'Chemicals', '']]",['El Machete'],['Brazil'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,El Machete,Brazil,Unknown - not attributed,,['https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html', 'https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html']"
588,APT 3 vs. Siemens,Hackers attributed to be part of APT 3 hacked into the American networks of the German company Siemens,2014-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)', 'Boyusec']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01; 2017-01-01,Domestic legal action; Domestic legal action,Attribution by third-party; Attribution by third-party,,,,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Boyusec",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/', 'https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=92a4528c-2bdb-498f-85c8-4273bfdc66aa&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/', 'https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=92a4528c-2bdb-498f-85c8-4273bfdc66aa&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments']"
589,APT32/Ocean Lotus Group,"Espionage-Hacks against  private companies in the US, China, Germany, the Philippines and Vietnam.",2014-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft,,"['Germany', 'China', 'United States', 'Philippines', 'Vietnam']","[['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['APT32/Ocean Lotus/Sea Lotus'],['Vietnam'],"['Non-state actor, state-affiliation suggested']",,2,2014-01-01; 2014-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,APT32/Ocean Lotus/Sea Lotus; APT32/Ocean Lotus/Sea Lotus,Vietnam; Vietnam,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html', 'https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html', 'https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal']"
590,Bridging the AirGap with USBFerry,"An APT, believed to be linked to the Chinese government, developed a malware specifically designed to access airborne networks and deployed it against Taiwanese and Philippine military networks.",2014-01-01,2020-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Taiwan', 'Philippines']","[['ASIA', 'SCS'], ['ASIA', 'SCS', 'SEA']]","[['State institutions / political system', 'Critical infrastructure', 'State institutions / political system'], ['State institutions / political system', 'Critical infrastructure', 'State institutions / political system']]","[['Government / ministries', 'Finance', 'Military'], ['Government / ministries', 'Finance', 'Military']]",['Tropic Trooper/Key Boy'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Tropic Trooper/Key Boy,Unknown,Unknown - not attributed,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/hackers-target-the-air-gapped-networks-of-the-taiwanese-and-philippine-military/', 'https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf']"
591,Rampant Kitten,A new threatactor-Rampant Kitten-was identified with an longterm espionage campaign against iranian regime critics,2014-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of', 'Azerbaijan']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'CENTAS']]","[['Social groups', 'Social groups'], ['Social groups', 'Social groups']]","[['Political opposition / dissidents / expats', 'Other social groups'], ['Political opposition / dissidents / expats', 'Other social groups']]",,"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/']
592,Community Health Systems Breach,"Dynamite Panda breached the US-American health provider Community Health, and exfiltrated 4.5 Millions  of confidential patient data. The attribution of Dynamite Panda is at that point unclear ,some seeing them as cyber-criminals, others seeing the operation as an independent action of a state-sponsored operator without the backing of their superiors.",2014-01-01,2014-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],['APT 18/Dynamite Panda/Wekby'],['China'],"['Non-state actor, state-affiliation suggested']",,2,2014-01-01; 2014-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,APT 18/Dynamite Panda/Wekby; APT 18/Dynamite Panda/Wekby,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.venafi.com/blog/infographic-how-an-attack-by-a-cyber-espionage-operator-bypassed-security-controls', 'https://www.pri.org/stories/2014-08-21/even-your-medical-records-arent-safe-chinese-group-hacks-hospitals-patienthttps://threatpost.com/APT -gang-branches-out-to-medical-espionage-in-community-health-breach/107828/']",System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.venafi.com/blog/infographic-how-an-attack-by-a-cyber-espionage-operator-bypassed-security-controls', 'https://threatpost.com/APT%20-gang-branches-out-to-medical-espionage-in-community-health-breach/107828/', 'https://www.pri.org/stories/2014-08-21/even-your-medical-records-arent-safe-chinese-group-hacks-hospitals-patienthttps://threatpost.com/APT -gang-branches-out-to-medical-espionage-in-community-health-breach/107828/']"
593,Nemesis Gemina,"The APT Miniduke continued their campaign, broadening the focus to further countries and new sectors, starting data-theft attacks against governments, militaries and energy companies",2014-01-01,2014-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Australia', 'Germany', 'Ukraine', 'Belgium', 'France', 'Spain', 'Hungary', 'Netherlands']","[['NATO', 'NORTHAM'], ['OC'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'EASTEU'], ['EUROPE', 'EU', 'NATO', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure']]","[['', 'Government / ministries', 'Civil service / administration', 'Military', 'Energy', 'Telecommunications'], ['', 'Government / ministries', 'Civil service / administration', 'Military', 'Energy', 'Telecommunications'], ['', 'Government / ministries', 'Civil service / administration', 'Military', 'Energy', 'Telecommunications'], ['', 'Government / ministries', 'Civil service / administration', 'Military', 'Energy', 'Telecommunications'], ['', 'Government / ministries', 'Civil service / administration', 'Military', 'Energy', 'Telecommunications'], ['', 'Government / ministries', 'Civil service / administration', 'Military', 'Energy', 'Telecommunications'], ['', 'Government / ministries', 'Civil service / administration', 'Military', 'Energy', 'Telecommunications'], ['', 'Government / ministries', 'Civil service / administration', 'Military', 'Energy', 'Telecommunications'], ['', 'Government / ministries', 'Civil service / administration', 'Military', 'Energy', 'Telecommunications']]",['Miniduke'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Miniduke,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securelist.com/miniduke-is-back-nemesis-gemina-and-the-botgen-studio/64107/']
594,Reaper/APT37 vs. South Korean Targets,"APT37 focuses on targeting the public and private sectors primarily in South Korea, but also North Korean Dissidents with Espionage. Wiper Malware was found,but at the time of writing not executed.",2014-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,,"['Korea, Republic of', ""Korea, Democratic People's Republic of""]","[['ASIA', 'SCS', 'NEA'], ['ASIA', 'NEA']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups']]","[['Government / ministries', 'Military', 'Defence industry', 'Political opposition / dissidents / expats'], ['Government / ministries', 'Military', 'Defence industry', 'Political opposition / dissidents / expats']]","['APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067', 'Group123']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067; Group123,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf'],System / ideology; Territory; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://twitter.com/cybersecboardrm/status/1626663903995256836', 'https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf', 'https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf', 'https://www.bleepingcomputer.com/news/security/new-windows-malware-scans-victims-mobile-phones-for-data-to-steal/']"
595,MSS 2020 Indictment Case 2015,"MSS supported hackers have stolen sensitive data by different companies and research entities in the US, Europe and Korea in 2015, according to a 2020 indictment.",2014-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Energy', 'Defence industry', '']]",['MSS supported Hackers'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,MSS supported Hackers,China,"Non-state actor, state-affiliation suggested",,[],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.justice.gov/opa/press-release/file/1295981/download']
596,OP Fun Kill,"Anonymous hackers launched Op Fun Kill, a campaign that aims to protest against the killing of animals. The operation was initiated after Dallas Safari Club announced that’s it was auctioning the chance to kill a black rhino in Namibia.",2014-01-08,2014-01-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Namibia'],"[['AFRICA', 'SSA']]","[['State institutions / political system', 'Media']]","[['Government / ministries', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Hackers-Launch-DDOS-Attack-on-Namibian-Government-Portal-in-OpFunKill-414769.shtml']
597,SEA vs. Saudi Websites,16 Saudi Arabian Government Websites Hacked by Syrian ElectronicArmy,2014-01-16,2014-01-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['State institutions / political system']],[['Government / ministries']],['Syrian Electronic Army'],['Syria'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2014-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'http://news.softpedia.com/news/16-Saudi-Arabian-Government-Websites-Hacked-by-Syrian-Electronic-Army-417751.shtml', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
598,Block of Court System,"Unidentified hackers temporarily blocked access to the federal court system’s public website on Friday, preventing lawyers from filing legal documents",2014-01-24,2014-01-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Judiciary']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-usa-courts-hack/u-s-court-system-targeted-in-cyber-attack-report-idUSBREA0O03W20140125', 'https://news.softpedia.com/news/Websites-of-the-US-Federal-Court-System-Disrupted-by-Cyberattacks-420595.shtml']"
599,Nigerian CyberArmy attack on the Nigerian Ministry of Police Affairs,The official website of Nigeria’s Ministry of Police Affairs (police affairs .gov.ng) has been breached and defaced by hackers of the Nigerian CyberArmy,2014-01-26,2014-01-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Nigeria'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Nigerian Cyber Army'],['Nigeria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Nigerian Cyber Army,Nigeria,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-Nigeria-s-Ministry-of-Police-Affairs-Hacked-and-Defaced-422104.shtml']
600,Pakistan Haxor Crew vs. West Bengal Area,Indian Public Health Engineering Department Targeted by Pakistani Hackers,2014-02-01,2014-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Civil service / administration']],['Pakistan Haxor Crew'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pakistan Haxor Crew,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Indian-Public-Health-Engineering-Department-Targeted-by-Pakistani-Hackers-423623.shtml']
601,Sands-Casino-Hack,"Las Vegas Casino Hacked by Iranians in 2014 , according to intelligence chief Clapper in 2015.",2014-02-01,2014-02-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,"['Iran, Islamic Republic of']",['State'],,3,2015-01-01; 2015-01-01; 2015-01-01,"Political statement / report (e.g., on government / state agency websites); Attribution given, type unclear; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Media-based attribution; Attribution by third-party,,,,,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of",State; State; State,,"['https://news.softpedia.com/news/Las-Vegas-Casino-Hacked-By-Iranians-in-2014-Bloomberg-474440.shtml', 'https://www.bloomberg.com/news/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioscodebook&stream=technology#p2', 'https://money.cnn.com/2015/02/27/technology/security/iran-hack-casino/index.html']",System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://news.softpedia.com/news/Las-Vegas-Casino-Hacked-By-Iranians-in-2014-Bloomberg-474440.shtml', 'https://www.bloomberg.com/news/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioscodebook&stream=technology#p2', 'https://money.cnn.com/2015/02/27/technology/security/iran-hack-casino/index.html']"
602,RedHack Police Dataleak,RedHack leaked data of police men and hacked several websites of different organizations including gov-websites to protest against a new internetlaw,2014-02-01,2014-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Police']]",['RedHack'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/RedHack-Begins-Hack-Attacks-in-Protest-Against-Turkey-s-New-Internet-Law-425418.shtml']
603,DDOS vs. British Ministry of Justice,Website of British Ministry of Justice and GCHQ disrupted by DDOS Attack,2014-02-12,2014-02-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Police']]",,['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-British-Ministry-of-Justice-Disrupted-by-DDOS-Attack-426652.shtml']
604,Falling Dominos,Several Hacker Groups defaced and hacked websites of venezuelan Gov. and military Websites to support opposition during protests,2014-02-15,2014-02-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Venezuela'],[['SOUTHAM']],"[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]","['Anonymous', 'LulzSec Peru']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",2,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Receiver attributes attacker; Attacker confirms; Attacker confirms,,,,Anonymous; LulzSec Peru; Anonymous; LulzSec Peru,Unknown; Unknown; Unknown; Unknown,Non-state-group; Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.pri.org/stories/2014-02-17/global-hackers-hit-venezuelan-government-servers-falling-dominoes']
605,Rucyborg vs. Russian Investment Fond,"Hacktivists of the Russian Cyber Command (Rucyborg) group have announced another dataleak. This time, they’ve targeted the Russian Industrial Investment Fund, a semi-governmental investment company established by a decree of the president of Russia.",2014-03-01,2014-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Rucyborg'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Rucyborg,Russia,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Hacktivists-Leak-Data-from-Personal-PC-of-Russian-Industrial-Investment-Fund-President-432552.shtml']
606,Kuwait Defacement,Website of Kuwait’s Ministry of Interior Hacked and Defaced,2014-03-01,2014-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Kuwait'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['State institutions / political system']],[['Government / ministries']],"['Shmook Amer', 'Dr.Hjd.']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Shmook Amer; Dr.Hjd.,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Website-of-Kuwait-s-Ministry-of-Interior-Hacked-and-Defaced-435068.shtml']
607,SEA vs. Opposition,The Syrian Electronic Army has breached and defaced the official website of the NationalCoalition for Syrian Revolutionary and Opposition Forces (etilaf.org). A number of other sites related to the organization have also been targeted.,2014-03-01,2014-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['Social groups']],[['Political opposition / dissidents / expats']],['Syrian Electronic Army'],['Syria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'http://news.softpedia.com/news/Syrian-Electronic-Army-Hacks-Website-of-Syrian-National-Coalition-432473.shtml', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
608,CyberBerkut vs. NATO,"On the eve of a crucial vote ove rCrimea’s would-be succession from the Ukraine, a group of purported pro-Russian Ukrainians launched three successful denial-of-service attacks against NATO websites.",2014-03-01,2014-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['NATO (region)'],,[['International / supranational organization']],,['Cyber Berkut'],['Russia'],['Non-state-group'],['Hacktivist(s)'],2,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Cyber Berkut; Cyber Berkut,Russia; Ukraine,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),"['https://www.recordedfuture.com/cyber-berkut-analysis/', 'https://www.zeit.de/politik/ausland/2014-03/hacker-nato-websites-ukraine']",System / ideology; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.vice.com/en_us/article/jp5mxd/pro-russia-ukranians-hack-nato-websites', 'https://www.recordedfuture.com/cyber-berkut-analysis/', 'https://www.zeit.de/politik/ausland/2014-03/hacker-nato-websites-ukraine']"
609,Seoul Subway Hack,"According to the Government of Seoul, the NorthKorea is the mainsuspect for a cyberattack that 2014 hit the South Korean capital’s subwaysystem. The attack, staged between March and August 2014, affected several servers of Seoul Metro.",2014-03-01,2014-08-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Critical infrastructure']],[['Transportation']],,"[""Korea, Democratic People's Republic of""]",['State'],,1,2015-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,,['https://securityaffairs.co/wordpress/40764/hacking/is-the-north-korea-behind-the-attack-on-the-seoul-subway-operator.html'],International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/north-korea-suspected-hacking-seoul-subway-operator-mp', 'https://www.vice.com/en_us/article/vb8bp8/cyber-attack-on-south-korean-subway-system-could-be-a-sign-of-nastier-things-to-come', 'https://securityaffairs.co/wordpress/40764/hacking/is-the-north-korea-behind-the-attack-on-the-seoul-subway-operator.html']"
610,Anonymous DDOS on Kremlin,Kremlin gets DDoS’d by Anonymous Caucasus,2014-03-14,2014-03-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://arstechnica.com/tech-policy/2014/03/kremlin-gets-ddosd-by-anonymous-caucasus/', 'https://twitter.com/twitter/status/1517983764458184704']"
611,Anonymous DDOS on Kremlin Round 2,"Anonymous Russia likely launched a powerful DDoS attack that temporarily knocked out websites belonging to the Kremlin, the Russian central bank, and Foreign Ministry. It is unknown if this is related to the war in Ukraine, but in their first round of DDoS attacks on the Kremlin, the attack was considered a response to Russian censorship.",2014-03-14,2014-03-14,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,['https://twitter.com/twitter/status/1517983764458184704'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['http://www.businessinsider.com/russia-cyberattack-ukraine-2014-3?IR=T', 'https://twitter.com/twitter/status/1517983764458184704']"
612,AnonGhost vs. Israeli ministry of Agriculture,Israeli Ministry of Agriculture and Rural Development Domain Hacked by AnonGhost,2014-03-29,2014-03-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['AnonGhost'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,AnonGhost,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonghost-hacks-israeli-ministry-website/']
613,CyberBerkut-US-PMC-Hack,"CyberBerkut claimed responsibility for defacing the websites of several private military companies–Greystone, TripleCanopy, and Academi–that they claimed were operating on the ground in Ukraine.",2014-04-01,2014-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Defence industry', '']]",['Cyber Berkut'],['Russia'],"['Non-state actor, state-affiliation suggested']",,2,2014-01-01; 2014-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Cyber Berkut; Cyber Berkut,Russia; Ukraine,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf'],System / ideology; Autonomy; Secession,System/ideology; Autonomy; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf', 'https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf']"
614,Indian hackers retaliation for attack on BCP,"The hacktivists have targeted the National Portal of Pakistan (Pakistan.gov.pk), and the websites of the Cabinet Ministry (cabinet.gov.pk), the Pakistan Manpower Institute (pmi.gov.pk), the Ministry of Defense (mod.gov.pk), the government’s Establishment Division (establishment.gov.pk), and the Ministry of Railways (railways.gov.pk).",2014-04-01,2014-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],"['Bl@ckDr@gon', 'HaxorT0du']","['India', 'India']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Bl@ckDr@gon; HaxorT0du,India; India,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Pakistani-National-Portal-Cabinet-Ministry-and-Ministry-of-Defense-Hacked-439248.shtml']
615,Suckfly vs. India,"A cyber-espionage group called Suckfly is targeting governments and big enterprises, mainly located in India",2014-04-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['India', 'Saudi Arabia']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', '']]",['Suckfly'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Suckfly,Unknown,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/suckfly-cyber-espionage-group-targets-indian-government-and-private-companies-504183.shtml']
616,OP Israel Counterattack,"In a counter-attack against Op Israel, local hackers hijacked the webcams of attackers of Israeli sites",2014-04-01,2014-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,['Unknown'],,[['Social groups']],[['Hacktivist']],['Israeli Elite Force'],['Israel'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Israeli Elite Force,Israel,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.timesofisrael.com/israeli-group-posts-photos-of-not-so-anonymous-hackers/']
617,Anonymous attack on Israel,"Anonymous hacktivists from several countries have launched a new campaign against Israel. Hundreds of websites were attacked as part of the pro-Palestinian campaign called Operation Israel (OpIsrael). Various types of cyberattacks were launched, from DDoS attacks to defacements. ",2014-04-07,2014-04-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Finance']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Secession,Resources; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['http://news.softpedia.com/news/OpIsrael-Anonymous-Hackers-Target-Websites-of-Israeli-Banks-and-Government-436235.shtml', 'http://www.timesofisrael.com/israeli-sites-shuttered-in-advance-of-cyber-attack/']"
618,Redhack Blame Muncipality,"On Tuesday, around 700 workers were trapped in a lignite mine in Soma, at own in Turkey’s Manisa Province, following an explosion. Hacktivists blame authorities for the incident, so they’ve defaced the official website of the Soma Municipality.",2014-05-01,2014-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Civil service / administration']],['RedHack'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/RedHack-Hacks-Website-of-Soma-Municipality-Following-Death-of-Hundreds-of-Miners-442076.shtml']
619,Belgium Data Leak,"Hackers stole data related to the Ukraine crisis from Belgian foreign ministry servers, prompting a security crackdown which has left diplomats without Internet or email, the ministry said.",2014-05-01,2014-05-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,,['Belgium'],"[['EUROPE', 'EU', 'NATO', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],System / ideology; Resources; Secession,System/ideology; Resources; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-belgium-cybercrime-ukraine/hackers-steal-ukraine-crisis-data-from-belgian-foreign-ministry-idUSBREA4B0EB20140512']
620,Red October aka Inception Framework: Cloud Atlas,"The APT Red October reemerged with new attacks, closely based on their attacks in 2012. With office vulnerabilities, they managed to access confident data, across various countries.",2014-05-01,2014-01-01,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Russia', 'Ukraine', 'Moldova, Republic of', 'Belgium', 'Iran, Islamic Republic of', 'France', 'Bulgaria', 'United States', 'Turkey', 'Georgia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU'], ['EUROPE', 'EASTEU'], ['EUROPE', 'EU', 'NATO', 'WESTEU'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'BALKANS', 'NATO', 'EU'], ['NATO', 'NORTHAM'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'CENTAS']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '', 'Energy', 'Telecommunications', 'Finance', 'Defence industry', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Finance', 'Defence industry', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Finance', 'Defence industry', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Finance', 'Defence industry', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Finance', 'Defence industry', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Finance', 'Defence industry', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Finance', 'Defence industry', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Finance', 'Defence industry', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Finance', 'Defence industry', ''], ['Government / ministries', '', 'Energy', 'Telecommunications', 'Finance', 'Defence industry', '']]","['Inception Framework/Cloud Atlas/Blue Odin/G0100', 'Red October']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Inception Framework/Cloud Atlas/Blue Odin/G0100; Red October,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/', 'https://www.symantec.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies']"
621,Premera Blue Cross Hack,Health insurer Premera Blue Cross said it was a victim of a cyberattack that that began in May 2014 and may have exposed medical data and financial information of 11 million customers. Media reveals that there are indications that this operation may be the work of a state-sponsored Chinese espionage group.,2014-05-05,2015-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],"['APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA)', 'PLA']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2015-01-01; 2015-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/'],Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-cyberattack-premera-idUSKBN0MD2FF20150317', 'https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/']"
622,Pro Taliban Group vs. Pakistan Police,The official website of the Rawalpindi police in Pakistan(rawalpindi police.gov.pk) was hacked and defaced on Thursday by a group that appears to support the Taliban.,2014-05-15,2014-05-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Police']],,['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Pakistan,Non-state-group,Hacktivist(s),[],Cyber-specific,System/ideology; Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Pakistani-Police-Website-Hacked-By-Supporters-of-the-Taliban-442482.shtml']
623,Anonymous Fighting in the Phillipinian Sea,Anonymous Philippines claimed responsibility for defacing more than 200 Chinese websites in retaliation for Beijing's aggressive actions in the West Philippine Sea,2014-05-19,2014-05-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]",['Anonymous Philippines'],['Philippines'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous Philippines,Philippines,Non-state-group,Hacktivist(s),[],System / ideology; Territory; Resources,System/ideology; Territory; Resources; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2014/05/anonymous-philippines-hacks-hundreds-of.html']
624,Vietnam Ministry Hack,Malware has been specifically crafted for the systems used by the employees at the Vietnamese Ministry of Natural Resources and Environment,2014-06-01,2014-06-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Hijacking without Misuse,,['Vietnam'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Government-Employees-Targeted-by-Phishing-Campaign-447692.shtml']
625,DDOS vs. Hong Kong Voting Site,"Largest DDoS attack hit PopVote, Hong Kong Democracy voting site",2014-06-14,2014-06-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Hong Kong'],[['ASIA']],[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],System / ideology; National power,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://securityaffairs.co/wordpress/26030/cyber-crime/popvote-largest-ddos-attack.html']
626,SEA vs. mediasites,Syrian ElectronicArmy attacked several Media websites,2014-06-22,2014-06-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['United Kingdom', 'United States']","[['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['NATO', 'NORTHAM']]","[['Media'], ['Media']]",,['Syrian Electronic Army'],['Syria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://theconversation.com/syrian-electronic-armys-attack-on-reuters-makes-a-mockery-of-cyber-security-again-28415', 'https://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/#62139039c522', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
627,Anti-Armenia Team vs. Armenian President,Azerbaijani hackers hack Armenian President and Ministry websites,2014-06-26,2014-06-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Armenia'],"[['ASIA', 'CENTAS', 'CSTO']]",[['State institutions / political system']],[['Government / ministries']],['Anti-Armenia Team'],['Azerbaijan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anti-Armenia Team,Azerbaijan,Non-state-group,Hacktivist(s),[],Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/azerbaijani-hackers-hack-armenian-president-website/']
628,Background Investigations Firm Hack,"A cyber attack at a firm that performs background checks for U.S. government employees compromised data of at least 25,000 workers, including some undercover investigators, and that number could rise, agency officials said.",2014-07-01,2014-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2014-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Unknown,"Non-state actor, state-affiliation suggested",,['https://www.reuters.com/article/us-usa-security-contractor/u-s-homeland-security-contractor-reports-computer-breach-idUSKBN0G62N420140807'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-usa-security-contractor-cyberattack/u-s-undercover-investigators-among-those-exposed-in-data-breach-idUSKBN0GM1TZ20140822', 'https://krebsonsecurity.com/2014/01/dhs-alerts-contractors-to-bank-data-theft/', 'https://www.reuters.com/article/us-usa-security-contractor/u-s-homeland-security-contractor-reports-computer-breach-idUSKBN0G62N420140807', 'https://edition.cnn.com/2014/08/06/tech/hackers-security-contractor-usis/index.html']"
629,Tunesia-Election-Hack 2014,"In July 2014, the electronic voter registration system for the then-upcoming Tunisian presidential election suffered a cyberattack, rendering registrations impossible for an unknown amount of time.",2014-07-01,2014-07-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Disruption,,['Tunisia'],"[['AFRICA', 'NAF', 'MENA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Election infrastructure / related systems']]",,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf']
630,Twitter of Kenyan Defense Force Hacked,The Twitter accounts of the Kenyan defence forces and its spokesman have been hacked by activists protesting about corruption.,2014-07-01,2014-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Kenya'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Military']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.bbc.com/news/world-africa-28398976']
631,Chafer aka APT39 1.0,"Chafer, an Iranian based Espionage group focusses heavily on the theft of personal information, via telecommunications companies and Airlines in the Middle East and also Individuals in Iran.",2014-07-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of', 'Saudi Arabia', 'Afghanistan']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'SASIA']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups']]",,['APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company)'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html'],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html']
632,SEA vs IDF,"SEA hacks Israeli Defence Force Twitteraccount, posts bogus nuclear warning",2014-07-03,2014-07-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Military']],['Syrian Electronic Army'],['Syria'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Syrian Electronic Army; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state-group","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Hacktivist(s)","['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",Unknown,Unknown; Third-party intervention / third-party affection,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://nakedsecurity.sophos.com/2014/07/04/sea-hacks-israeli-defence-force-twitter-account-posts-bogus-nuclear-warning/', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
633,Godzilla vs. Pakistan,"An Indian patriotic hacker targeted 43 major Pakistani Government official websites, including ‘President of Pakistan’, ‘Government of Pakistan’, 'Ministry of Defence’, and whole Ministry of Pakistan.",2014-07-31,2014-01-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Godzilla'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Godzilla,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehackernews.com/2014/08/godzilla-hacker-takes-down-several_1.html']
634,Anonymous leak of Pakistani Data,Anonymous Leaks Sensitive Data on Pakistani Government and Army in Solidarity With Protestors,2014-08-01,2014-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Military']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/anonymous-leaks-sensitive-data-pakistani-government-army-solidarity-protestors-1464015']
635,Monitoring of Exil-Bahraini Activists,Rightsgroup Privacy International files complaint that officials illegally monitored devices of pro-democracy trio in UK,2014-08-01,2014-08-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['United Kingdom', 'Bahrain']","[['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['Social groups'], ['Social groups']]","[['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)']]",,['Bahrain'],['State'],,1,2014-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,,,,,Bahrain,State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/technology/2014/oct/13/uk-police-investigate-alleged-bahraini-hacking-exiles-computers']
636,Gamma International Hack 2014,A hacker claims to have hacked a network of the surveillance technology company Gamma International and has published 40 gigabytes of internal data.,2014-08-01,2014-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['Unknown'],['Individual hacker(s)'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://netzpolitik.org/2014/gamma-finfisher-hacked-40-gb-of-internal-documents-and-source-code-of-government-malware-published/']
637,Saudi Embassy Hack,"An Saudi Embassy was hacked and threatened with an terrorist attack if they wouldn't pay 35 Million to the attacker. The attacker claimed to be associated with ISIS, but it was later on revelead that he was an insider.",2014-08-01,2014-08-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['State institutions / political system']],,,['Saudi Arabia'],['Individual hacker(s)'],,4,,"Attribution given, type unclear; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; IT-security community attributes attacker; Attacker confirms; Contested attribution,,,,,Saudi Arabia; Saudi Arabia; Saudi Arabia; Saudi Arabia,Individual hacker(s); Individual hacker(s); Individual hacker(s); Individual hacker(s),,['https://www.csoonline.com/article/3386381/inside-the-2014-hack-of-a-saudi-embassy.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.csoonline.com/article/3386381/inside-the-2014-hack-of-a-saudi-embassy.html']
638,Anonymous vs. Mossad,Anonymous hackers take down Mossad website against Gaza attacks,2014-08-02,2014-08-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Secession,System/ideology; Resources; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-hackers-mossad-website/']
639,Hack of Russian Prime Ministers Twitter,"Someone hacked the Twitter account of Russia's Prime Minister Dmitry Medvedev, posting a series of fake messages including are signation announcement.",2014-07-14,2014-08-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Shaltai Boltai'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Shaltai Boltai,Russia,Non-state-group,Hacktivist(s),['https://www.washingtonpost.com/news/worldviews/wp/2017/03/16/the-fbi-just-indicted-a-russian-official-for-hacking-but-why-did-russia-charge-him-with-treason/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://mashable.com/2014/08/14/russias-prime-minister-twitter-account-gets-hacked/#14s8LOmTpgqH', 'https://www.washingtonpost.com/news/worldviews/wp/2017/03/16/the-fbi-just-indicted-a-russian-official-for-hacking-but-why-did-russia-charge-him-with-treason/']"
640,CyberBerkut vs. Poland,"The hacker group CyberBerkut said it blocked the sites, both down on Thursday afternoon, in response to what it said were Poland's actions as""sponsors off a scismin Ukraine"".",2014-07-14,2014-08-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Poland'],"[['EUROPE', 'NATO', 'EU', 'EASTEU']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]",['Cyber Berkut'],['Ukraine'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Cyber Berkut,Ukraine,Non-state-group,Hacktivist(s),['https://www.securityweek.com/ukrainian-hackers-claim-attack-polish-websites'],System / ideology; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.securityweek.com/ukrainian-hackers-claim-attack-polish-websites']
641,Anonymous Takedown of israeli pages part II,Hackers operating under the banners of Anonymous have taken offline important Israeli government websites as a reaction to the alleged shutdown of various social media accounts of the group.,2014-08-24,2014-08-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Key-Israeli-Websites-Hacked-By-Anonymous-456302.shtml']
642,Anonymous Data Leak Pakistan 2014,"Anonymous Pakistan' take down government sites, leak bank records",2014-08-31,2014-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.dawn.com/news/1129212']
643,HongKong-Protest-Fake-App,Protesters in Hong Kong are being targeted by a social engineering campaign aiming to infect Android devices with an advanced surveillance mRAT.,2014-09-01,2014-09-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Hong Kong'],[['ASIA']],[['End user(s) / specially protected groups']],,,['China'],['State'],,1,2014-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,State,,['https://blog.checkpoint.com/2014/09/30/chinese-government-targets-hong-kong-protesters-android-mrat-spyware/'],System / ideology; Autonomy,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://blog.checkpoint.com/2014/09/30/chinese-government-targets-hong-kong-protesters-android-mrat-spyware/']
644,Sony Hack 2014,"A hacker group which identified itself by the name""Guardians of Peace"" (GOP) leaked a release of confidential data from the film studio SonyPictures. The US indicted in 2018 a North-Korean agent believed to be part of the APT Lazarus for having conducted the attack.",2014-09-01,2014-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)', 'Reconnaissance General Bureau']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['State', 'State']",,4,2014-01-01; 2014-01-01; 2014-01-01; 2014-01-01; 2014-01-01; 2014-01-01; 2014-01-01; 2014-01-01,"Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Not available; Not available",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms; Attacker confirms; Contested attribution; Contested attribution,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State; State; State",,"['https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/', 'https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf', 'https://arstechnica.com/information-technology/2018/09/us-indicts-north-korean-agents-for-wannacry-sony-attacks/', 'https://www.schneier.com/essays/archives/2014/12/did_north_korea_real.html']",System / ideology; International power,System/ideology; International power; Other,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.govinfosecurity.com/south-korea-sanctions-pyongyang-hackers-a-21193', 'https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/', 'https://securitymea.com/2023/02/28/apt-group-lazarus-likely-using-winordll64-backdoor-to-exfiltrate-data/', 'https://www.darkreading.com/vulnerabilities-threats/lazarus-group-deathnote-cluster-pivots-defense-sector', 'https://www.nytimes.com/roomfordebate/2014/12/23/when-does-a-cyberattack-warrant-a-military-response', 'https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/', 'https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf', 'https://arstechnica.com/information-technology/2018/09/us-indicts-north-korean-agents-for-wannacry-sony-attacks/', 'https://www.schneier.com/essays/archives/2014/12/did_north_korea_real.html', 'https://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html?_r=0', 'https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/', 'https://therecord.media/mondelez-and-zurich-reach-settlement-in-notpetya-cyberattack-insurance-suit/', 'https://therecord.media/more-than-2000-cybersecurity-patent-applications-filed-since-2010-report/', 'https://twitter.com/MischaHansel/status/1623012083854979083']"
645,Anonymous vs. Romania,"The home page of the General Inspectorate of Romanian Police was hacked by the local Anonymous group, who posted a message on the News Section.",2014-09-17,2014-09-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Romania'],"[['EUROPE', 'BALKANS', 'NATO', 'EU']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Anonymous-Romania-Hacks-Local-Police-Website-459347.shtml']
646,German Website Defacement,Hackers post IS-messages on German websites.,2014-10-01,2014-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Disruption,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Team System Dz'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team System Dz,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.zeit.de/digital/2014-10/hacker-angriff-is-botschaften']
647,Op Orwah Hammad,Anonymous has taken down 43 top Israeli government websites against shooting and killing of a 14-year-old U.S. citizen Orwah Hammad by Israeli Defence Forces.,2014-10-01,2014-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-hackers-orwah-hammad-israel-idf/']
648,CyberBerkut Billboard Hack,"CyberBerkut hacked billboards in the Ukrainian capital, Kiev, displaying anti-Ukrainian propaganda images of“war crimes.”",2014-10-01,2014-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Cyber Berkut'],['Russia'],['Non-state-group'],['Hacktivist(s)'],2,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Cyber Berkut; Cyber Berkut,Russia; Ukraine,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),['https://www.recordedfuture.com/cyber-berkut-analysis/'],System / ideology; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.recordedfuture.com/cyber-berkut-analysis/']
649,SEA vs. UNICEF,Syrian Electronic Army hacked the Twitteraccount of the UNICEF to share the news of bomb blast in a Syrian school which killed 49 children,2014-10-02,2014-02-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['UNICEF'],,[['International / supranational organization']],,['Syrian Electronic Army'],['Syria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",System / ideology; Resources,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.techworm.net/2014/10/unicef-twitter-account-hacked.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
650,MalluSoldiers vs. PakistanEnergy,Cyberattackers have hacked the websites of Pakistan People's Party,2014-10-09,2014-10-09,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Intelligence agencies']],['Mallu Cyber Soldiers'],['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Mallu Cyber Soldiers,India,Non-state-group,Hacktivist(s),[],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.ibtimes.co.in/mohanlal-fans-hack-pakistan-website-post-actors-picture-dialogue-610930']
651,OP HongKong,Anonymous Leaks Chinese Government Website Data Over  HongKong Protests,2014-10-12,2014-10-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Government / ministries']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Autonomy,System/ideology; Autonomy; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://gadgets.ndtv.com/internet/news/anonymous-leaks-chinese-government-website-data-over-hong-kong-protests-605910', 'https://www.techworm.net/2014/10/operation-hong-kong-anonymous-hacks-chinese-government-website.html']"
652,Serbian Hackers vs. Albania,Serbian hackers deface the site of the Albanian state television and put the picture of Albanian flag on fire,2014-10-18,2014-10-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Albania'],"[['EUROPE', 'BALKANS', 'NATO', 'WBALKANS']]",[['State institutions / political system']],[['Government / ministries']],,['Serbia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Serbia,Non-state-group,Hacktivist(s),[],Secession,Secession,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.techworm.net/2014/10/serbian-hackers-deface-rtsh.html']
653,Attack on Ukrainian Voting System,Hackers attacked Ukraine's election commission website,2014-10-25,2014-10-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,['Ukraine'],"[['EUROPE', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system']]","[['Civil service / administration', '']]",,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,['https://www.nytimes.com/2017/08/16/world/europe/russia-ukraine-malware-hacking-witness.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/hackers-target-ukraines-election-website', 'https://www.nytimes.com/2017/08/16/world/europe/russia-ukraine-malware-hacking-witness.html']"
654,Egypt Cyber Army vs. ISIS,"Last week, less than 24 hours after ISIS socialmedia accounts posted a threatening message from the group's leader, the audio recording was replaced with a song and its transcript with a logo resembling that of the Egyptian military, accompanied by a writing in Arabic that read""Egyptian Cyber Army.""",2014-11-01,2014-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['Social groups']],[['Terrorist']],['Egypt Cyber Army'],['Egypt'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Egypt Cyber Army,Egypt,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://mashable.com/2014/11/23/egyptian-cyber-army-isis-baghdadi-hack/?europe=true#6rdxCB7jemqs']
655,DeepPanda G20 Attack,A Chinese hacking group believed to be affiliated with the Chinese government has penetrated Australian media organisations ahead of this weekend's G20 meeting,2014-11-01,2014-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,['Australia'],[['OC']],[['Media']],,"['APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA)', 'PLA']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2014-01-01; 2014-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.abc.net.au/news/2014-11-13/g20-china-affliliated-hackers-breaches-australian-media/5889442']
656,Anonymous DDOS vs. Toronto,"Hacker claiming ties to Anonymous targets Toronto, Ottawa Police with DDoS attack",2014-11-21,2014-11-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Canada'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://globalnews.ca/news/1689115/hacker-claiming-ties-to-anonymous-targets-toronto-ottawa-police-with-ddos-attack/']
657,Anonymous KKK Data leak,Anonymous posts KKK leader’s personal data online,2014-11-26,2014-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['End user(s) / specially protected groups']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.rt.com/usa/209875-anonymous-kkk-leader-dox/']
658,US/GB/CAN-Media-HackSEA,"Syrian Electronic Army hacks several websites, Forbes, Ferrari, Independent, Daily Telegraph and many other websites hijacked",2014-11-27,2014-11-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['United States', 'France', 'United Kingdom', 'Canada']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['NATO', 'NORTHAM']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]",,['Syrian Electronic Army'],['Syria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.techworm.net/2014/11/syrian-electronic-army-hacks-several-websites-forbes-ferrari-independent-daily-telegraph-many-websites-hijacked.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
659,UMPDDPS,"Internet hackers have disrupted the ballot to elect a new leader of France's main opposition party, the UMP.",2014-11-28,2014-11-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system', 'State institutions / political system']]","[['Intelligence agencies', 'Election infrastructure / related systems']]",,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.connexionfrance.com/Archive/Hackers-slow-down-UMP-leader-ballot']
660,Kimsuky vs. SK nuclear authority,"Hackers stole blueprints, employee data, and threatened ""destruction"" if demands not met. South Korea claims North hacked nuclear data",2014-12-01,2015-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Critical infrastructure']],[['Energy']],['Kimsuky/Velvet Chollima/STOLEN PENCIL/Thallium/Black Banshee/G0094'],"[""Korea, Democratic People's Republic of""]",['Unknown - not attributed'],,1,,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Thallium/Black Banshee/G0094,"Korea, Democratic People's Republic of",Unknown - not attributed,,"['https://en.yna.co.kr/view/AEN20150326007300320?section=search', 'https://en.yna.co.kr/view/AEN20150317005552315?section=search']",System / ideology; Territory; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://arstechnica.com/information-technology/2015/03/south-korea-claims-north-hacked-nuclear-data/', 'https://en.yna.co.kr/view/AEN20150326007300320?section=search', 'https://en.yna.co.kr/view/AEN20150317005552315?section=search']"
661,Takedown of Oakland Website,Several websites for the city of Oakland were knocked out in a likely cyberattack.,2014-12-10,2014-12-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Attribution given, type unclear",Media-based attribution,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.latimes.com/local/crime/la-me-bay-area-protests-20141211-story.html']
662,Fancy Bear vs. Westinghouse,Fancy Bear accessed the internal networks of the company Westinghouse- a nuclear energy company- and stole sensitive data,2014-12-10,2015-11-18,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Energy']],"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)', 'GRU']","['Russia', 'Russia']","['State', 'State']",,1,2018-01-01; 2018-01-01,Domestic legal action; Domestic legal action,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,State; State,,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.justice.gov/opa/page/file/1098481/download']
663,"Perennial espionage-campaign by Chinese Winnti/WickedPanda vs. Various German Companies in the Chemical, Pharma and Technology Sector.","Allegedly the Chinese statesponsored Group WickedPanda aka WinNTI stole technical trade secrets of the German steelmaker ThyssenKrupp in early 2016 and from other German industry targets during the period 2016-2019, according to the German Federal Office for the Protection of the Constitution (BfV).",2014-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft; Hijacking with Misuse,,"['Germany', 'Japan']","[['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SCS', 'NEA']]","[['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Health', 'Chemicals', ''], ['Health', 'Chemicals', '']]",['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']",,2,2019-01-01; 2019-01-01,"Statement in media report and political statement/technical report; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044; APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://401trg.com/burning-umbrella/', 'https://www.dw.com/en/bayer-points-finger-at-wicked-panda-in-cyberattack/a-48196004', 'https://www.verfassungsschutz.de/embed/vsbericht-2019.pdf', 'https://www.verfassungsschutz.de/de/oeffentlichkeitsarbeit/publikationen/verfassungsschutzberichte/vsbericht-2019']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://401trg.com/burning-umbrella/', 'https://www.dw.com/en/thyssenkrupp-victim-of-cyber-attack/a-36695341', 'https://www.dw.com/en/bayer-points-finger-at-wicked-panda-in-cyberattack/a-48196004', 'https://www.verfassungsschutz.de/embed/vsbericht-2019.pdf', 'https://www.verfassungsschutz.de/de/oeffentlichkeitsarbeit/publikationen/verfassungsschutzberichte/vsbericht-2019']"
664,RedFoxtrot aka PLA Unit 69010 vs. Central Asian Countries,"Recorded Future reported a wide espionage-campaign by the Chinese APT  RedFoxtrot, aligned with PLA Unit 69010, against central asian government, defense and telecommunication entities.",2014-01-01,2021-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['India', 'Pakistan', 'Afghanistan', 'Kazakhstan']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA'], ['ASIA', 'CSTO', 'SCO']]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Telecommunications', 'Defence industry'], ['Government / ministries', 'Telecommunications', 'Defence industry'], ['Government / ministries', 'Telecommunications', 'Defence industry'], ['Government / ministries', 'Telecommunications', 'Defence industry']]","['Red Foxtrot', 'PLA Unit 69010']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Red Foxtrot; PLA Unit 69010,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.recordedfuture.com/redfoxtrot-china-pla-targets-bordering-asian-countries/'],International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.recordedfuture.com/redfoxtrot-china-pla-targets-bordering-asian-countries/']
665,Chinese Ministry of State Security campaign 2014,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2014-12-01,2015-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Defence industry']],"['Li Xiaoyu/Oro01xy', 'MSS']","['China', 'China']","['State', 'State']",,1,2020-01-01; 2020-01-01,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Li Xiaoyu/Oro01xy; MSS,China; China,State; State,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a']
666,Operation Manul,"A probably state-sponsored campaign by the Kazakh government against critical journalists, discovered by the ElectronicFrontier Foundation.",2015-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Kazakhstan'],"[['ASIA', 'CSTO', 'SCO']]","[['Social groups', 'End user(s) / specially protected groups', 'Media']]","[['Political opposition / dissidents / expats', '', '']]",['Appin Security Group'],['Kazakhstan'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Appin Security Group,Kazakhstan,"Non-state actor, state-affiliation suggested",,['https://www.eff.org/files/2018/01/29/operation-manul.pdf'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.eff.org/files/2018/01/29/operation-manul.pdf']
667,Grey Energy,"New malware discovered by ESET, possibly linked to Blackenergy and Russian-state-sponsored attributed Telebots. Espionage as preparatory step for potential subsequent sabotage discovered.",2015-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Ukraine', 'Poland']","[['EUROPE', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU']]","[['Critical infrastructure'], ['Critical infrastructure']]","[['Energy'], ['Energy']]","['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)', 'Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Media-based attribution,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Unknown; Russia,"Unknown - not attributed; Non-state actor, state-affiliation suggested","; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.zdnet.com/article/greyenergy-new-malware-campaign-targets-critical-infrastructure-companies/', 'https://www.zdnet.com/article/russian-military-behind-notpetya-attacks-uk-officially-names-and-shames-kremlin/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/', 'https://www.zdnet.com/article/greyenergy-new-malware-campaign-targets-critical-infrastructure-companies/', 'https://www.zdnet.com/article/russian-military-behind-notpetya-attacks-uk-officially-names-and-shames-kremlin/', 'https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/', 'https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html', 'https://twitter.com/DarkReading/status/1620558295672012807']"
668,"Quasar, Sobaken and Vermin","Cybercriminals spied on Ukrainian government actors by using three different malwares, according to ESET.",2015-01-01,2018-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Non-state-group'],['Criminal(s)'],1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Non-state-group,Criminal(s),['https://www.welivesecurity.com/wp-content/uploads/2018/07/ESET_Quasar_Sobaken_Vermin.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.welivesecurity.com/wp-content/uploads/2018/07/ESET_Quasar_Sobaken_Vermin.pdf']
669,"""The Big Hack""","According to Bloomberg, a Chinese PLA unit managed to infiltrate the Chip production of the company SuperMicro, opening up entrance paths into the systems of important American companies, including Amazon and Google",2015-01-01,2015-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Telecommunications', '']]",['PLA'],['China'],['State'],,1,2018-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,PLA,China,State,,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
670,Arid Viper aka Desert Falcons,"Arid Vipers hackers infected various computers via a infected video, Arid Viper aka Desert Falcons in 2018 attributed to Hamas.",2015-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Israel', 'Kuwait', 'Korea, Republic of']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Science']]","[['Government / ministries', 'Military', 'Transportation', 'Telecommunications', ''], ['Government / ministries', 'Military', 'Transportation', 'Telecommunications', ''], ['Government / ministries', 'Military', 'Transportation', 'Telecommunications', '']]","['Desert Falcons/AridViper', 'Gaza Cybergang 2']","['Palestine', 'Palestine']","['Non-state-group', 'Non-state-group']","['Criminal(s)', 'Criminal(s)']",1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Desert Falcons/AridViper; Gaza Cybergang 2,Palestine; Palestine,Non-state-group; Non-state-group,Criminal(s); Criminal(s),['https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-Back-Into-View', 'https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/sexually-explicit-material-used-as-lures-in-cyber-attacks?linkId=124258120', 'https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion']"
671,Inception aka RedOctober 2015,"The APT Inception, allegedly the same actor as the RedOctober Group continued its attacks on various actors with a refined attack vector, after being exposed by an IT company in 2014.",2015-01-01,2017-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Russia', 'Moldova, Republic of', 'Global (region)']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU'], []]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['', 'Energy', 'Defence industry', ''], ['', 'Energy', 'Defence industry', ''], ['', 'Energy', 'Defence industry', '']]","['Inception Framework/Cloud Atlas/Blue Odin/G0100', 'Red October']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Inception Framework/Cloud Atlas/Blue Odin/G0100; Red October,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
672,Uzbekistan attack on dissidents,"Actors tied to the uzbek secret service used various zero-days to spy on different dissident groups in Uzbekistan, reportedly with the help of israeli based IT-company Candiru and its spyware.",2015-01-01,2018-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Uzbekistan'],"[['ASIA', 'CENTAS', 'CSTO', 'SCO']]","[['Social groups', 'Media']]","[['Advocacy / activists (e.g. human rights organizations)', '']]","['Sand Cat', 'Unit 02616\xa0SSS']","['Uzbekistan', 'Uzbekistan']","['State', 'State']",,1,2019-01-01; 2019-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Sand Cat; Unit 02616 SSS,Uzbekistan; Uzbekistan,State; State,,"['https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/', 'https://www.forbes.com/sites/thomasbrewster/2019/10/03/meet-candiru-the-super-stealth-cyber-mercenaries-hacking-apple-and-microsoft-pcs-for-profit/?sh=64766ae75a39']",System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-uzbekistan-cyber/uzbek-spies-attacked-dissidents-with-off-the-shelf-hacking-tools-idUSKBN1WI0YL', 'https://www.kaspersky.com/about/press-releases/2019_kaspersky-lab-uncovers-windows-zero-day-exploited', 'https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec', 'https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/', 'https://www.forbes.com/sites/thomasbrewster/2019/10/03/meet-candiru-the-super-stealth-cyber-mercenaries-hacking-apple-and-microsoft-pcs-for-profit/?sh=64766ae75a39']"
673,Russia vs. Lithuanian Government,Russia targets Lithuanian government computers,2015-01-01,2016-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,[['Not available']],['Lithuania'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],['Not available'],['Russia'],['State'],,1,2016-12-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Rimtautas Cerniauskas (Head of National Cyber Security Centre of Lithuania 2015-2017),,Lithuania,,Russia,State,,['https://www.reuters.com/article/us-lithuania-cyber-idUSKBN14B1PC'],International power,Unknown,,Unknown,,0,,,,,,No,,Not available,Not available,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,State actors,,,['https://www.reuters.com/article/us-lithuania-cyber-idUSKBN14B1PC']
674,Anthem Hack,"The 2015 breach at Anthem compromised some of the most intimate data belonging to nearly 80 million Americans, and U.S. security companies quickly linked the breach to hacking groups based in China. An US-Indictment from 2019 did not invoke state-involvement, but security researchers say, espionage seems the more proper motivation for the attack than cyber-crime. The infrastructure naming convention in use also indicates a potential link to the OPM Hack. Crowdstrike & Symantec link the attack to Deep Panda aka Black Vine.",2015-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA)', 'PLA']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2015-01-01; 2015-01-01; 2015-01-01; 2015-01-01,"Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,,,,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA; APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; ","['https://foreignpolicy.com/2019/05/10/the-enduring-mystery-of-who-hacked-anthem-hackers-spies-china/', 'https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/', 'https://www.computerworld.com/article/2954715/symantec-wellheeled-hacking-group-black-vine-behind-anthem-breach.html', 'https://threatconnect.com/blog/the-anthem-hack-all-roads-lead-to-china/', 'https://www.justice.gov/opa/pr/member-sophisticated-china-based-hacking-group-indicted-series-computer-intrusions-including']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://foreignpolicy.com/2019/05/10/the-enduring-mystery-of-who-hacked-anthem-hackers-spies-china/', 'https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/', 'https://www.computerworld.com/article/2954715/symantec-wellheeled-hacking-group-black-vine-behind-anthem-breach.html', 'https://threatconnect.com/blog/the-anthem-hack-all-roads-lead-to-china/', 'https://www.justice.gov/opa/pr/member-sophisticated-china-based-hacking-group-indicted-series-computer-intrusions-including', 'https://eu.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/']"
675,Operation Transparent Tribe/Operation C-Major,"Proofpoint discovered an espionage-campaign against Indian military personnel, including spear-phishing and watering hole attacks. Trend micro reported about the same actor in the Operation C-Major report. APT36 aka Transparent Tribe is associated with the Pakistani military. ",2015-01-01,2016-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",['APT36/Transparent Tribe/Mythic Leopard/C-Major'],['Pakistan'],['State'],,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,State,,['https://malpedia.caad.fkie.fraunhofer.de/actor/operation_c-major'],International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://news.softpedia.com/news/indian-officials-under-a-barrage-of-ongoing-cyber-attacks-501440.shtml', 'http://documents.trendmicro.com/assets/pdf/Indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf', 'https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf', 'https://malpedia.caad.fkie.fraunhofer.de/actor/operation_c-major']"
676,Conflict around South Chinese Sea,"Nanhaishu hackers target Philippine Justice Department, APE Cand intl. Lawfirm, all involved in South China Sea dispute",2015-01-01,2015-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]","[['State institutions / political system', 'International / supranational organization', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '', '']]","['Nanhaishu/APT 40/Leviathan', 'MSS']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2019-01-01; 2019-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Nanhaishu/APT 40/Leviathan; MSS,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf']
677,Rocket-Kitten vs. Israel,Irans Revolutionary Guards managed to hack the private computers of israeli seniorsecurity official in 2015.,2015-01-01,2015-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Military']],['Iran Revolutionary Guard Corps'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Iran Revolutionary Guard Corps,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.jpost.com/Middle-East/Report-Iran-hacked-former-IDF-chiefs-computer-444401']
678,Spying in the Moonlight,Moonlight APT Uses H-Worm Backdoor to Spy on Middle Eastern Targets,2015-01-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of', 'Israel', 'Palestine', 'Egypt', 'Jordan', 'Libya']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'MENA', 'MEA'], ['AFRICA', 'MENA', 'MEA', 'NAF']]","[['End user(s) / specially protected groups', 'Media', 'Other'], ['End user(s) / specially protected groups', 'Media', 'Other'], ['End user(s) / specially protected groups', 'Media', 'Other'], ['End user(s) / specially protected groups', 'Media', 'Other'], ['End user(s) / specially protected groups', 'Media', 'Other'], ['End user(s) / specially protected groups', 'Media', 'Other']]",,"['Molerats/Extreme Jackal', 'Gaza Cybergang 1']","['Palestine', 'Palestine']","['Non-state-group', 'Non-state-group']","['Terrorist(s)', 'Terrorist(s)']",1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Molerats/Extreme Jackal; Gaza Cybergang 1,Palestine; Palestine,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),['https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://news.softpedia.com/news/moonlight-apt-uses-h-worm-backdoor-to-spy-on-middle-eastern-targets-509667.shtml', 'https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion']"
679,Group5 vs. Syrian Opposition,"Group 5 targets Syrian opposition, background unknown, but state sponsorship suggested",2015-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Syria'],"[['ASIA', 'MENA', 'MEA']]","[['Social groups', 'End user(s) / specially protected groups']]","[['Political opposition / dissidents / expats', '']]",['Group5'],"['Iran, Islamic Republic of']",['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Group5,"Iran, Islamic Republic of",Unknown - not attributed,,[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://citizenlab.ca/2016/08/group5-syria/']
680,Australia's Bureau of Meteorology Attack 2015,Probably Chinese Spies leaked sensitive Data of Australias govermental systems,2015-01-01,2015-12-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['Australia'],[['OC']],[['State institutions / political system']],[['Government / ministries']],,['China'],['State'],,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,China,State,,['https://www.cnet.com/au/news/foreign-spies-behind-bureau-of-meteorology-hack-cyber-security-report/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-australia-cybersecurity/china-behind-massive-cyber-attack-on-australian-government-abc-idUSKBN0TL08M20151202', 'https://www.cnet.com/au/news/foreign-spies-behind-bureau-of-meteorology-hack-cyber-security-report/', 'http://www.abc.net.au/news/2016-10-12/bureau-of-meteorology-bom-cyber-hacked-by-foreign-spies/7923770']"
681,Leak of Saudi Ministry of Foreign Affairs 2015,Yemeni Hackergroup Yemeni Cyber Army leaked and published sensitive Data of Saudi Ministry of Foreign Affairs,2015-01-01,2015-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['State institutions / political system']],[['Government / ministries']],['Yemen Cyber Army'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,3,2015-01-01; 2015-01-01; 2015-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attacker confirms; Contested attribution,,,,Yemen Cyber Army; Yemen Cyber Army; Yemen Cyber Army,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://motherboard.vice.com/en_us/article/wnj9gq/theres-evidence-the-yemen-cyber-army-is-actually-iranian', 'https://www.buzzfeednews.com/article/sheerafrenkel/who-is-the-yemen-cyber-army#.ytNvmG2OD']",System / ideology; National power,National power; Subnational predominance; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/saudi-ministry-of-foreign-affairs-hacked/', 'https://motherboard.vice.com/en_us/article/wnj9gq/theres-evidence-the-yemen-cyber-army-is-actually-iranian', 'https://www.buzzfeednews.com/article/sheerafrenkel/who-is-the-yemen-cyber-army#.ytNvmG2OD']"
682,Army National Guard Breach,"Army National Guard breach affects 850K, not related to OPM",2015-01-01,2015-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,['https://eu.montgomeryadvertiser.com/story/news/military/2015/07/10/army-national-guard-announces-data-breach/29984897/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.scmagazine.com/breach-may-have-compromised-personal-info-on-850k-national-guard-members/article/532630/', 'https://eu.montgomeryadvertiser.com/story/news/military/2015/07/10/army-national-guard-announces-data-breach/29984897/']"
683,Yahoo Hack II,"The same hackers as in 2014 gained access to Yahoo User Accounts in 2015, says the company.",2015-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['FSB', 'Not available']","['Russia', 'Canada', 'Russia']","['Non-state actor, state-affiliation suggested', 'Individual hacker(s)']",,2,2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01,"Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker,,,,FSB; FSB; FSB; FSB; Not available; Not available; Not available; Not available; FSB; FSB; FSB; FSB; Not available; Not available; Not available; Not available,Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada; Russia; Russia; Canada; Canada,"Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s); Non-state actor, state-affiliation suggested; Individual hacker(s)",,"['https://techcrunch.com/2017/02/15/yahoo-notifying-users-of-malicious-account-activity-as-verizon-deal-progresses/?_ga=2.211912413.832030079.1550578062-1170144247.1549987749', 'https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://techcrunch.com/2017/02/15/yahoo-notifying-users-of-malicious-account-activity-as-verizon-deal-progresses/?_ga=2.211912413.832030079.1550578062-1170144247.1549987749', 'https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions', 'https://techcrunch.com/2017/02/27/yahoo-offers-new-details-on-breaches-to-senate-committee/']"
684,DragonOK vs. Japanese Organizations,Unit 42 Identifies New Dragon OK Backdoor Malware Deployed Against JapaneseTargets. The group is sometimes connected to the Chinese state.,2015-01-01,2015-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['Unknown']],,['DragonOk'],['Unknown'],['Unknown - not attributed'],,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DragonOk,Unknown,Unknown - not attributed,,['https://www.phnompenhpost.com/national/kingdom-targeted-new-malware'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://unit42.paloaltonetworks.com/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/', 'https://www.phnompenhpost.com/national/kingdom-targeted-new-malware']"
685,Operation Groundbait,Attackers from within the Ukraine mainly targeted anti-government separatists in the Ukraine.,2015-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system', 'Social groups', 'Media']]","[['Government / ministries', 'Political parties', 'Advocacy / activists (e.g. human rights organizations)', '']]",,['Ukraine'],['Non-state-group'],['Hacktivist(s)'],1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Ukraine,Non-state-group,Hacktivist(s),['https://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf'],System / ideology; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf']
686,Open Society Foundation Tainted Leaks,"Russian-state-sponsored hackers attacked the OSF by creating ""TaintedLeaks"".",2015-01-01,2015-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,"['United States', 'Europe (region)', 'Russia']","[['NATO', 'NORTHAM'], [], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['Social groups'], ['Social groups'], ['Social groups']]","[['Other social groups'], ['Other social groups'], ['Other social groups']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,['https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/']
687,Mexican Journalists targeted via government-exlusive NSO Spyware.,Mexican Journalists targeted via government-exlusive NSO Spyware.,2015-01-01,2016-08-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Mexico'],,"[['End user(s) / specially protected groups', 'Media']]",,,['Unknown'],['State'],,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Unknown,State,,['https://citizenlab.ca/2017/06/reckless-exploit-mexico-nso/'],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://citizenlab.ca/2017/06/reckless-exploit-mexico-nso/', 'https://elpais.com/https:/elpais.com/mexico/2023-03-10/lopez-obrador-dice-que-el-ejercito-no-espio-con-pegasus-a-periodistas-y-activistas-sino-que-se-hizo-investigacion.html']"
688,Sowbug Group,Sowbug: Cyberespionage group targets South American and Southeast Asian governments,2015-01-01,2017-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Ecuador', 'Peru', 'Brazil', 'Malaysia', 'Argentina', 'Brunei']","[[], ['SOUTHAM'], ['SOUTHAM'], ['ASIA', 'SCS', 'SEA'], ['SOUTHAM'], ['ASIA', 'SCS']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries']]",['Sowbug'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Sowbug,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
689,ZooPark,"KasperskyLab researchers have discovered ZooPark, a sophisticated cyberespionage campaign that has been targeting Android device users based in Middle Eastern countries for several years. An unknown hacker provided evidence to motherboard that should show that the group ZooPark is an Iranian state-sponsored Group. Kaspersky couldn`t tell which kind of actor is behind ZooPark.",2015-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of', 'Lebanon', 'Egypt', 'Morocco', 'Jordan']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['MENA', 'MEA', 'AFRICA', 'NAF'], ['AFRICA', 'NAF', 'MENA'], ['ASIA', 'MENA', 'MEA']]","[['End user(s) / specially protected groups'], ['End user(s) / specially protected groups'], ['End user(s) / specially protected groups'], ['End user(s) / specially protected groups'], ['End user(s) / specially protected groups']]",,['Zoopark'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attribution by third-party,,,,Zoopark; Zoopark,"Unknown; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.vice.com/en_us/article/qvn4kq/vigilante-hacks-government-zoopark-cyberespionage'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://usa.kaspersky.com/about/press-releases/2018_zoopark-new-android-based-malware', 'https://www.vice.com/en_us/article/qvn4kq/vigilante-hacks-government-zoopark-cyberespionage']"
690,Post-Charlie Hebdo Islamist CyberAttack,"Up to 20k French websites got hit by cyberattacks; ISIS claims responsibility, but also algerian anonymus groups and al-Qaida",2015-01-10,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Other']]","[['Government / ministries', 'Religious', '', '']]",['Anonymous Algeria'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],2,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Contested attribution,,,,Anonymous Algeria; Anonymous Algeria,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),['https://www.huffingtonpost.com/2015/01/13/charlie-hebdo_n_6464318.html\xa0https://www.cbsnews.com/news/france-hit-by-19000-cyber-attacks-after-charlie-hebdo-terror-attacks/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://money.cnn.com/2015/01/15/technology/security/french-websites-hacked/index.html', 'https://www.huffingtonpost.com/2015/01/13/charlie-hebdo_n_6464318.html\xa0https://www.cbsnews.com/news/france-hit-by-19000-cyber-attacks-after-charlie-hebdo-terror-attacks/']"
691,Cyber Caliphate CENTCOM Twitter and Youtube,Cyber Caliphate took control about the Twitter Account and Youtube Channel of U.S. Central Command(CENTCOM),2015-01-13,2015-01-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],['Cyber Caliphate'],['Unknown'],['Non-state-group'],['Terrorist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Caliphate,Unknown,Non-state-group,Terrorist(s),[],System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/Pro-ISIS-Group-Hijacks-Social-Accounts-of-US-Central-Command-469793.shtml']
692,Le Monde-SEA-Hack,The Twitter Channel of Le Monde was hacked by the SEA.,2015-01-21,2015-01-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Media']],,['Syrian Electronic Army'],['Syria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-cybercrime-lemonde/french-newspaper-le-monde-says-twitter-account-hacked-idUSKBN0KU07820150121']
693,Cyber Caliphate /Lizard Squad,ISIS Hacker group LizardSquad hacked Malaysian Airlines Website,2015-01-26,2015-01-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Malaysia'],"[['ASIA', 'SCS', 'SEA']]",[['Critical infrastructure']],[['Transportation']],"['Lizard Squad', 'Cyber Caliphate']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Terrorist(s)', 'Terrorist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Lizard Squad; Cyber Caliphate,Unknown; Unknown,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),['https://www.reuters.com/article/us-malaysia-airline-cybercrime/malaysia-airlines-website-targeted-by-hacker-group-cyber-caliphate-idUSKBN0KZ08E20150126'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.washingtonpost.com/news/morning-mix/wp/2015/01/26/lizard-squad-hacks-malaysia-airlines-claiming-link-to-islamic-state/?utm_term=.f1d1ebca1622', 'https://www.reuters.com/article/us-malaysia-airline-cybercrime/malaysia-airlines-website-targeted-by-hacker-group-cyber-caliphate-idUSKBN0KZ08E20150126', 'http://www.computerweekly.com/news/2240238817/Lizard-Squad-hijacks-Malaysia-Airlines-website\xa0https://techcrunch.com/2015/01/25/malaysia-airlines-site-hacked-by-lizard-squad/']"
694,Anonymous vs. Philiipines,Anonymus hacked philipine Goverment Websites,2015-01-31,2015-01-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Subnational predominance; Secession,Subnational predominance; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.gmanetwork.com/news/scitech/technology/422037/hackers-deface-gov-t-websites-to-demand-justice-for-slain-saf-officers/story/']
1267,Volatile / Lebanese Cedar II,"Volatile Cedar, presumed to be connected to the Lebanese Hezbollah Cyber Unit, has attacked targets arround the world.",2015-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Europe (region)', 'United States', 'United Kingdom', 'Egypt', 'Jordan', 'Palestine', 'Saudi Arabia', 'United Arab Emirates']","[[], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Telecommunications', ''], ['Telecommunications', ''], ['Telecommunications', ''], ['Telecommunications', ''], ['Telecommunications', ''], ['Telecommunications', ''], ['Telecommunications', ''], ['Telecommunications', '']]","['Volatile Cedar/ Lebanese Cedar', 'Hezbollah Cyber Unit']","['Lebanon', 'Lebanon']","['Non-state-group', 'Non-state actor, state-affiliation suggested', 'Non-state-group', 'Non-state actor, state-affiliation suggested']","['Terrorist(s)', '', 'Terrorist(s)', '']",1,2021-01-01; 2021-01-01; 2021-01-01; 2021-01-01; 2021-01-01; 2021-01-01; 2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,,,,Volatile Cedar/ Lebanese Cedar; Volatile Cedar/ Lebanese Cedar; Volatile Cedar/ Lebanese Cedar; Volatile Cedar/ Lebanese Cedar; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit; Hezbollah Cyber Unit,Lebanon; Lebanon; Lebanon; Lebanon; Lebanon; Lebanon; Lebanon; Lebanon,"Non-state-group; Non-state-group; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state-group; Non-state-group; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",Terrorist(s); ; Terrorist(s); ; Terrorist(s); ; Terrorist(s); ,['https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/hezbollah-hackers-attack-unpatched-atlassian-servers-at-telcos-isps/', 'https://blog.checkpoint.com/2015/03/31/volatilecedar/', 'https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf']"
696,Attack on Dutch Government,Unknown hackers hacked several dutch gov websites,2015-02-10,2015-02-10,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Netherlands'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.zdnet.com/article/ddos-attack-leaves-dutch-websites-offline-for-hours/']
697,Cyber Caliphate leak of Russian Data,Cyber Caliphate hacked up to 600 Russian Websites,2015-03-01,2015-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['Cyber Caliphate'],['Unknown'],['Non-state-group'],['Terrorist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Caliphate,Unknown,Non-state-group,Terrorist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
698,Principal Controller of Defence Account (Officers) Hack 2015,Unknown hackers leaked sensitive personal Data about indian Army Officers,2015-03-01,2015-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Military']],,"['China', 'Pakistan']",['Unknown - not attributed'],,1,,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution; Media-based attribution,,,,,China; Pakistan,Unknown - not attributed; Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://timesofindia.indiatimes.com/india/Army-officers-panic-as-hackers-steal-secret-data/articleshow/46856789.cms']
699,Fancy Bear vs. Denmark,"Danish armed forces personnel have had their email shacked from 2015 to 2017, Denmark’s security service said. The hack has been attributed to‘Fancy Bear,’ a hacking group said to have connections to Russia.",2015-03-01,2016-10-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['Denmark'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Military']],"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],['State'],,1,2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,"['https://www.rt.com/viral/385987-danish-hack-fancy-bear/', 'https://www.reuters.com/article/us-denmark-security-russia/russia-hacked-danish-defense-for-two-years-minister-tells-newspaper-idUSKBN17P0NR']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.rt.com/viral/385987-danish-hack-fancy-bear/', 'https://www.reuters.com/article/us-denmark-security-russia/russia-hacked-danish-defense-for-two-years-minister-tells-newspaper-idUSKBN17P0NR']"
700,Ontario Ministry of Education Leak,Unknown hackers leaked up to 5k E-Mail-adresses from Ontario Ministry of Education,2015-03-05,2015-03-05,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing,,['Canada'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.insidehalton.com/news-story/5476951-thousands-of-email-addresses-leaked-from-government-website/']
701,Git-Hub-DDoS-Attack,Authorities from the Chinese mainland are suspected to be behind the cyberattack that first knocked the popular U.S. coding site GitHub offline.,2015-03-19,2015-03-23,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['China'],"['Non-state actor, state-affiliation suggested']",,1,2015-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker,,,,,China,"Non-state actor, state-affiliation suggested",,['https://www.ibtimes.com/chinese-government-suspected-github-hack-evidence-links-ddos-attack-censorship-push-1863556'],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/github-suffers-largest-ddos-attack-in-sites-history/', 'https://www.ibtimes.com/chinese-government-suspected-github-hack-evidence-links-ddos-attack-censorship-push-1863556']"
702,Houthi Internet Outages 2015,Houthi Rebels took down the internet various times through out late march until early may 2015,2015-03-31,2015-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Yemen'],"[['ASIA', 'MENA', 'MEA']]","[['Critical infrastructure', 'End user(s) / specially protected groups', 'Other']]","[['Telecommunications', '', '']]",['Houthi Militias'],['Yemen'],['Non-state-group'],['Religious actors'],1,,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,,,,Houthi Militias,Yemen,Non-state-group,Religious actors,[],National power,National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://citizenlab.ca/2015/10/information-controls-military-operations-yemen/']
703,Sandworm vs. Ukrainian Company StarLight Media - 2015,"The disruptive malware KillDisk was detected in several ukrainian company networks, deleting critical data and making multiple computers unusable, this case refers to the company StarLight Media as a victim. The attacks have been attributed to Sandworm, allegedly run by Russian military intelligence service GRU.",2015-04-01,2015-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]",,"['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,2,2017-01-01; 2017-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; IT-security community attributes attacker,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://books.google.de/books?id=NrcrDwAAQBAJ&pg=PA48&lpg=PA48&dq=Ukrzaliznytsia+cyber+attack+2015&source=bl&ots=EDM_6pIFO3&sig=ACfU3U1V4cnJQmUtGYHpEGpEDMPhi1GYZA&hl=de&sa=X&ved=2ahUKEwiU1euc6unlAhXDaFAKHeYlDtEQ6AEwB3oECAkQAQ#v=onepage&q=Ukrzaliznytsia%20cyber%20attack%202015&f=false(S.48)'],System / ideology; Resources; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.wired.com/story/russian-hackers-attack-ukraine/', 'https://books.google.de/books?id=NrcrDwAAQBAJ&pg=PA48&lpg=PA48&dq=Ukrzaliznytsia+cyber+attack+2015&source=bl&ots=EDM_6pIFO3&sig=ACfU3U1V4cnJQmUtGYHpEGpEDMPhi1GYZA&hl=de&sa=X&ved=2ahUKEwiU1euc6unlAhXDaFAKHeYlDtEQ6AEwB3oECAkQAQ#v=onepage&q=Ukrzaliznytsia%20cyber%20attack%202015&f=false(S.48)']"
704,Anonymous vs. Chinese Government,Anonymous Philippines Hacks Chinese Govt. Websites over Territorial Disputes,2015-04-01,2015-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous Philippines'],['Philippines'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous Philippines,Philippines,Non-state-group,Hacktivist(s),[],Territory,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-philippines-hacks-chinese-govt-websites-over-territorial-disputes/']
705,Anonymous vs. Chinese Police Forces,"Anonymous Hacks Chinese Police, Govt. Websites",2015-04-01,2015-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Police']]",['Anonymous Globo'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous Globo,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Autonomy,System/ideology; Autonomy; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/operationchina-anonymous-hacks-chinese-police-govt/']
695,Fancy Bear vs. Bellingcat,"ThreatConnect reviews activity by Fancy Bear targeting Bellingcat, a key contributor in the MH17 investigation.",2015-02-01,2016-02-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Media']],,"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],['State'],,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,['https://threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/'],Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/']
707,Armenian-Turk Cyberwar Armenian Side,"Armenian groups involved in cyber attacks against Turkish government include Anonymous Armenia, Monte Melkonian Cyber Army, Caucasus cyber army and ASALA",2015-04-01,2015-04-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],"['Monte Melkonian Cyber Army', 'Anonymous']","['Armenia', 'Armenia']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,,,,Monte Melkonian Cyber Army; Anonymous,Armenia; Armenia,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/armenia-turkish-hackers-cyberwar/']
708,Armenian-Turk Cyberwar Turkish Side,The groups of Turkish hackers conducting cyber attacks on Armenian government are Anonymous Tuak and Turk Hack Team (THT),2015-04-01,2015-04-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Armenia'],"[['ASIA', 'CENTAS', 'CSTO']]",[['State institutions / political system']],[['Government / ministries']],"['Anonymous', 'TurkHackTeam']","['Turkey', 'Turkey']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,,,,Anonymous; TurkHackTeam,Turkey; Turkey,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
709,Blocking of Al-Arabiya,Houthi Rebels blocked the arabian version of the website of Al-Arabiya in the Yemeni Internet,2015-04-07,2015-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United Arab Emirates'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['Media']],,['Houthi Militias'],['Yemen'],['Non-state-group'],['Religious actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Houthi Militias,Yemen,Non-state-group,Religious actors,[],National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://english.alarabiya.net/en/media/digital/2015/04/08/Houthis-block-Al-Arabiya-s-Arabic-language-website-in-Yemen-.html']
710,IS hackers vs. Embassy,Turkmen Embassy In Minsk Hacked Apparently ByIS,2015-04-09,2015-09-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Turkmenistan'],[['ASIA']],[['State institutions / political system']],,['El Moujahidine'],['Unknown'],['Non-state-group'],['Terrorist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,El Moujahidine,Unknown,Non-state-group,Terrorist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.rferl.org/a/turkmen-embassy-in-minsk-hacked/26947114.html']
711,Iran State Television Twitter Hacked,"Hackers took over the official Twitter account of Iran’s state Television ‘Al-Alam’, leaving material supportive of the Saudi-led airwar against Iran-backed rebels in Yemen",2015-04-13,2015-04-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Media']],,,['Saudi Arabia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Saudi Arabia,Non-state-group,Hacktivist(s),[],System / ideology; National power; Subnational predominance,National power; Subnational predominance; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/irani-state-tv-social-media-hacked-saudi-hackers/']
712,Bundestags Hack 2015,Probably Russian Hackers (maybe FSB) hacked the System of the German Parliament and grabbed Gigabytes of sensitive Data and destroyed parts of the system,2015-04-13,2015-05-20,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Legislative']],"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)', 'GRU']","['Russia', 'Russia']","['State', 'State']",,2,2015-01-01; 2015-01-01; 2015-01-01; 2015-01-01,"Statement in media report and indictment / sanctions; Statement in media report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU; Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia; Russia; Russia,"State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['http://www.zeit.de/2017/20/cyberangriff-bundestag-fancy-bear-angela-merkel-hacker-russland', 'https://www.welt.de/politik/deutschland/article142372328/Verfassungsschutz-verfolgt-Spur-nach-Russland.html', 'https://www.zdnet.com/article/german-authorities-charge-russian-hacker-for-2015-bundestag-hack/', 'https://netzpolitik.org/2020/haftbefehl-gegen-mutmasslichen-russischen-geheimdienst-hacker/']",International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://twitter.com/Cyber_O51NT/status/1633131784568463361', 'https://www.heise.de/security/meldung/Bundestags-Hack-Angreifer-sollen-gigabyteweise-E-Mails-kopiert-haben-2715881.html', 'http://www.zeit.de/2017/20/cyberangriff-bundestag-fancy-bear-angela-merkel-hacker-russland', 'https://www.welt.de/politik/deutschland/article142372328/Verfassungsschutz-verfolgt-Spur-nach-Russland.html', 'https://www.zdnet.com/article/german-authorities-charge-russian-hacker-for-2015-bundestag-hack/', 'https://netzpolitik.org/2020/haftbefehl-gegen-mutmasslichen-russischen-geheimdienst-hacker/', 'https://www.securityweek.com/german-cybersecurity-chief-sacked-over-alleged-russia-ties']"
713,THT Herakles DDOS vs. The Pope,"Hacker ""THTHerakles"" ShutDown Vatican City Website Against Pope’s Comment using the word ""genozied"" about turk mass killing of Armenians",2015-04-13,2015-04-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Holy See (Vatican City State)'],[['EUROPE']],[['State institutions / political system']],[['Government / ministries']],['THT Herakles'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,THT Herakles,Turkey,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/hackers-shut-down-vatican-city-website/']
714,Anonymous vs. Chilean Government,"Anonymous Hacks Chile Govt in support of student protests, against police brutality",2015-05-01,2015-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Chile'],[['SOUTHAM']],[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Chile'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Chile,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-hacks-chile-government/']
715,United-Airlines-Hack,"A group of China-backed hackers believed to be responsible for high-profile databreaches, including the U.S. Office of Personnel Management and the insurance giant Anthem, has now hit another high-profile target–United Airlines.",2015-05-01,2015-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA)', 'PLA']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2015-01-01; 2015-01-01,"Attribution given, type unclear; Attribution given, type unclear",Media-based attribution; Media-based attribution,,,,APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA); PLA,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.bloomberg.com/news/articles/2015-07-29/china-tied-hackers-that-hit-u-s-said-to-breach-united-airlines'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://thehackernews.com/2015/07/united-airlines-hacked.html', 'https://www.bloomberg.com/news/articles/2015-07-29/china-tied-hackers-that-hit-u-s-said-to-breach-united-airlines']"
706,Yemen CyberArmy vs. Al-hayat,"Pro-Houthi Hackers ""YemenCyberArmy"" hacked the London-based, saudi-owned arab Newspaper al-Hayat.",2015-04-01,2015-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['Saudi Arabia', 'United Kingdom']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Media'], ['Media']]",,['Yemen Cyber Army'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,3,2015-01-01; 2015-01-01; 2015-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attacker confirms; Contested attribution,,,,Yemen Cyber Army; Yemen Cyber Army; Yemen Cyber Army,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://motherboard.vice.com/en_us/article/wnj9gq/theres-evidence-the-yemen-cyber-army-is-actually-iranian', 'https://www.buzzfeednews.com/article/sheerafrenkel/who-is-the-yemen-cyber-army#.ytNvmG2OD']",System / ideology; National power,National power; Subnational predominance; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.breitbart.com/national-security/2015/04/14/arab-newspaper-hacked-by-pro-houthi-yemen-cyber-army/', 'https://motherboard.vice.com/en_us/article/wnj9gq/theres-evidence-the-yemen-cyber-army-is-actually-iranian', 'https://www.buzzfeednews.com/article/sheerafrenkel/who-is-the-yemen-cyber-army#.ytNvmG2OD']"
717,Japan Pension System Hack,Japan’s pension system has been hacked and more than a million cases of personal data leaked.,2015-05-01,2015-05-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft & Doxing,,['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown; System/ideology,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-japan-pensions-attacks-idUSKBN0OH1OP20150601?mod=djemCIO_h']
718,Anonymous vs. Italian Ministry of Defense,"Anonymous leaked data, especially E-Mail-adresses of military personnel, of italian ministry of defence",2015-05-01,2015-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Italy'],"[['EUROPE', 'NATO', 'EU']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.lastampa.it/2015/05/19/italia/cronache/anonymous-colpisce-il-ministero-della-difesa-qlFNgswyvu20wnQiNYK1kL/pagina.html']
719,Operation DustySky Part 1,"Espionage campaign by the MoleRATs Group (also known as the Gaza Cybergang Group), an Arabic-speaking, politically motivated group that has been operating in the Middle East since 2012.",2015-05-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Middle East (region)', 'United States', 'Europe (region)']","[[], ['NATO', 'NORTHAM'], []]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure']]","[['Government / ministries', 'Finance', '', '', 'Defence industry'], ['Government / ministries', 'Finance', '', '', 'Defence industry'], ['Government / ministries', 'Finance', '', '', 'Defence industry']]","['Molerats/Extreme Jackal', 'Gaza Cybergang 1']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Molerats/Extreme Jackal; Gaza Cybergang 1,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,"['https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf', 'https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf', 'https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf', 'https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion']"
720,RxRHaCker vs. Iranian Ministry of Defense,"Iran Ministry of Defense Website Hacked by Saudi Hackergroup ""RxRHaCker""",2015-05-14,2015-05-14,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Military']],['RxRHaCker'],['Saudi Arabia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RxRHaCker,Saudi Arabia,Non-state-group,Hacktivist(s),[],System / ideology; National power; Subnational predominance,National power; Subnational predominance; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/saudi-hackers-iran-defense-ministry-website/']
721,DNC-Hack (Cozy Bear) - 2016,Russian government hackers from state-sponsored group Cozy Bear/APT29 penetrated the computer network of the Democratic National Committee and monitored the DNC`s email and chat communications.,2015-06-01,2016-06-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Political parties']],['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)'],['Russia'],['State'],,3,2016-01-01; 2016-01-01; 2016-01-01,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by third-party,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia; Russia; Russia,State; State; State,,"['https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/', 'https://www.cnbc.com/2020/07/17/fancy-bear-cozy-bear-russia.html', 'https://abcnews.go.com/International/russia-linked-hackers-accused-stealing-covid-vaccine-data/story?id=71819152', 'https://www.csmonitor.com/World/Passcode/2016/0615/Meet-Fancy-Bear-and-Cozy-Bear-Russian-groups-blamed-for-DNC-hack', 'https://us-cert.cisa.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf']",International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-', 'https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/', 'https://www.cnbc.com/2020/07/17/fancy-bear-cozy-bear-russia.html', 'https://abcnews.go.com/International/russia-linked-hackers-accused-stealing-covid-vaccine-data/story?id=71819152', 'https://www.csmonitor.com/World/Passcode/2016/0615/Meet-Fancy-Bear-and-Cozy-Bear-Russian-groups-blamed-for-DNC-hack', 'https://us-cert.cisa.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf', 'https://www.wired.com/story/leaked-pentagon-documents-ukraine-discord/']"
716,Unknown hackers vs. ChiOnwurahs,Unknown hackers got access to sensitive data of the MP Chi Onwurahs parliamentary work,2015-05-01,2015-05-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Legislative']],,['Unknown'],['Non-state-group'],['Criminal(s)'],1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Non-state-group,Criminal(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/british-parliament-computers-ransomware-infected/', 'https://www.express.co.uk/life-style/science-technology/618063/Parliament-Hacked-Files-MP-Ransom', 'https://www.thetimes.co.uk/article/labours-digital-shadow-is-hacked-ggqpd0gp9tz']"
723,"Trojan ""Bookworm"" vs. Thailand","A trojan called ""Bookworm"" targeted the government of Thailand, in order to infiltrate its networks.",2015-06-01,2015-11-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Thailand'],"[['ASIA', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,['https://unit42.paloaltonetworks.com/bookworm-trojan-a-model-of-modular-architecture/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://unit42.paloaltonetworks.com/attack-campaign-on-the-government-of-thailand-delivers-bookworm-trojan/', 'https://unit42.paloaltonetworks.com/bookworm-trojan-a-model-of-modular-architecture/']"
724,U.S.Army Website Hack 2015,US Army website defaced by Syrian Electronic Army,2015-06-08,2015-08-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],['Syrian Electronic Army'],['Syria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Electronic Army,Syria,Non-state-group,Hacktivist(s),['https://www.forbes.com/sites/katevinton/2015/06/08/syrian-electronic-army-claims-responsibility-for-hacking-army-website/#a0c6557197f0'],System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.bbc.com/news/world-us-canada-33058755', 'https://www.forbes.com/sites/katevinton/2015/06/08/syrian-electronic-army-claims-responsibility-for-hacking-army-website/#a0c6557197f0']"
722,Iran vs. Satellite Companies,"Between 2015 and 2019 hackers attributed to be part of the IRG hacked various companies, and government agencies, most related to the production and operation of satellites",2015-06-01,2019-02-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['United States', 'United Kingdom', 'Australia', 'Israel', 'Singapore']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['OC'], ['ASIA', 'MENA', 'MEA'], ['ASIA']]","[['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['', '', 'Telecommunications', 'Defence industry', ''], ['', '', 'Telecommunications', 'Defence industry', ''], ['', '', 'Telecommunications', 'Defence industry', ''], ['', '', 'Telecommunications', 'Defence industry', ''], ['', '', 'Telecommunications', 'Defence industry', '']]",['Iran Revolutionary Guard Corps'],"['Iran, Islamic Republic of']",['State'],,1,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,Iran Revolutionary Guard Corps,"Iran, Islamic Republic of",State,,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securityaffairs.co/wordpress/108449/cyber-warfare-2/iranian-hackers-satellite-companies.html']
726,AnonGhost attacks US Air Force Website,Pro-Palestine Group Hacks Subdomains of US Air Force Website,2015-06-10,2015-10-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],['AnonGhost'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,AnonGhost,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Secession,System/ideology; Resources; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/us-air-force-hacked-website-hacked/']
727,Lov3rDns vs. Obama Campaign,"Obama’s Election Campaign Social Network Domain Hacked by Yemeni Hacker""Lov3rDns""",2015-06-11,2015-11-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Political parties']],['Lov3rDns'],['Yemen'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Lov3rDns,Yemen,Individual hacker(s),,[],System / ideology,National power; Subnational predominance,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/obama-election-social-network-hacked-yemen-hacker/']
728,Malaysian Social Media Hacked,"Malaysian Police Facebook, Twitter Accounts Hacked by Pro-ISIS Hackers ""AnonGhost""",2015-06-13,2015-06-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Malaysia'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Police']],"['AnonGhost', 'Pro-ISIS']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Terrorist(s)', 'Terrorist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,AnonGhost; Pro-ISIS,Unknown; Unknown,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/isis-hackers-malaysia-police-facebook-twitter-hack/']
729,Anonymous vs. Canadian Government,Anonymous attacked Canadian networks in response to an Anti-Terror Law,2015-06-17,2015-06-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Canada'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Intelligence agencies']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-canada-cyberattack/canada-government-websites-taken-down-in-cyber-attack-idUSKBN0OX2GI20150617']
730,Anonymous vs. US Census Bureau,"Anonymous hacks US Census Bureau over TTIP agreement, leaking employee details online",2015-06-22,2015-06-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cbsnews.com/news/anonymous-hackers-claim-to-have-breached-census-bureau-database/', 'http://uk.businessinsider.com/anonymous-hackers-leak-4200-us-government-workers-alleged-details-to-protest-ttip-and-tpp-2015-7']"
731,Colin Powell Hacked,"Colin Powells Email account was hacked by Fancy Bear and one year later in 2016, emails have been leaked.",2015-07-01,2016-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.apnews.com/3bca5267d4544508bb523fa0db462cb2', 'https://www.vice.com/en/article/mg7xjb/how-hackers-broke-into-john-podesta-and-colin-powells-gmail-accounts']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf', 'https://www.apnews.com/3bca5267d4544508bb523fa0db462cb2', 'https://www.vice.com/en/article/mg7xjb/how-hackers-broke-into-john-podesta-and-colin-powells-gmail-accounts']"
732,Azerbaijan vs. Armenia July,"Armenian hackers from Monte Melkonian Cyber Army hacked into the official website of Azerbaijani customs, stealing highly confidential personal information of 5650 Azerbaijani citizens.",2015-07-01,2015-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Azerbaijan'],"[['ASIA', 'CENTAS']]",[['End user(s) / specially protected groups']],,['Monte Melkonian Cyber Army'],['Armenia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),['https://www.hackread.com/armenian-azerbaijani-cyberwar/'],Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/armenian-azerbaijani-cyberwar/']
733,Leak of U.S. Military Personal Data 2015,Probably Russian Hackers leaked unclassified E-Mail access for thousands of military personal,2015-07-01,2015-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2015-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Russia,"Non-state actor, state-affiliation suggested",,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/technology/2015/aug/06/us-military-joint-chiefs-hacked-officials-blame-russia']
734,Cyberberkut vs. Germany,The pro-Russian Hackgroup CyberBerkut claimed responsibility for the disruption of the website of the German Cancellor and Bundestag,2015-07-01,2015-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Legislative']]",['Cyber Berkut'],['Russia'],"['Non-state actor, state-affiliation suggested']",,2,2015-01-01; 2015-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,,,,Cyber Berkut; Cyber Berkut,Russia; Ukraine,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf', 'https://www.reuters.com/article/us-germany-cyberattack/pro-russian-group-claims-cyber-attack-on-german-government-websites-idUSKBN0KG15320150107']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.heise.de/newsticker/meldung/DDoS-Attacke-auf-Web-Seiten-von-Kanzlerin-und-Bundestag-2512871.html', 'https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf', 'https://www.reuters.com/article/us-germany-cyberattack/pro-russian-group-claims-cyber-attack-on-german-government-websites-idUSKBN0KG15320150107']"
735,Russian Attack on the Pentagon,Russian Threat actors tried to access the networks of the Pentagon via an phishing attack,2015-07-01,2015-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2015-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Russia,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://edition.cnn.com/2015/04/23/politics/russian-hackers-pentagon-network/']
736,Hacking Team-Hack 2015,"The cybersecurity firm HackingTeam appears to have itself been the victim of a hack, with documents that purport to show its old software to repressive regimes being posted to the company’s own Twitterfeed.",2015-07-01,2015-07-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['Unknown'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,,Unknown,Unknown - not attributed,,['https://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim'],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim']
737,Anonymous vs. Canadian Police,"Anonymous Targets Canadian Police, Crashes RCMP’s Website after Police killed one member of anonymus previosly",2015-07-01,2015-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Canada'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),['https://nationalpost.com/news/canada/anonymous-says-it-hacked-canadas-security-secrets-in-retaliation-for-police-shooting-of-b-c-activist'],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/anonymous-targets-canadian-police-rcmps-website/', 'https://nationalpost.com/news/canada/anonymous-says-it-hacked-canadas-security-secrets-in-retaliation-for-police-shooting-of-b-c-activist']"
725,IS Hackers vs. SyriaHumanRights,Islamic State supporters hack website of Syria rights watch dog,2015-06-08,2015-08-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Social groups']],[['Advocacy / activists (e.g. human rights organizations)']],['The Cyber Army of the Khilafah'],['Unknown'],['Non-state-group'],['Terrorist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,The Cyber Army of the Khilafah,Unknown,Non-state-group,Terrorist(s),[],System / ideology,System/ideology; Resources; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.yahoo.com/news/islamic-state-supporters-hack-website-syria-rights-watchdog-144857500.html']
739,US Dept of Energy and NATO websites hacked by ISIS,Subdomain of U.S. Dept. Of Energy’s Argonne National Lab Hacked by ISIS Hackers,2015-07-08,2015-07-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"['NATO (region)', 'United States']","[[], ['NATO', 'NORTHAM']]","[['International / supranational organization', 'Science'], ['International / supranational organization', 'Science']]",,['Cyber Islamic State'],['Unknown'],['Non-state-group'],['Terrorist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Islamic State,Unknown,Non-state-group,Terrorist(s),[],System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/pro-isis-hackers-us-dept-of-energy/']
740,OilRig Part1,"In autumn 2015, the defence industry in Saudi Arabia was attacked. The malware identified points to an association with APT34, a hacking group working on behalf of the Iranian government.",2015-08-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]","[['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure']]","[['Telecommunications', 'Finance', 'Defence industry']]",['OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://unit42.paloaltonetworks.com/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/', 'https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html']"
741,Op Taiwan,Anonymous Brings Down Taiwan Government Websites,2015-08-02,2015-02-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Taiwan'],"[['ASIA', 'SCS']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-brings-down-taiwan-govt-websites/']
742,Anonymous vs. Mexican Government,"Anonymous Hacks Mexican Govt Website, Demand Justice For Rubén Espinosa",2015-08-08,2015-08-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Mexico'],,[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Mexico'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Mexico,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-mexico-ruben-espinosa/']
743,DDOS vs. Minnesota Court System,The website of the Minnesota court system experienced multiple DDOS attacks during December 2015,2015-08-12,2015-12-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Judiciary']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/ddos-attack-on-minnesota-court-system-website-takes-website-offline-for-ten-days-498741.shtml']
744,Saudi Airforce Defacement,"Royal Saudi AirForce Website Hacked By Iranian Hackers ""Mr.Xpr!Iran Hack Security Team""",2015-08-23,2015-08-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['State institutions / political system']],[['Military']],"['Iran Hack Security Team', 'Mr.Xpr!']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Iran Hack Security Team; Mr.Xpr!,"Iran, Islamic Republic of; Iran, Islamic Republic of",Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology; National power; Subnational predominance,National power; Subnational predominance; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/saudi-airforce-hacked-iranian-hackers/']
738,British Television Station Hack,Fancy Bear infiltrated an unnamed british television station for more than a year.,2015-07-01,2016-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Media']],,"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],['State'],,2,2017-01-01; 2017-01-01,"Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,"State; Non-state actor, state-affiliation suggested",,"['https://www.gov.uk/government/news/uk-exposes-russian-cyber-attacks', 'https://www.secureworks.com/research/iron-twilight-supports-active-measures']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.ibtimes.co.uk/russia-linked-fancy-bear-hackers-had-access-uk-television-station-almost-year-1603226', 'https://www.gov.uk/government/news/uk-exposes-russian-cyber-attacks', 'https://www.secureworks.com/research/iron-twilight-supports-active-measures']"
746,Cyber-Kommando Hack Telekommunikation Afghanistan,The German military hacked the networks of an Afghan telecommunication provider in order to get information regarding a hostage.,2015-09-01,2015-09-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft,,['Afghanistan'],"[['ASIA', 'SASIA']]",[['Critical infrastructure']],[['Telecommunications']],['Cyber-Kommando Bundeswehr'],['Germany'],['State'],,1,2016-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,,,Cyber-Kommando Bundeswehr,Germany,State,,[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.spiegel.de/politik/ausland/cyber-einheit-bundeswehr-hackte-afghanisches-mobilfunknetz-a-1113560.html']
747,TV5 Le Monde Attack 2015,"Fancy Bear took all TV-Shows of TV5 off Air and took control about their Twitter- and Facebook-Accounts, posting islamist content",2015-09-04,2015-10-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Media']],,"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)', 'Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']","['Russia', 'Russia']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2015-01-01; 2015-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.secureworks.com/research/iron-twilight-supports-active-measures', 'https://www.bankinfosecurity.com/french-officials-detail-fancy-bear-hack-tv5monde-a-9983']",System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-france-russia-cybercrime/france-probes-russian-lead-in-tv5monde-hacking-sources-idUSKBN0OQ2GG20150610', 'https://www.hackread.com/france-tv5monde-hack-isis-russia/', 'https://www.secureworks.com/research/iron-twilight-supports-active-measures', 'https://www.bankinfosecurity.com/french-officials-detail-fancy-bear-hack-tv5monde-a-9983', 'https://www.reuters.com/article/us-france-television-islamists/french-broadcaster-tv5monde-hit-by-islamist-hackers-idUSKBN0N00HA20150409', 'https://twitter.com/Cyber_O51NT/status/1633131784568463361']"
748,Yemen Electronic Army vs. India,The hackergroup Yemeni electronic army defaced the website of the indian ministry of energy efficiency,2015-09-09,2015-09-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Yemeni Electronic Army'],['Yemen'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Yemeni Electronic Army,Yemen,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.thehindubusinessline.com/news/govt-energy-website-hacked-yemeni-terrorist-group-takes-responsibility/article7633347.ece']
749,Anonymous vs. Vietnam Government,Anonymous Hacks Vietnam Govt websites Against Human Rights Abuse,2015-09-17,2015-09-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Vietnam'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],"['Anti Sec', 'Hagash Team']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anti Sec; Hagash Team,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-hacks-vietnam-government-against/']
750,Faisal vs. Government of Kerela,Pakistani hacker hacked the official website of the Government of Kerala,2015-09-27,2015-09-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Team Pak'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team Pak,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology; Territory,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.inquisitr.com/2451705/indian-hackers-deface-over-40-pakistani-websites-hours-after-two-indian-government-portals-were-hacked/']
751,Mallu Cyber Soldiers retaliation,Indian Hackers Deface Over 40 Pakistani Websites Hours After Two Indian Government Portals Were Hacked,2015-09-27,2015-09-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Media']]","[['Government / ministries', '']]",['Mallu Cyber Soldiers'],['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Mallu Cyber Soldiers,India,Non-state-group,Hacktivist(s),[],System / ideology; Territory,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
752,SWIFT attackers’ against Vietnam and the Philippines,The Symantec researchers said they have uncovered an October attack at a bank in the Philippines and in Vietnam in December 2016. Symantec said the evidence pointed to being the work of the LazarusGroup.,2015-10-01,2015-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]",[['Critical infrastructure']],[['Finance']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)', 'Reconnaissance General Bureau']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['State', 'State']",,2,2016-01-01; 2016-01-01; 2016-01-01; 2016-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of",State; State; State; State,,"['https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks', 'https://us-cert.cisa.gov/ncas/alerts/aa20-239a']",Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.sfgate.com/business/article/North-Korea-linked-to-digital-thefts-from-global-7951583.php', 'https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks', 'https://us-cert.cisa.gov/ncas/alerts/aa20-239a']"
753,South Korean Lawmakers Hack,"North Korean hackers stole files from the computers of South Korean lawmakers and hacked into servers at the presidential Blue House,according to Seoul's spyagency. South Korea's NationaI Intelligence Service said Tuesday government auditdata was stolen from three personal computers that belong to members of the National Assembly,News is reported.",2015-10-01,2015-10-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Legislative']]",,"[""Korea, Democratic People's Republic of""]",['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,"Korea, Democratic People's Republic of",Unknown - not attributed,,['https://www.upi.com/Top_News/World-News/2015/10/20/Spy-agency-North-Korea-hackers-stole-sensitive-South-Korean-data/9041445353950/'],International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.upi.com/Top_News/World-News/2015/10/20/Spy-agency-North-Korea-hackers-stole-sensitive-South-Korean-data/9041445353950/']
754,Anonymous Data Leak,Anonymous Leaks Chinese Government Website Data Over Hong Kong Protests,2015-10-01,2015-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
755,Targeting of the HongKong Opposition,Allegedly Chinese state affiliated hackers compromised popular file-sharing services including Dropbox and GoogleDrive GOOGL.O to trap victims into downloading infected files and compromising sensitive information.,2015-10-01,2015-10-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Hong Kong'],[['ASIA']],"[['State institutions / political system', 'End user(s) / specially protected groups']]","[['Political parties', '']]",,['China'],['State'],,2,2015-01-01; 2015-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; IT-security community attributes attacker,,,,,China; China,"State; Non-state actor, state-affiliation suggested",,['https://www.reuters.com/article/us-cybersecurity-hongkong-insight/on-chinas-fringes-cyber-spies-raise-their-game-idUSKBN0TI0WF20151130'],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-cybersecurity-hongkong-insight/on-chinas-fringes-cyber-spies-raise-their-game-idUSKBN0TI0WF20151130']
756,US-DOS-Hack 2015,"During October 2015, Iranian hackers identified individual State Department officials who focus on Iran and the Middle East, and broke into their email and social media accounts.",2015-10-01,2015-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2015-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,[],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.nytimes.com/2015/11/25/world/middleeast/iran-hackers-cyberespionage-state-department-social-media.html']
757,DDOS vs. Thai Government,Thai government websites hit by denial-of-service attack,2015-10-01,2015-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Thailand'],"[['ASIA', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Thailand'],['Non-state-group'],['Hacktivist(s)'],1,,Domestic legal action,Attribution by receiver government / state entity,,,,Anonymous,Thailand,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/government/thai-police-arrests-nine-anonymous-hackers-for-role-in-opsinglegateway-attacks/', 'http://www.bbc.com/news/world-asia-34409343']"
745,British National Crime Agency Website Hack 2015,ISIS Hackergroup Lizard Squad disrupted the Website of the British National Crime Agency for 30 Minutes,2015-09-01,2015-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Police']],['Lizard Squad'],['Unknown'],['Non-state-group'],['Terrorist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Lizard Squad,Unknown,Non-state-group,Terrorist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/technology/2015/sep/01/lizard-squad-cyber-attackers-disrupt-national-agency-website']
759,Seven Pointed Dagger/Myanmar Elections,APT  groups from multiple countries-including China-have been known to target organizations of strategic interest with aggressive malware-based espionage campaigns. Initial investigation of malware properties has led to the discovery of a Myanmar website related to elections that was hosting PlugX malware.,2015-10-01,2015-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Myanmar'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Civil service / administration', 'Election infrastructure / related systems']]",['Group27'],['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Group27,China,Unknown - not attributed,,"['http://pages.arbornetworks.com/rs/082-KNA-087/images/ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf', 'https://news.softpedia.com/news/this-year-s-most-active-cyber-espionage-groups-505402.shtml']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theregister.com/2016/01/12/seven_pointed_dagger_cyberspies/', 'http://pages.arbornetworks.com/rs/082-KNA-087/images/ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf', 'https://news.softpedia.com/news/this-year-s-most-active-cyber-espionage-groups-505402.shtml']"
760,Bl@ck Dr@gon vs. PPP,"Pakistan Peoples Party’s website was hacked and defaced by Indian hackers over a controversial statement made by PPP’s Leader Bilawal Bhutto Zardari, that he will take back the entire Kashmir inch by inch.",2015-10-07,2015-07-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Political parties']],['Bl@ckDr@gon'],['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Bl@ckDr@gon,India,Non-state-group,Hacktivist(s),[],System / ideology; Territory,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.techworm.net/2014/10/indo-pak-cyber-war-in-offing.html']
761,Anonymous Defacement of HongKong Sites,Anonymous hacked and defaced many Hong Kong based websites including few of the Chinese Government websites,2015-10-07,2015-07-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],"['Anonymous', 'Antisec Division']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; Antisec Division,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
762,EPSAwakens,Chinese Hackers Target Taiwanese Politicians Just Before Elections,2015-11-01,2015-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,['Taiwan'],"[['ASIA', 'SCS']]","[['State institutions / political system', 'State institutions / political system', 'Media']]","[['Intelligence agencies', '', '']]",['APT 16'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2015-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT 16,China,"Non-state actor, state-affiliation suggested",,[],System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/chinese-hackers-target-taiwanese-politicians-just-before-elections-497978.shtml']
763,Anonymous vs. Thai Police,Anonymous hacked Servers of Thai Police and leaked data to protest against internet censorship,2015-11-01,2015-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Thailand'],"[['ASIA', 'SEA']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-hacks-thailand-police-against-censorship/']
764,Israeli Generals-Iran-Hack,"Israeli Generals have been targeted by Iran, according to an Israeli IT-security company.",2015-11-01,2016-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Social groups', 'Science']]","[['Military', 'Advocacy / activists (e.g. human rights organizations)', '']]",,"['Iran, Islamic Republic of']",['State'],,1,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,"Iran, Islamic Republic of",State,,['https://www.timesofisrael.com/israeli-generals-said-among-1600-global-targets-of-iran-cyber-attack/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.timesofisrael.com/israeli-generals-said-among-1600-global-targets-of-iran-cyber-attack/']
765,Dropping Elephant targets Diplomats,Dropping Elephant targets multiple diplomatic and government entities with a particular focus on China and its international affairs,2015-11-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['China', 'Pakistan', 'Sri Lanka', 'United States', 'Uruguay', 'Bangladesh', 'Taiwan', 'Australia']","[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA'], ['NATO', 'NORTHAM'], ['SOUTHAM'], ['ASIA', 'SASIA'], ['ASIA', 'SCS'], ['OC']]","[['State institutions / political system', 'Media'], ['State institutions / political system', 'Media'], ['State institutions / political system', 'Media'], ['State institutions / political system', 'Media'], ['State institutions / political system', 'Media'], ['State institutions / political system', 'Media'], ['State institutions / political system', 'Media'], ['State institutions / political system', 'Media']]",,"['Patchwork/Dropping Elephant', 'China strats aka Patchwork']","['India', 'India']","['Unknown - not attributed', 'Unknown - not attributed']",,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Patchwork/Dropping Elephant; China strats aka Patchwork,India; India,Unknown - not attributed; Unknown - not attributed,,['https://threatpost.com/apt-group-patchwork-cuts-and-pastes-a-potent-attack/119081/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/the-dropping-elephant-actor/75328/', 'https://www.helpnetsecurity.com/2016/07/11/cyber-espionage-low-profile-tools-high-profile-targets/', 'https://threatpost.com/apt-group-patchwork-cuts-and-pastes-a-potent-attack/119081/']"
766,Capture the Backdoor,"The Brazilian Army's servers got hacked, resulting in personal details of about 7,000 officers getting leaked.",2015-11-01,2015-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Brazil'],[['SOUTHAM']],[['State institutions / political system']],[['Military']],,['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.zdnet.com/article/brazilian-army-gets-hacked/']
767,CWA-FBI-Hack,"A group of hackers claims to have breached an FBI information-sharing portal and gained access to numerous sensitive systems,including records of individuals who have been arrested by U.S. federal agencies as well as tools for sharing information between U.S. federal agencies and partners located both domestically and abroad.",2015-11-08,2015-11-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['Crackas With Attitude'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Crackas With Attitude,Unknown,Non-state-group,Hacktivist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.bankinfosecurity.com/hackers-claim-fbi-information-sharing-portal-breach-a-8667']
758,Talk-Talk-Hack,"In October, hackers obtained the details of nearly 157,000 TalkTalk customers, 15,000 of which had their bankdetails accessed.",2015-10-01,2015-10-01,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['United Kingdom'],['Non-state-group'],['Criminal(s)'],1,,Domestic legal action,Attribution by receiver government / state entity,,,,,United Kingdom,Non-state-group,Criminal(s),"['https://www.heise.de/newsticker/meldung/TalkTalk-Hack-Mehrmonatige-Haftstrafen-fuer-zwei-Taeter-4226949.html', 'https://www.theguardian.com/technology/2015/oct/23/talktalk-criticised-for-poor-security-and-handling-of-hack-attack', 'https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/the-talktalk-breach-timeline-of-a-hack/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/business/2015/dec/15/talktalk-hack-could-not-have-been-prevented-by-cyber-essentials', 'https://www.heise.de/newsticker/meldung/TalkTalk-Hack-Mehrmonatige-Haftstrafen-fuer-zwei-Taeter-4226949.html', 'https://www.theguardian.com/technology/2015/oct/23/talktalk-criticised-for-poor-security-and-handling-of-hack-attack', 'https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/the-talktalk-breach-timeline-of-a-hack/']"
769,Monte Melkonian CyberArmy vs. Azerbaijani Central Bank,"Armenian Hackergroup ""Monte Melkonian CyberArmy"" hacks azerbijans Central Bank and leaked sensitive personal Data",2015-11-11,2015-11-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Azerbaijan'],"[['ASIA', 'CENTAS']]","[['State institutions / political system', 'Critical infrastructure']]","[['Other (e.g., embassies)', 'Finance']]",['Monte Melkonian Cyber Army'],['Armenia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),[],Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.hackread.com/armenian-group-hacks-azerbaijan-central-bank/']
770,TurkHackTeam vs. Central Bank of Russia,"Turkish Hackergroup ""TurkHackTeam"" shutdown Russian Central banks Website after Russian military plane shut down by turkey",2015-11-25,2015-11-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'Critical infrastructure']]","[['Other (e.g., embassies)', 'Finance']]",['Turk Hack Team'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turk Hack Team,Turkey,Non-state-group,Hacktivist(s),[],International power,International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.hackread.com/turkish-hackers-target-russian-central-bank-site/']
771,APT 16 vs. Taiwan and Japan,"Between November 26, 2015, and December 1, 2015, known and suspected China-based APT  groups launched several spear phishing attacks targeting Japanese and Taiwanese organizations in the high-tech, government services, media and financial services industries",2015-11-26,2015-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Taiwan', 'Japan']","[['ASIA', 'SCS'], ['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Government / ministries', '', ''], ['Government / ministries', '', '']]",['APT 16'],['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT 16,China,Unknown - not attributed,,['https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html'],System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html']
772,Revenge for Mumbai 2008,Indian Hackers Deface 125 Pakistani Websites as Payback for Mumbai 2008 Attacks,2015-11-26,2015-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],"['Mallu Cyber Soldiers', 'Kerala Cyber Warriors']","['India', 'India']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Mallu Cyber Soldiers; Kerala Cyber Warriors,India; India,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/indian-hackers-deface-125-pakistani-websites-as-payback-for-mumbai-2008-attacks-496903.shtml']
773,Counter attack for the Indian revenge attack,Pakistani hackers retaliated by hacking the website of the Central Bank of India,2015-11-26,2015-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Critical infrastructure']]","[['Other (e.g., embassies)', 'Finance']]",,['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,[]
774,Anonymous vs. Iceland OPWhales,Anonymus shut down every Ministry-Website of Iceland except of one to protest against whaling policy,2015-11-27,2015-11-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Iceland'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-crushes-iceland-govt-for-whale-slaughter/']
775,Anonymous vs UNCCC,Anonymus hacked Website of UNCCC and leaked personal information about over thousand officials,2015-11-30,2015-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United Nations'],,[['International / supranational organization']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-hacks-un-climate-change-website/']
776,Sandworm vs. Ukrainian Railway company and airport - 2015,"The disruptive malware KillDisk was detected in several ukrainian company networks, deleting critical data and making multiple computers unusable, this case refers to the the state-owned railway company and the international airport Borispol as victims. The attacks have been attributed to Sandworm, allegedly run by Russian military intelligence service GRU.",2015-12-01,2015-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['Critical infrastructure']],[['Transportation']],"['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,2,2017-01-01; 2017-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://books.google.de/books?id=NrcrDwAAQBAJ&pg=PA48&lpg=PA48&dq=Ukrzaliznytsia+cyber+attack+2015&source=bl&ots=EDM_6pIFO3&sig=ACfU3U1V4cnJQmUtGYHpEGpEDMPhi1GYZA&hl=de&sa=X&ved=2ahUKEwiU1euc6unlAhXDaFAKHeYlDtEQ6AEwB3oECAkQAQ#v=onepage&q=Ukrzaliznytsia%20cyber%20attack%202015&f=false(S.48)'],System / ideology; Resources; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://books.google.de/books?id=NrcrDwAAQBAJ&pg=PA48&lpg=PA48&dq=Ukrzaliznytsia+cyber+attack+2015&source=bl&ots=EDM_6pIFO3&sig=ACfU3U1V4cnJQmUtGYHpEGpEDMPhi1GYZA&hl=de&sa=X&ved=2ahUKEwiU1euc6unlAhXDaFAKHeYlDtEQ6AEwB3oECAkQAQ#v=onepage&q=Ukrzaliznytsia%20cyber%20attack%202015&f=false(S.48)', 'https://www.securityweek.com/ukraine-accuses-russia-attack-kiev-airport', 'https://www.reuters.com/article/us-ukraine-cybersecurity-malware-idUSKCN0UW0R0', 'https://www.virusbulletin.com/virusbulletin/2017/07/vb2016-paper-blackenergy-what-we-really-know-about-notorious-cyber-attacks/']"
777,Trimble Hack,"Chinese hackers, in some sources alleged to be government sponsored hacked American companies via spear-phishing",2015-12-01,2016-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)', 'Boyusec']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01,"Statement in media report and indictment / sanctions; Statement in media report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by third-party; Attribution by third-party,,,,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Boyusec; APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Boyusec",China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/', 'https://intrusiontruth.wordpress.com/2017/05/09/APT%203-is-boyusec-a-chinese-intelligence-contractor/']"
778,Iranian-developed SamSam ransomware deployed against hospitals and public institutions in the US and Canada dating back to 2015,"Two Iranian hackers targeted over 200 victims with ransomware, including hospitals, municipalities, and other public institutions across Canada and ten states in the US, causing losses in excess of $30 million. Both perpetratos were named by the US Department of Justice in a first-ever indictment focused on ransomware unsealed on 28 November 2018.",2015-12-01,2018-09-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Other']]","[['Government / ministries', '', '']]",,"['Iran, Islamic Republic of']",['Non-state-group'],['Criminal(s)'],1,,Political statement/report and indictment / sanctions,Attribution by receiver government / state entity,,,,,"Iran, Islamic Republic of",Non-state-group,Criminal(s),"['https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public', 'https://www.justice.gov/opa/press-release/file/1114741/download']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public', 'https://www.justice.gov/opa/press-release/file/1114741/download', 'https://socradar.io/evolution-of-ransomware-so-far-and-hereafter/']"
779,Patchwork vs. Global targets related to South East Asian topics,"""Patchwork""conducts cyberattacks tied to Southeast Asia and the South China Sea against governments and entities especially in USA and Europe",2015-12-01,2017-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,"['United States', 'Global (region)']","[['NATO', 'NORTHAM'], []]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military', 'Intelligence agencies'], ['Government / ministries', 'Military', 'Intelligence agencies']]",['APT Patchwork'],['India'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT Patchwork,India,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://threatpost.com/apt-group-patchwork-cuts-and-pastes-a-potent-attack/119081/']
780,Anonymous attack on Turkish Pages,"Turkey is being hit by a massive cyber attack (DDoS attacks) allegedly carried out by the hacktivist group Anonymous. The targets of the attacks include government and bank websites.
The group released a video claiming that it crashed the servers because of Turkey's alleged links to the Islamic State (ISIS).",2015-12-01,2015-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Finance']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Resources; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/anonymous-turkey-reeling-under-cyber-attack-government-banks-sites-paralysed-1534984']
781,Dragonfly 2.0 (2015-2017),"Dragonfly resurfaced by infiltrating energy facilities in the US, Turkey and Switzerland. The US government attributed this recent campaign directly to the Russian state. An US indictment from August 26, 2021 charged three Russian hackers from the Military Unit 71330 or “Center 16” of the FSB for the campaign. ",2015-12-01,2017-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Turkey', 'United States', 'Switzerland']","[['ASIA', 'NATO', 'MEA'], ['NATO', 'NORTHAM'], ['EUROPE', 'WESTEU']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Energy'], ['Energy'], ['Energy']]","['Energetic Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035 (FSB,\xa016th Center)']",['Russia'],['State'],,3,2018-03-15; 2018-03-15; 2017-10-20; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,Federal Bureau of Investigation (FBI); US Department of Homeland Security (DHS); Symantec; Dragos,,United States; United States; United States; United States,"Energetic Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035 (FSB, 16th Center); Energetic Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035 (FSB, 16th Center); Energetic Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035 (FSB, 16th Center); Energetic Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035 (FSB, 16th Center)",Russia; Russia; Unknown; Not available,State; State; Unknown - not attributed; Unknown - not attributed,,"['https://www.us-cert.gov/ncas/alerts/TA18-074A', 'https://dragos.com/resource/dymalloy/']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical', 'https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks', 'https://arstechnica.com/information-technology/2017/09/hackers-lie-in-wait-after-penetrating-us-and-europe-power-grid-networks/', 'https://www.us-cert.gov/ncas/alerts/TA18-074A', 'https://dragos.com/resource/dymalloy/', 'https://www.tripwire.com/state-of-security/latest-security-news/dragonfly-2-0-attack-campaign-targets-western-energy-sector/', 'https://www.theguardian.com/world/2022/mar/24/us-charges-russian-hackers-cyber-attacks', 'https://www.cisa.gov/uscert/ncas/alerts/TA18-074A', 'https://edition.cnn.com/2018/03/15/politics/dhs-fbi-russia-power-grid/index.html']"
782,Anonymous vs. Government of Japan,Anonymus shut down Japan Primeministers Webpage to protest against whaling policy,2015-12-10,2015-12-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-targets-japan-prime-minister-website/']
783,Anonymous vs. Donald trump,Anonymus shut down Donald Trumps Webpage to protest against anti-mulsim hatespeech,2015-12-11,2015-12-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-target-donald-trump-website/']
784,CyberCaliphate leak of Stratcom data,Cyber Caliphate leakes sensitive personal Data of military personnel belonging to STRATCOM (including French officers),2015-12-13,2015-12-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,,"['United States', 'France']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system'], ['State institutions / political system']]","[['Military'], ['Military']]",['Lizard Squad'],['Unknown'],['Non-state-group'],['Terrorist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Lizard Squad,Unknown,Non-state-group,Terrorist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/isis-military-data-against-anonymous-isis-trolling-day/']
785,Monte Melkonian CyberArmy vs. Azerbaijani Ministry of Labour,"Armenian Hackergroup ""Monte Melkonian CyberArmy"" hacks azerbaijan Ministry of Labour and Social Protection and Ministry of emergency situation stealing sensitive data about registered person",2015-12-18,2015-12-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Azerbaijan'],"[['ASIA', 'CENTAS']]",[['State institutions / political system']],[['Government / ministries']],['Monte Melkonian Cyber Army'],['Armenia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),[],Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/armenians-hackers-hack-azerbaijani-ministry-servers/']
786,Ukraine Power Outage 2015,"An Ukrainian Power Sector was taken down by a cyberattack, leading to a severe power outage",2015-12-23,2015-12-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['Critical infrastructure']],[['Energy']],"['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)', 'GRU']","['Russia', 'Russia']","['State', 'State']",,3,2015-01-01; 2015-01-01; 2015-01-01; 2015-01-01; 2015-01-01; 2015-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action; Domestic legal action",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU; Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU; Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU",Russia; Russia; Russia; Russia; Russia; Russia,"State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State",,"['https://www.forbes.com/sites/thomasbrewster/2016/01/04/ukraine-power-out-cyber-attack/#e94a5386fa86', 'https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and', 'https://www.reuters.com/article/us-ukraine-crisis-malware-idUSKBN0UE0ZZ20151231']",System / ideology; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Widespread effects, e.g., affecting different regions of country or a country as a whole (incident scores 2 points in intensity)",Short duration (< 24h; incident scores 1 point in intensity),6,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",9.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.wired.com/story/ukraine-russia-wiper-malware/', 'https://cyberscoop.com/ukraine-russia-cyberwar-anniversary/', 'https://twitter.com/BushidoToken/status/1629205223792156674', 'https://twitter.com/Dennis_Kipker/status/1629122902099361795', 'http://securityaffairs.co/wordpress/55474/cyber-warfare-2/power-outage-2015-ukraine.html', 'https://www.forbes.com/sites/thomasbrewster/2016/01/04/ukraine-power-out-cyber-attack/#e94a5386fa86', 'https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and', 'https://www.reuters.com/article/us-ukraine-crisis-malware-idUSKBN0UE0ZZ20151231', 'https://www.virusbulletin.com/virusbulletin/2017/07/vb2016-paper-blackenergy-what-we-really-know-about-notorious-cyber-attacks/', 'https://www.recordedfuture.com/from-coercion-to-invasion-the-theory-and-execution-of-china-cyber-activity', 'https://www.nytimes.com/interactive/2022/12/16/world/europe/russia-putin-war-failures-ukraine.html', 'https://portswigger.net/daily-swig/security-done-right-infosec-wins-of-2022', 'https://www.cyberscoop.com/critical-infrastructure-cybersecurity-imperative/', 'https://cyberscoop.com/sandworm-wiper-ukraine-russia-military-intel/', 'https://twitter.com/CyberScoopNews/status/1619019403890233349', 'https://twitter.com/BlackBerrySpark/status/1620537202382983173']"
787,TurkHackTeam vs. Russian and Iranian Sites,The APT TurkHackTeam started DDOSing Russian and iranian ministry sites in response to the border conflict in Syria,2015-12-25,2016-01-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Turk Hack Team'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turk Hack Team,Turkey,Non-state-group,Hacktivist(s),[],International power,International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/turk-hack-team-ddos-attacks-on-iran-russian/']
788,Chinese Ministry of State Security campaign,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2015-01-01,2016-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['', 'Defence industry', '']]","['Li Xiaoyu/Oro01xy', 'MSS']","['China', 'China']","['State', 'State']",,1,2020-01-01; 2020-01-01,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Li Xiaoyu/Oro01xy; MSS,China; China,State; State,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a']
789,Monsoon espionage campaign,"The indian hacking group ""Monsoon/ Patchwork"" conducted an espionage campaign on Chinese nationals within different industries and government agencies in Southern Asia in order to steal sensitive data.",2015-12-01,2016-07-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Sri Lanka', 'Korea, Republic of', 'China']","[['ASIA', 'SASIA'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups']]","[['Government / ministries', 'Military', '', 'Ethnic'], ['Government / ministries', 'Military', '', 'Ethnic'], ['Government / ministries', 'Military', '', 'Ethnic']]","['Monsoon/Patchwork/Dropping Elephant', 'Operation Hangover']","['India', 'India']","['Non-state-group', 'Non-state-group']","['Private technology companies / hacking for hire groups without state affiliation / research entities', 'Private technology companies / hacking for hire groups without state affiliation / research entities']",1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Monsoon/Patchwork/Dropping Elephant; Operation Hangover,India; India,Non-state-group; Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities; Private technology companies / hacking for hire groups without state affiliation / research entities,['https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf']
790,Leonardo Corp. Hack,"The italian aerospace and electronics group Leonardo was hacked and senistive data stolen from it by a hacking group,whose leader was tasked with securing the network systems of the company.",2015-05-01,2017-01-01,"Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['Critical infrastructure']],[['Defence industry']],,['Italy'],['Non-state-group'],['Private technology companies / hacking for hire groups without state affiliation / research entities'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Italy,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.securityweek.com/italy-says-two-arrested-defense-data-theft']
791,Nigeria Governorate surveillance,"Nigerian Governors of Rivers State, Delta State and Bayelsa State purchased surveillance tool ""Circles"" in order to spy on their political opponents in the upcoming elections.",2015-06-01,2015-12-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['Nigeria'],"[['AFRICA', 'SSA']]",[['Social groups']],[['Political opposition / dissidents / expats']],['Nigerian Defence Intelligence Agency'],['Nigeria'],['State'],,2,2016-01-01; 2016-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by third-party; Media-based attribution,,,,Nigerian Defence Intelligence Agency; Nigerian Defence Intelligence Agency,Nigeria; Nigeria,State; State,,"['https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/', 'https://www.premiumtimesng.com/investigationspecial-reports/204987-investigation-governors-dickson-okowa-spend-billions-high-tech-spying-opponents-others.html']",National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/', 'https://www.premiumtimesng.com/investigationspecial-reports/204987-investigation-governors-dickson-okowa-spend-billions-high-tech-spying-opponents-others.html']"
792,PhantomLance / Oceanmobile,State-Sponsored hacker group APT 32/OceanLotus used malicious apps uploaded to the Google Play store to infect users in South Asia and South East Asia (but especially inside Vietnam) with spyware.,2015-12-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['India', 'Vietnam', 'Bangladesh', 'Indonesia', 'Nepal', 'Myanmar', 'Malaysia']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SASIA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SASIA'], ['ASIA', 'SEA'], ['ASIA', 'SCS', 'SEA']]","[['End user(s) / specially protected groups'], ['End user(s) / specially protected groups'], ['End user(s) / specially protected groups'], ['End user(s) / specially protected groups'], ['End user(s) / specially protected groups'], ['End user(s) / specially protected groups'], ['End user(s) / specially protected groups']]",,['APT32/Ocean Lotus/Sea Lotus'],['Vietnam'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus,Vietnam,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://securelist.com/apt-phantomlance/96772/', 'https://blogs.blackberry.com/en/2019/10/mobile-malware-and-apt-espionage-prolific-pervasive-and-cross-platform']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cyberscoop.com/vietnamese-hackers-google-play-kaspersky-apt32/', 'https://securelist.com/apt-phantomlance/96772/', 'https://blogs.blackberry.com/en/2019/10/mobile-malware-and-apt-espionage-prolific-pervasive-and-cross-platform']"
793,Chinese use of zero-day Jian/EpMe,"Chinese state-sponsored group APT 31/Zirconium replicated a 0-day (CVE-2017-0005) and used it since 2015 until March 2017, inter alia on an American target.",2015-01-01,2017-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Unknown']],,['APT31/ZIRCONIUM/BRONZE VINEWOOD/G0128'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT31/ZIRCONIUM/BRONZE VINEWOOD/G0128,China,"Non-state actor, state-affiliation suggested",,"['https://research.checkpoint.com/2021/the-story-of-jian/', 'https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/']",System / ideology; International power,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://research.checkpoint.com/2021/the-story-of-jian/', 'https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/']"
794,Sobotka-Mail-Hack,Right-wing extremists hack the Email-Account of the Czech primeminister Sobotka and publish parts of it on right-wingwebsites.,2016-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Czech Republic'],"[['EUROPE', 'NATO', 'EU', 'EASTEU']]",[['State institutions / political system']],[['Government / ministries']],['Right-wing hackers'],['Czech Republic'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Right-wing hackers,Czech Republic,Non-state-group,Hacktivist(s),['https://www.golem.de/news/tschechien-rechte-hacker-knacken-e-mail-konto-von-regierungschef-1601-118339.html'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.golem.de/news/tschechien-rechte-hacker-knacken-e-mail-konto-von-regierungschef-1601-118339.html']
768,Tunisian Fallaga Team vs. Jewish School,Cyber-jihadists claim responsibility for hacking Europe’s biggest Jewish school,2015-11-11,2015-11-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Social groups']],[['Religious']],['Tunisian Fallaga Team'],['Tunisia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Tunisian Fallaga Team,Tunisia,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://nakedsecurity.sophos.com/2015/11/17/jewish-school-website-defaced-with-pro-islam-messages/']
800,Ethiopian Government vs. Targets worldwide,"A spy tool by the Israeli company Cyberbit was used by Ethiopian government agencies to spy on Oromo dissidents worldwide, according to a Citizen Lab report.",2016-01-01,2016-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,"['Canada', 'United States', 'Norway', 'United Kingdom', 'Germany']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups']]","[['Political opposition / dissidents / expats'], ['Political opposition / dissidents / expats'], ['Political opposition / dissidents / expats'], ['Political opposition / dissidents / expats'], ['Political opposition / dissidents / expats']]",,['Ethiopia'],['State'],,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Ethiopia,State,,['https://www.wired.com/story/evidence-that-ethiopia-is-spying-on-journalists-shows-commercial-spyware-is-out-of-control/'],Secession,Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://arstechnica.com/tech-policy/2017/12/exposed-ethiopias-nefarious-comically-bungled-spyware-campaign/', 'https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/', 'https://www.wired.com/story/evidence-that-ethiopia-is-spying-on-journalists-shows-commercial-spyware-is-out-of-control/']"
797,Cellebrite Hack,The israeli phone hacking company cellebrite has been hacked and sensitive information released.,2016-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source),Data theft & Doxing,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['Unknown'],['Individual hacker(s)'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Individual hacker(s),,['https://www.vice.com/en_us/article/3daywj/hacker-steals-900-gb-of-cellebrite-data'],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.vice.com/en_us/article/3daywj/hacker-steals-900-gb-of-cellebrite-data']
798,Tainted Leaks 2016,"Documents stolen from a prominent journalist and critic of the Russian government were manipulated and then released/leaked. The operation against the journalist led us to the discovery of a larger phishing operation, with over 200 unique targets spanning 39 countries (including members of 28 governments).",2016-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,"['United States', 'Russia', 'Georgia', 'Armenia', 'Austria', 'Turkey', 'Canada', 'Afghanistan', 'Ukraine']","[['NATO', 'NORTHAM'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['ASIA', 'CENTAS'], ['ASIA', 'CENTAS', 'CSTO'], ['EUROPE', 'EU', 'WESTEU'], ['ASIA', 'NATO', 'MEA'], ['NATO', 'NORTHAM'], ['ASIA', 'SASIA'], ['EUROPE', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media']]","[['Government / ministries', 'Military', '', '', '', '', '', ''], ['Government / ministries', 'Military', '', '', '', '', '', ''], ['Government / ministries', 'Military', '', '', '', '', '', ''], ['Government / ministries', 'Military', '', '', '', '', '', ''], ['Government / ministries', 'Military', '', '', '', '', '', ''], ['Government / ministries', 'Military', '', '', '', '', '', ''], ['Government / ministries', 'Military', '', '', '', '', '', ''], ['Government / ministries', 'Military', '', '', '', '', '', ''], ['Government / ministries', 'Military', '', '', '', '', '', '']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)', 'Cyber Berkut']","['Russia', 'Russia']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2017-01-01; 2017-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Cyber Berkut",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/']
799,"Turla Malware ""Gazer""",Turla spies vs. Embassies and consulates around the world,2016-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Europe (region)'],,[['State institutions / political system']],,"['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']",['Unknown'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Unknown,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.zdnet.com/article/this-stealthy-malware-targets-embassies-in-snooping-campaign/', 'https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/this-stealthy-malware-targets-embassies-in-snooping-campaign/', 'https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf']"
801,Charming kitten aka Flying Kitten against targets worldwide,"Charming Kitten spies on different targets worldwide, according to clearsky.",2016-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of', 'United States', 'Israel', 'United Kingdom']","[['ASIA', 'MENA', 'MEA'], ['NATO', 'NORTHAM'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Social groups', 'Social groups', 'Media', 'Science'], ['Social groups', 'Social groups', 'Media', 'Science'], ['Social groups', 'Social groups', 'Media', 'Science'], ['Social groups', 'Social groups', 'Media', 'Science']]","[['Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', '', ''], ['Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', '', ''], ['Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', '', ''], ['Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', '', '']]","['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059', 'Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01; 2017-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059; Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.clearskysec.com/charmingkitten/']
795,Project Raven,"Former US-intelligence employees hacked on the behalf of the ARE regime opponents and rivals in the wake of the Qatar crisis 2017, later attributed to Stealth Falcon/Fruity Armor, also known as the IT Company Dark Matter.",2016-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,"['United Arab Emirates', 'Qatar', 'Oman', 'United Kingdom', 'United States', 'Turkey', 'Yemen']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['NATO', 'NORTHAM'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'Social groups', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'End user(s) / specially protected groups', 'Media']]","[['Government / ministries', '', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['Government / ministries', '', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['Government / ministries', '', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['Government / ministries', '', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['Government / ministries', '', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['Government / ministries', '', 'Advocacy / activists (e.g. human rights organizations)', '', ''], ['Government / ministries', '', 'Advocacy / activists (e.g. human rights organizations)', '', '']]","['Stealth Falcon/Fruity Armor', 'DarkMatter']","['United Arab Emirates', 'United Arab Emirates']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2019-01-01; 2019-01-01,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution; Media-based attribution,,,,Stealth Falcon/Fruity Armor; DarkMatter,United Arab Emirates; United Arab Emirates,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.reuters.com/article/us-usa-spying-karma-exclusive/exclusive-uae-used-cyber-super-weapon-to-spy-on-iphones-of-foes-idUSKCN1PO1AN', 'https://www.welivesecurity.com/2019/09/09/backdoor-stealth-falcon-group/']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-usa-spying-karma-exclusive/exclusive-uae-used-cyber-super-weapon-to-spy-on-iphones-of-foes-idUSKCN1PO1AN', 'https://www.welivesecurity.com/2019/09/09/backdoor-stealth-falcon-group/']"
802,SEA android spyware,SEA android spyware,2016-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,[['End user(s) / specially protected groups']],,"['Syrian Electronic Army', 'Th3Pr0']","['Syria', 'Syria']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,,,Syrian Electronic Army; Th3Pr0,Syria; Syria,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),['https://www.forbes.com/sites/thomasbrewster/2018/12/05/syrian-electronic-army-hackers-are-targeting-android-phones-with-fake-whatsapp-attacks/#39ad7cfd6ce4'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.forbes.com/sites/thomasbrewster/2018/12/05/syrian-electronic-army-hackers-are-targeting-android-phones-with-fake-whatsapp-attacks/#39ad7cfd6ce4']
803,Mobil malware FrozenCell,"Lookout researchers have discovered a new mobile surveillanceware family, FrozenCell. The threat is likely targeting employees of various Palestinian government agencies, securityservices, Palestinian students, and those affiliated with the Fatah political party.",2016-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Palestine'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'End user(s) / specially protected groups']]","[['Government / ministries', 'Intelligence agencies', 'Political parties', '']]","['Desert Falcons', 'APT-C-23']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Desert Falcons; APT-C-23,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,['https://blog.lookout.com/frozencell-mobile-threat'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://unit42.paloaltonetworks.com/unit42-targeted-attacks-middle-east-using-kasperagent-micropsia/', 'https://blog.lookout.com/frozencell-mobile-threat']"
804,DomesticKittens,Surveillance operation dubbed DomesticKittens targeting ISIS supporters who are Iranian Citizens.,2016-01-01,2018-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]","[['Social groups', 'Social groups', 'End user(s) / specially protected groups']]","[['Ethnic', 'Political opposition / dissidents / expats', '']]",['Domestic Kitten'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Domestic Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,"['https://research.checkpoint.com/domestic-kitten-an-iranian-surveillance-operation/', 'https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/20190507_MB_HS_IRN%20V1_rev.pdf']",System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://research.checkpoint.com/domestic-kitten-an-iranian-surveillance-operation/', 'https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/20190507_MB_HS_IRN%20V1_rev.pdf']"
805,Operation Dustsky Part2,"After the release of Clearsky`s Report about the Operation Dustsky, the attacks immediately stopped, but only for 20 days. Analysing the second part of the campaign in their second report, Clearsky attributes both to the Palestine Terrorist Group Hamas.",2016-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Israel', 'United States', 'Palestine', 'Egypt', 'United Arab Emirates', 'Saudi Arabia']","[['ASIA', 'MENA', 'MEA'], ['NATO', 'NORTHAM'], ['ASIA', 'MENA', 'MEA'], ['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Government / ministries', '', 'Finance', 'Defence industry', '', ''], ['Government / ministries', '', 'Finance', 'Defence industry', '', ''], ['Government / ministries', '', 'Finance', 'Defence industry', '', ''], ['Government / ministries', '', 'Finance', 'Defence industry', '', ''], ['Government / ministries', '', 'Finance', 'Defence industry', '', ''], ['Government / ministries', '', 'Finance', 'Defence industry', '', '']]","['Molerats/Gaza Cybergang 1', 'Hamas']","['Palestine', 'Palestine']","['Non-state-group', 'Non-state-group']","['Criminal(s)', 'Criminal(s)']",1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Molerats/Gaza Cybergang 1; Hamas,Palestine; Palestine,Non-state-group; Non-state-group,Criminal(s); Criminal(s),"['https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf', 'https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf', 'https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion']"
806,"Operation ""Glowing Symphony""","The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old CyberCommand together with allies such as the ASD (Australian agency) for the first time to mountcomputer -network attacks that are being used alongside more traditional weapons.",2016-01-01,2016-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse,,['Unknown'],,[['Critical infrastructure']],[['Health']],"['Australian Signals Directorate (ASD)', 'United States Cyber Command (US CYCOM)']","['Australia', 'United States']","['State', 'State']",,1,2019-01-01; 2019-01-01; 2019-01-01; 2019-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,,,,Australian Signals Directorate (ASD); Australian Signals Directorate (ASD); United States Cyber Command (US CYCOM); United States Cyber Command (US CYCOM),Australia; United States; Australia; United States,State; State; State; State,,"['https://www.abc.net.au/news/2019-12-18/inside-the-secret-hack-on-islamic-state-propaganda-network/11809426', 'https://www.abc.net.au/news/2019-12-18/inside-the-islamic-state-hack-that-crippled-the-terror-group/11792958?nw=0']",System / ideology; Resources,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2016/04/25/us/politics/us-directs-cyberweapons-at-isis-for-first-time.html?_r=0', 'https://www.abc.net.au/news/2019-12-18/inside-the-secret-hack-on-islamic-state-propaganda-network/11809426', 'https://www.abc.net.au/news/2019-12-18/inside-the-islamic-state-hack-that-crippled-the-terror-group/11792958?nw=0']"
807,Monokle,"Lookout has discovered a highly targeted mobile malware threat that uses a new and sophisticated set of custom Android surveillanceware tools called Monokle that has possible connections to Russian threat actors. Lookout research indicates these tools are part of a targeted set of campaigns and are developed by the St.Petersburg, Russia-based company, Special Technology Centre, Ltd. (STC,Ltd.orSTC).",2016-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Caucasus', 'Syria']","[[], ['ASIA', 'MENA', 'MEA']]","[['Social groups', 'End user(s) / specially protected groups'], ['Social groups', 'End user(s) / specially protected groups']]","[['Terrorist', ''], ['Terrorist', '']]","['Monokle', 'Special Technology Centre']","['Russia', 'Russia']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2019-01-01; 2019-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Monokle; Special Technology Centre,Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf?utm_source=BL&utm_medium=BL&utm_campaign=WW-MU-MU-MU-MU-P_NON-&utm_content=WP_Monokole%20.xml'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf?utm_source=BL&utm_medium=BL&utm_campaign=WW-MU-MU-MU-MU-P_NON-&utm_content=WP_Monokole%20.xml']
808,Buckeye (aka APT  3/Boyusec) used NSA Tools,The Buckeye attack group was using Equation Group tools to gain persistent access to target organizations at least a year prior to the Shadow Brokers leak.,2016-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Belgium', 'Luxembourg', 'Hong Kong', 'Vietnam', 'Philippines']","[['EUROPE', 'EU', 'NATO', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA']]","[['Critical infrastructure', 'Science'], ['Critical infrastructure', 'Science'], ['Critical infrastructure', 'Science'], ['Critical infrastructure', 'Science'], ['Critical infrastructure', 'Science']]","[['Telecommunications', ''], ['Telecommunications', ''], ['Telecommunications', ''], ['Telecommunications', ''], ['Telecommunications', '']]","['APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)']",['Unknown'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)",Unknown,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/', 'https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit', 'https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/', 'https://www.securityweek.com/hong-kong-authorities-attacked-chinese-hackers']",Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/', 'https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit', 'https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/', 'https://www.securityweek.com/hong-kong-authorities-attacked-chinese-hackers']"
809,ViperRAT,APT targeting the Israeli Defense Force,2016-01-01,2016-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Military']],['Hamas'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Hamas,Unknown,Unknown - not attributed,,['https://blog.lookout.com/viperrat-mobile-apt'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/breaking-the-weakest-link-of-the-strongest-chain/77562/', 'https://blog.lookout.com/viperrat-mobile-apt']"
810,Italian MFA Hack,A threat actor compromised the Italian Ministry of Foreign Affairs’ computer  networks.,2016-01-01,2016-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Government / ministries']],,['Russia'],['State'],,1,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Russia,State,,['https://www.theguardian.com/world/2017/feb/10/russia-suspected-over-hacking-attack-on-italian-foreign-ministry'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theguardian.com/world/2017/feb/10/russia-suspected-over-hacking-attack-on-italian-foreign-ministry']
811,Russian APTs hack Czech MFAI,"The Czech Security Intelligence Service (BIS) blamed two cyber-espionage groups--known as Turla and APT28 (Sofacy or Fancy Bear)--for hacks of the Ministry of Foreign Affairs (MFA), Ministry of Defense, and the Army of the Czech Republic. The hacks took place in different campaigns across 2016 and 2017. The BIS detected several attacks against Czech military targets, officials said.""The wave of spearphishing emails targeted mainly people from military diplomacy deployed in Europe. [...]A similar spearphishing attack targeted also European arms companies and a borderguard of a European state.""""The most serious included compromising of several private emailaccounts of people linked to the Ministry of Defense and the Army of the Czech Republic and compromising of an IP address belonging to the Ministry of Defense/CzechArmy by a malware known as X-Agent, Czech intelligence officials added.""",2016-01-01,2017-12-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Czech Republic'],"[['EUROPE', 'NATO', 'EU', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)', 'Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']","['Russia', 'Russia']","['State', 'State']",,1,2018-01-01; 2018-01-01,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia; Russia,State; State,,['https://www.bis.cz/public/site/bis.cz/content/vyrocni-zpravy/2017-vz-cz.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/czech-republic-blames-russia-for-multiple-government-network-hacks/', 'https://www.bis.cz/public/site/bis.cz/content/vyrocni-zpravy/2017-vz-cz.pdf']"
812,APT  10 2016/2017 Operation,"Leveraging its global footprint, FireEye has detected APT 10 activity across six continents in 2016 and 2017. APT 10 has targeted or compromised manufacturing companies in India, Japan and Northern Europe; a mining company in South America; and multiple IT service providers worldwide. We believe these companies are a mix of final targets and organizations that could provide a foothold in a final target.",2016-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['India', 'Japan', 'Northern Europe', 'Global (region)']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'NEA'], [], []]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,"['APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)']",['China'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested",,[],Resources; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.fireeye.com/blog/threat-research/2017/04/APT%2010_menupass_grou.html']
813,The eye on the nil,State-sponsored actors have phished access to e-mailaccounts of dissidents,2016-01-01,2019-01-01,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['Egypt'],"[['MENA', 'MEA', 'AFRICA', 'NAF']]","[['State institutions / political system', 'Social groups', 'Social groups', 'Social groups', 'Media']]","[['', 'Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', 'Other social groups', '']]",,['Unknown'],"['Non-state actor, state-affiliation suggested']",,2,2019-01-01; 2019-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites)",IT-security community attributes attacker; Attribution by third-party,,,,,Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://research.checkpoint.com/2019/the-eye-on-the-nile/'],System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.amnesty.org/en/latest/research/2019/03/phishing-attacks-using-third-party-applications-against-egyptian-civil-society-organizations/', 'https://www.cyberscoop.com/egypt-hacking-check-point-technologies/', 'https://citizenlab.ca/2017/02/nilephish-report/', 'https://research.checkpoint.com/2019/the-eye-on-the-nile/']"
814,Henbox attack on Uyghurs,"The Henbox malware by the APT  PKPLUG was used against Uyghurs, as well as targets in Myanmar, Mongolia and Taiwan with the goal of espionage",2016-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['China', 'Myanmar', 'Taiwan', 'Mongolia']","[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['ASIA', 'SEA'], ['ASIA', 'SCS'], ['ASIA', 'EASIA', 'NEA']]","[['Social groups', 'End user(s) / specially protected groups'], ['Social groups', 'End user(s) / specially protected groups'], ['Social groups', 'End user(s) / specially protected groups'], ['Social groups', 'End user(s) / specially protected groups']]","[['Ethnic', ''], ['Ethnic', ''], ['Ethnic', ''], ['Ethnic', '']]",['PKPLUG'],['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,PKPLUG,China,Unknown - not attributed,,"['https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/', 'https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/']",Resources; Secession,Resources; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/', 'https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/', 'https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/', 'https://www.hackread.com/plugx-malware-usb-windows-pcs/']"
815,Smeshapp smashes Indian Cyberdefense,The pakistani secretservice managed to get members of the indian armed forces to install a spyware appposing as messenger app.,2016-01-01,2016-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Military']],['ISI'],['Pakistan'],['State'],,1,2016-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,ISI,Pakistan,State,,[],System / ideology; Resources; International power,System/ideology; Resources; International power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://news.softpedia.com/news/smeshapp-removed-from-play-store-because-pakistan-used-it-to-spy-on-indian-army-501936.shtml', 'https://www.gadgetsnow.com/tech-news/Google-removes-app-used-by-Pakistan-to-snoop-on-Indian-Army-Report/articleshow/51406805.cms']"
816,Oplan 5027 breach,"North Korean Hackers hacked south-Korean government servers, accessing details about an warplan concerning a conventional first-strike of North Korea against South Korea",2016-01-01,2016-09-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Military']],,"[""Korea, Democratic People's Republic of""]",['State'],,1,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,,[],System / ideology; Resources; International power,System/ideology; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thediplomat.com/2017/04/north-korean-hackers-may-have-seen-secret-us-south-korea-war-plans/']
817,FastCash,American banks were warned of an attack on their ATMs. The attack was traced back to the north Korean APT Lazarus,2016-01-01,2018-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Hijacking with Misuse,,"['Asia (region)', 'Africa']",,"[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]",['State'],,1,2018-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of",State,,"['https://us-cert.cisa.gov/ncas/alerts/TA18-275A', 'https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/76798/hacking/fastcash-hidden-cobra-attacks.html', 'https://us-cert.cisa.gov/ncas/alerts/TA18-275A', 'https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and', 'https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/']"
818,Windshift vs. Banks,The APT Windshift attacked the financial system in South Asia with an tailormade attack against one of the local office variants.,2016-01-01,2016-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Myanmar', 'Sri Lanka', 'Uganda']","[['ASIA', 'SEA'], ['ASIA', 'SASIA'], ['AFRICA', 'SSA']]","[['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Finance'], ['Government / ministries', 'Finance'], ['Government / ministries', 'Finance']]","['Bahamut/The White Company/Windshift', 'Windshift']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Private technology companies / hacking for hire groups without state affiliation / research entities', 'Private technology companies / hacking for hire groups without state affiliation / research entities']",1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Bahamut/The White Company/Windshift; Windshift,Unknown; Unknown,Non-state-group; Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities; Private technology companies / hacking for hire groups without state affiliation / research entities,[],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf', 'https://securelist.com/inpage-zero-day-exploit-used-to-attack-financial-institutions-in-asia/76717/']"
819,Gaza Cybergang aka Molerats (APT),Researchers from Kaspersky Lab reveal a new spike of activity by the infamous GazaCybergang exploiting CVE2017-0199 and targeting government entities and oil and gas targets in MENA.,2016-01-01,2017-12-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Mena Region (region)'],,"[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Energy']]","['Molerats/Extreme Jackal/Gaza Cybergang', 'Desert Falcons']","['Mena Region (region)', 'Mena Region (region)']","['Non-state-group', 'Non-state-group']","['Criminal(s)', 'Criminal(s)']",1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Molerats/Extreme Jackal/Gaza Cybergang; Desert Falcons,Mena Region (region); Mena Region (region),Non-state-group; Non-state-group,Criminal(s); Criminal(s),['https://www.kaspersky.de/blog/gaza-cybergang/19002/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/gaza-cybergang-updated-2017-activity/82765/', 'https://www.kaspersky.de/blog/gaza-cybergang/19002/']"
820,Telegram Hack,"RocketKitten hacked into Telegram, spying on Iranian Activists etc.",2016-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]","[['Social groups', 'Social groups', 'End user(s) / specially protected groups', 'Media']]","[['Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', '', '']]","['Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130', 'Charming Kitten/Ajax Security Team']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2016-01-01; 2016-01-01; 2016-01-01; 2016-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Attribution by third-party; Media-based attribution; Media-based attribution,,,,Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130; Charming Kitten/Ajax Security Team; Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130; Charming Kitten/Ajax Security Team,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.reuters.com/article/us-iran-cyber-telegram-exclusive-idUSKCN10D1AM'],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-iran-cyber-telegram-exclusive-idUSKCN10D1AM']
821,APT attack on Tibet,"APT campaign against Tibetans, Journalists and Human Rights Activists in Taiwan and Hong-Kong.",2016-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['China', 'Taiwan', 'Hong Kong']","[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['ASIA', 'SCS'], ['ASIA']]","[['Social groups', 'End user(s) / specially protected groups', 'Media'], ['Social groups', 'End user(s) / specially protected groups', 'Media'], ['Social groups', 'End user(s) / specially protected groups', 'Media']]","[['Advocacy / activists (e.g. human rights organizations)', '', ''], ['Advocacy / activists (e.g. human rights organizations)', '', ''], ['Advocacy / activists (e.g. human rights organizations)', '', '']]",,['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://threatpost.com/apt-targeting-tibetans-packs-four-vulnerabilities-in-one-compromise/117493/']
822,Anonymous vs. Nissan,Anonymous drives Nissan offline in dolphin hunting protest,2016-01-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Japan'],"[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.bbc.com/news/technology-35306206']
823,Trumps Campaign Site Takedown,Hacking Group NewWorld Hacktivists takes down Trumps Official Website during campaign for one hour.,2016-01-02,2016-01-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],,['New World Hacktivists'],['United States'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,New World Hacktivists,United States,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.zdnet.com/article/attackers-targeting-bbc-donald-trump-amazon-web-services/']
824,Turkish Activists vs Russias Ministry of Communication,A social network account of Russia’s communications minister was temporarily blocked on Sunday in a cyberattack carried out by hackers presenting themselves as a Turkish activist group and parading images of a warplane and Turkish flags.,2016-01-03,2016-01-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'End user(s) / specially protected groups']]",,['The Börteçine Cyber Team'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,The Börteçine Cyber Team,Turkey,Non-state-group,Hacktivist(s),['https://www.reuters.com/article/us-russia-turkey-minister-cybersecurity-idUSKBN0UH0HJ20160103'],System / ideology; International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-russia-turkey-minister-cybersecurity-idUSKBN0UH0HJ20160103']
825,OP Nimr/OP Saudi,Anonymous took down Saudi-Arabic Websites,2016-01-03,2016-01-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),['https://www.hackread.com/anonymous-takes-down-top-saudi-arabian-govt-websites/'],System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-takes-down-top-saudi-arabian-govt-websites/']
826,BoycottThailand,Anonymous attacked thai-sites as an retaliation for death sentences against migrant workers,2016-01-06,2016-01-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Thailand'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Judiciary', 'Police']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
827,OP Nigeria,Anonynmous took down Nigerian government Websites,2016-01-07,2016-01-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Nigeria'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-targets-nigerian-government-websites/']
828,Defacement vs. DeadSoldiers,An indian hacker group defaced an pakistani Website,2016-01-08,2016-01-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Civil service / administration', '', '']]",['Indian Black Hats'],['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Indian Black Hats,India,Non-state-group,Hacktivist(s),[],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/indian-hackers-deface-pakistani-websites-as-homage-to-dead-soldier-s-daughter-498652.shtml']
829,CyberTeamRox vs. Cambodian Networks,The hacking group CyberTeamRox attacked various cambodian state-run sites,2016-01-12,2016-01-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft; Disruption,,['Cambodia'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Military', '', '']]",['Cyber Team Rox'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Team Rox,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.phnompenhpost.com/national/slew-websites-hacked']
830,ISIS Hackers vs. Chinese university,"Hackers of the ""Islamic State"" defaced a website of an important Chinese university",2016-01-18,2016-01-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['Science']],,['Islamic Militants'],['Unknown'],['Non-state-group'],['Terrorist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Islamic Militants,Unknown,Non-state-group,Terrorist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.scmp.com/news/china/policies-politics/article/1902268/islamic-state-hackers-attack-top-tier-chinese']
831,Embassy Defacement by Azerbijan hackers - 2016,"NATO-Armenia, Embassy Websites in 40 Countries have been hacked by azerbaijan hackers",2016-01-20,2016-01-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Armenia'],"[['ASIA', 'CENTAS', 'CSTO']]","[['State institutions / political system', 'International / supranational organization']]",,['Anti-Armenia Team'],['Azerbaijan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anti-Armenia Team,Azerbaijan,Non-state-group,Hacktivist(s),[],System / ideology; Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.hackread.com/azerbaijani-hackers-defac-nato-armenia-embassy-sites/']
832,DDOS against north-irish pages,An unknown hacker (probably an individual) probed various networks of north-irish origin,2016-01-22,2016-01-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Ireland'],"[['EUROPE', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Individual hacker(s)'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.theregister.co.uk/2016/01/22/irish_gov_ddos/']
833,Police Data Doxxing,An American hacker (Lorde Bashtien) leaked data of the Miami-Police-Department,2016-01-22,2016-01-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],"['Lord Bashtien', 'CWA']","['United States', 'United States']","['Individual hacker(s)', 'Individual hacker(s)']",,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Lord Bashtien; CWA,United States; United States,Individual hacker(s); Individual hacker(s),,[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/hacker-doxes-80-miami-police-officers-499328.shtml']
834,Anonymous Tokyo Airport Website Shutdown,Anonymous shuts down the Tokyo`s Narita Airport because of the detention of a dolphin trainer and animal rights activist.,2016-01-22,2016-01-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['Critical infrastructure']],[['Transportation']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.independent.co.uk/life-style/gadgets-and-tech/news/anonymous-tokyo-narita-airport-whaling-protest-take-down-ddos-a6832481.html']
835,Data Leak of US Policen Union,The activist Thomas White leaked large amounts of data from an US police union,2016-01-28,2016-01-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],3,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Contested attribution; Attribution by third-party,,,,Anonymous; Anonymous; Anonymous,Unknown; Unknown; Unknown,Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.helpnetsecurity.com/2016/02/01/uk-activists-dumps-2-5-gb-of-data-stolen-from-us-police-union/']
836,Monte Melkonian CyberArmy vs. Azerbaijan,The Monte Melkonian CyberArmy attacked Azerbaijani E-government pages,2016-01-28,2016-01-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Azerbaijan'],"[['ASIA', 'CENTAS']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Science']]","[['Government / ministries', 'Civil service / administration', 'Military', '']]",['Monte Melkonian Cyber Army'],['Armenia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),[],System / ideology; Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/armenian-hackers-ddos-azerbaijani-government-portals/']
796,APT 33 aka Holmium,"APT33 aka Holmium attacked companies worldwide from 2016 to 2019, mostly companies in the middle east from the aerospace and petrochemical sector but also governmental entities, data has been stolen, according to Fireeye and Symantec. The actual use of an observed wiper malware could not be confirmed.",2016-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Saudi Arabia', 'United States', 'Korea, Republic of', 'Germany', 'India', 'United Kingdom', 'Italy', 'Middle East (region)']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'NEA'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SASIA', 'SCO'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU'], []]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['', 'Energy', 'Transportation', 'Health', 'Chemicals', 'Defence industry', ''], ['', 'Energy', 'Transportation', 'Health', 'Chemicals', 'Defence industry', ''], ['', 'Energy', 'Transportation', 'Health', 'Chemicals', 'Defence industry', ''], ['', 'Energy', 'Transportation', 'Health', 'Chemicals', 'Defence industry', ''], ['', 'Energy', 'Transportation', 'Health', 'Chemicals', 'Defence industry', ''], ['', 'Energy', 'Transportation', 'Health', 'Chemicals', 'Defence industry', ''], ['', 'Energy', 'Transportation', 'Health', 'Chemicals', 'Defence industry', ''], ['', 'Energy', 'Transportation', 'Health', 'Chemicals', 'Defence industry', '']]",['APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,"['https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html', 'https://www.recordedfuture.com/iranian-cyber-operations-infrastructure/']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/elfin-apt33-espionage', 'https://www.recordedfuture.com/iranian-cyber-operations-infrastructure/']"
838,WhiteBear project by Turla,"WhiteBear, a project related to Turla, spied on embassies and consulates worldwide.",2016-02-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Global (region)'],,"[['State institutions / political system', 'Critical infrastructure']]","[['', 'Defence industry']]","['WhiteBear/Skipper Turla', 'Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']","['Unknown', 'Unknown']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01; 2017-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"WhiteBear/Skipper Turla; Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securelist.com/introducing-whitebear/81638/']
839,DarkBasin vs. American Enviromentalists,"The indian""hack-for-hire""company BellTroXInfoTech Services was hired by an unidentified client to attack American enviromentalists involved in various courtcases",2016-02-01,2017-12-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,"['United States', 'Eastern Europe', 'Russia']","[['NATO', 'NORTHAM'], [], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Government / ministries', 'Legislative', 'Political parties', '', '', ''], ['Government / ministries', 'Legislative', 'Political parties', '', '', ''], ['Government / ministries', 'Legislative', 'Political parties', '', '', '']]","['Dark Basin', 'Bell TroX Info Tech Services']","['India', 'India']","['Non-state-group', 'Non-state-group']","['Private technology companies / hacking for hire groups without state affiliation / research entities', 'Private technology companies / hacking for hire groups without state affiliation / research entities']",1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,,,Dark Basin; Bell TroX Info Tech Services,India; India,Non-state-group; Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities; Private technology companies / hacking for hire groups without state affiliation / research entities,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2020/06/09/nyregion/exxon-mobil-hackers-greenpeace.html', 'https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/']"
840,Anonymous vs. French Ministry of Defense,Anonymous attacked the French ministry of defense to protest against an arms trade,2016-02-01,2016-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific; Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://securityaffairs.co/wordpress/44738/cyber-crime/anonymous-hacked-french-cimd.html']
841,North Korean Hack of south-korean Government Smartphones,"North Korea hacked smartphones of senior South Korean government officials and made 10,000 zombie PCs worldwide in January alone, National Intelligence Service announced following a committee meeting for national cybersecurity.",2016-02-01,2016-03-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]",,"[""Korea, Democratic People's Republic of""]",['State'],,1,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,,[],System / ideology; Territory; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.zdnet.com/article/south-korea-claims-north-hacked-government-officials-smartphones/']
842,Bangladesh Central bank heist,80 Million Dollar stolen from Bangladeshi central bank by Lazarus,2016-02-04,2016-02-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Hijacking with Misuse,,['Bangladesh'],"[['ASIA', 'SASIA']]","[['State institutions / political system', 'Critical infrastructure']]","[['Other (e.g., embassies)', 'Finance']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)', 'Reconnaissance General Bureau']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Domestic legal action; Domestic legal action",IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/', 'https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks', 'https://us-cert.cisa.gov/ncas/alerts/aa20-239a', 'https://content.fireeye.com/apt/rpt-apt38', 'https://www.nytimes.com/2017/03/22/business/dealbook/north-korea-said-to-be-target-of-inquiry-over-81-million-cyberheist.html?_r=0', 'https://www.justice.gov/opa/press-release/file/1092091/download']",Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.govinfosecurity.com/south-korea-sanctions-pyongyang-hackers-a-21193', 'https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/', 'https://thehackernews.com/2023/02/lazarus-group-using-new-winordll64.html', 'https://www.darkreading.com/vulnerabilities-threats/lazarus-group-deathnote-cluster-pivots-defense-sector', 'https://www.heise.de/newsticker/meldung/Milliarden-Coup-in-NY-Zentralbank-Konto-per-Ueberweisung-geleert-3131832.html', 'https://www.independent.co.uk/news/world/asia/spelling-mistake-stops-hackers-stealing-1-billion-bangladesh-bank-heist-a6924971.html', 'https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/', 'https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks', 'https://us-cert.cisa.gov/ncas/alerts/aa20-239a', 'https://content.fireeye.com/apt/rpt-apt38', 'https://www.nytimes.com/2017/03/22/business/dealbook/north-korea-said-to-be-target-of-inquiry-over-81-million-cyberheist.html?_r=0', 'https://www.justice.gov/opa/press-release/file/1092091/download', 'https://www.reuters.com/article/us-usa-fed-bangladesh-typo-insight/how-a-hackers-typo-helped-stop-a-billion-dollar-bank-heist-idUSKCN0WC0TC', 'https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/', 'https://therecord.media/north-korean-hackers-use-fake-job-offers-salary-bumps-as-lure-for-crypto-theft/', 'https://twitter.com/InfoSecSherpa/status/1622264016360935427']"
843,Anonymous OpAfrica,Anonymous attacked various African countries to protest against the corruption there,2016-02-06,2016-02-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,"['Rwanda', 'Uganda', 'South Africa', 'Tanzania', 'Kenya']","[['AFRICA', 'SSA'], ['AFRICA', 'SSA'], ['AFRICA', 'SSA'], ['AFRICA', 'SSA'], ['AFRICA', 'SSA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', '']]",['World Hacker Team(Anonymous)'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,World Hacker Team(Anonymous),Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/anonymous-turns-its-sights-to-africa-uganda-and-rwanda-targets-are-hit-first-500010.shtml']
837,Bellingcat-Hack 2016,Cyber-Berkut defaced the bellingcat-website and leaked information of a Russian member.,2016-02-01,2016-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Media']],,['Cyber Berkut'],['Russia'],"['Non-state actor, state-affiliation suggested']",,3,2016-01-01; 2016-01-01; 2016-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attacker confirms; Contested attribution,,,,Cyber Berkut; Cyber Berkut; Cyber Berkut,Russia; Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],System / ideology,System/ideology; Resources; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theregister.co.uk/2016/09/29/russian_hackers_target_mh17_journos/']
845,California hospital hack,Hollywood Presbyterian Medical Center was hacked by an unknown actor and taken down for 10 days. Uncommonly they went public with the announcement that they had paid the ransom.,2016-02-07,2016-02-16,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Disruption,,['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Other']]","[['Health', '']]",,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-california-hospital-cyberattack/california-hospital-makes-rare-admission-of-hack-ransom-payment-idUSKCN0VS05M']
846,Doxxing of DHS Data,An Hacker leaked 9000 sets of DHS data,2016-02-07,2016-02-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Individual hacker(s),,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.tripwire.com/state-of-security/latest-security-news/hacker-publishes-9000-dhs-employees-info-says-20000-fbi-officials-data-is-next/']
847,Chilean Hackers vs. Chile,"Actor ""Chilean Hackers"" leaked data of people asking for state benefits",2016-02-07,2016-02-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Chile'],[['SOUTHAM']],[['State institutions / political system']],[['Civil service / administration']],['Chilean Hackers'],['Chile'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Chilean Hackers,Chile,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/hacktivists-leak-details-for-300-000-chilean-citizens-looking-for-state-benefits-500232.shtml']
848,Bolivia Army Mail Servers Breach,"The ""Chilean Hackers"" breached the E-Mail Servers of the Bolivian Army and leaked Data",2016-02-10,2016-02-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Bolivia'],[['SOUTHAM']],[['State institutions / political system']],[['Military']],['Chilean Hackers'],['Chile'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Chilean Hackers,Chile,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/hackers-breach-bolivian-army-email-servers-500233.shtml']
849,Israeli Security Cameras vs. Hezbollah,Hezbollah-Affiliated Hackers Breach Israeli Security Camera System into feeds from Israel's Defense Ministry,2016-02-14,2016-02-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],"['Qadmon', 'Hezbollah']","['Lebanon', 'Lebanon']","['Non-state-group', 'Non-state-group']","['Terrorist(s)', 'Terrorist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Qadmon; Hezbollah,Lebanon; Lebanon,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),[],System / ideology,System/ideology; Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/hezbollah-affiliated-hackers-breach-israeli-security-camera-system-500703.shtml']
850,Anonymous vs. Turkish National Police,"The hacktivist group Anonymous has released close to 18GB worth of sensitive data from Turkey’s national police database. The information, which was taken from the Turkish General Directorate of Security (EGM), has purportedly been posted on file sharing sites available for free public download.",2016-02-15,2016-02-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://securityaffairs.co/wordpress/44569/hacking/anonymous-hacked-turkish-national-police.html']
851,DDOS vs. Italian Regional Governments,"Apulia and Basilicata’s regional government portals targeted by DDoS attacks by Anonymous, the Apulia's wasn't functioning for 5-7days and from it data was stolen and posted online.In protest against Trans Adriatic Pipeline project ignorant towards critical environmental concerns.",2016-02-20,2016-02-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/anonymous-attacks-italian-government-site-because-of-gas-pipeline-project-500977.shtml']
852,Hack of Israelian Drones,"Palestinian charged for helping an islamic group breaking into Israeli drones, getting pictures of civilian aircraft movements.",2016-03-01,2016-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Critical infrastructure']]","[['Military', 'Transportation']]",['Majd Ouida for Islamic Jihad'],['Palestine'],['Non-state-group'],['Terrorist(s)'],1,2016-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,Majd Ouida for Islamic Jihad,Palestine,Non-state-group,Terrorist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-israeli-palestinians-cybercrime/israel-charges-palestinian-for-hacking-drones-airport-info-idUSKCN0WP21F']
853,New Jersey Police Office Leak,ISIS hackers leaked personaldata of 55 New Jersey Police Officers,2016-03-02,2016-03-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['Caliphate Cyber Army'],['Unknown'],['Non-state-group'],['Terrorist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Caliphate Cyber Army,Unknown,Non-state-group,Terrorist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.dailymail.co.uk/news/article-3478237/ISIS-hackers-threaten-55-New-Jersey-police-officers-releasing-home-addresses-phone-numbers-working-locations.html']
854,NWH vs. Salt Lake City Police,"The NWH group conducted a series of powerful DDoS attacks on SaltLakeCity Police, Airport and Banking website against the shooting of a Somali teenager Abidi Mohamed",2016-03-14,2016-03-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['New World Hacktivists'],['United States'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,New World Hacktivists,United States,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/salt-lake-city-police-airport-websites-ddos-attacks/']
855,Swedish newspapers down,"Websites of several swedish newspapers shutdown via DDoS by hackers for""spreading government propaganda""",2016-03-18,2016-03-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Sweden'],"[['EUROPE', 'EU', 'NORTHEU']]",[['Media']],,,['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.thelocal.se/20160320/hackers-force-swedish-newspapers-offline', 'https://sputniknews.com/europe/201603201036631447-hackers-attack-swedish-newspapers/', 'https://www.heise.de/security/meldung/Webseiten-schwedischer-Zeitungen-nach-DDoS-Angriffen-wieder-online-3145195.html']"
856,NSHC vs. SVP and SBB,"Swiss hackers attacked the swissright-wingparty SVP, and leaked data on the wider internet",2016-03-18,2016-03-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption,,['Switzerland'],"[['EUROPE', 'WESTEU']]","[['State institutions / political system', 'Critical infrastructure']]","[['Political parties', 'Transportation']]",['NSHC'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,NSHC,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.nzz.ch/schweiz/aktuelle-themen/internetkriminalitaet-grey-hats-hacken-svp-datenbank-ld.8580']
857,Philippine voter data DDoS & Leak,Anonymous Philippines deface the Commission on Elections (Comelec) websites of the Philippines and LulzSec Philipinas steal and publish voters private data including fingerprints of more than 50 million persons in the countries biggest private dataleak.,2016-03-27,2016-03-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Election infrastructure / related systems']],"['Anonymous Philippines', 'LulzSec Philipinas']","['Philippines', 'Philippines']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",2,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms; Attacker confirms,,,,Anonymous Philippines; LulzSec Philipinas; Anonymous Philippines; LulzSec Philipinas,Philippines; Philippines; Philippines; Philippines,Non-state-group; Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s),['https://www.trendmicro.com/en_us/research/16/d/55m-registered-voters-risk-philippine-commission-elections-hacked.html'],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/technology/2016/apr/11/philippine-electoral-records-breached-government-hack', 'http://www.bbc.com/news/technology-36013713', 'https://www.trendmicro.com/en_us/research/16/d/55m-registered-voters-risk-philippine-commission-elections-hacked.html']"
858,Anonymous vs. Angolian Government,Anonymous attacked and defaced various angolian government webpages,2016-03-30,2016-03-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Angola'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Portugal'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Portugal,Non-state-group,Hacktivist(s),[],System / ideology; National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/anonymous-attacks-angolan-government-in-response-to-the-jailing-of-17-activists-502479.shtml']
859,Chinese Hackers vs. Taiwan,"Mainland hackers were likely to be behind an attack on the website of Taiwan's ruling party, redirecting it to a fake website",2016-04-01,2016-04-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Disruption,,['Taiwan'],"[['ASIA', 'SCS']]",[['State institutions / political system']],[['Political parties']],,['China'],['State'],,1,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,China,State,,[],System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.securityweek.com/chinese-cyber-spies-hack-taiwan-ruling-party-fireeye']
860,Daewoo Shipbuilding Hack,"North Korea probably stole South Korean warship blueprints after hacking into Daewoo Shipbuilding & Marine Engineering CoLtd’s data base in April 2016, a South Korean opposition lawmaker said.",2016-04-01,2016-04-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Critical infrastructure']],[['Defence industry']],,"[""Korea, Democratic People's Republic of""]",['State'],,1,2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",State,,['https://www.reuters.com/article/us-northkorea-missiles-cybercrime/north-korea-hacked-daewoo-shipbuilding-took-warship-blueprints-south-korea-lawmaker-idUSKBN1D00EX'],System / ideology; Territory; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-northkorea-missiles-cybercrime/north-korea-hacked-daewoo-shipbuilding-took-warship-blueprints-south-korea-lawmaker-idUSKBN1D00EX']
844,LSETack down,"Anonymous has crippled the website of the London Stock Exchange in a protest against the global financial system. Anonymous claims the incident was one of 67 successful attacks carried out on the websites of major institutions last month. The targets included the Swiss National Bank, the Central Bank of Venezuela and the Federal Reserve Bank of San Francisco.",2016-02-06,2016-02-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Critical infrastructure']],[['Finance']],['Anonymous'],['Philippines'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Philippines,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['http://www.dailymail.co.uk/news/article-3625656/Hackers-attack-Stock-Exchange-Cyber-criminals-website-two-hours-protest-against-world-s-banks.html']
862,DNC-Hack (Fancy Bear),Russian government hackers from state-sponsored group Fancy Bear/APT28 penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump.,2016-04-01,2016-06-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Political parties']],"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],['State'],,2,2016-01-01; 2016-01-01,"Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,State; State,,"['https://www.justice.gov/file/1080281/download', 'https://cyber-peace.org/wp-content/uploads/2018/11/Bears-in-the-Midst_-Intrusion-into-the-Democratic-National-Committee-%C2%BB.pdf']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.justice.gov/file/1080281/download', 'https://cyber-peace.org/wp-content/uploads/2018/11/Bears-in-the-Midst_-Intrusion-into-the-Democratic-National-Committee-%C2%BB.pdf']"
863,Armenian-Azerbaijan-cyber-conflict Part 2,The Monte Melkonian Cyber Army took down Azerbaijani servers,2016-04-02,2016-04-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Azerbaijan'],"[['ASIA', 'CENTAS']]","[['State institutions / political system', 'Media']]","[['Government / ministries', '']]",['Monte Melkonian Cyber Army'],['Armenia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),[],System / ideology; Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/cyberwar-turkish-vs-armenian-hackers/']
864,Turkish-Armenian-Azerbaijan-Secession,"The attacks by the Turkish hacking group called ""Aslan Neferler Tim"" (which roughly translates as ""Private Lion Team"") caused blackouts on Armenian government websites, including those of the Ministries of Defence, Energy, Agriculture and several other government agencies.
The group had previously claimed responsibility for the attacks on the websites of Belgian government agencies, Dutch right-wing politician Geert Wilders, the Armenian central bank and the main site of the well-known hacker movement Anonymous.",2016-04-03,2016-04-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Armenia'],"[['ASIA', 'CENTAS', 'CSTO']]","[['State institutions / political system', 'Critical infrastructure', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Finance', 'Police', 'Intelligence agencies']]",['Turk Hack Team'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Turk Hack Team,Turkey,Non-state-group,Hacktivist(s),[],System / ideology; Territory,Territory; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.dailysabah.com/turkey/2016/04/06/turkish-hacker-groups-attacks-shut-down-armenian-government-websites']
865,Syrian government dataleak,The CyberJusticeTeam claimed responsibility for a massive data leak of the syrian government,2016-04-05,2016-04-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Syria'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['CyberJustice Team'],['Unknown'],['Unknown - not attributed'],,2,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,CyberJustice Team; CyberJustice Team,Unknown; Unknown,Unknown - not attributed; Non-state-group,; Hacktivist(s),['https://www.riskbasedsecurity.com/2016/04/08/cyber-justice-team-makes-a-statement-with-massive-data-leak/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.infosecurity-magazine.com/news/massive-syrian-government-hack/', 'https://www.riskbasedsecurity.com/2016/04/08/cyber-justice-team-makes-a-statement-with-massive-data-leak/']"
861,Niteworks hack,"A contractor ""Niteworks""of Britisch MoD hacked personal information on 831 members of defence community.",2016-04-01,2016-04-22,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://www.theregister.co.uk/2016/04/22/mod_contractor_hacked_831_members_of_defence_community_exposed/']
867,KKK-Knights offline,"The Anonymous-affiliated hackinggroup ""GhostSquad"" blocked the KKKKnights website for several hours via DDoS",2016-04-24,2016-04-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Terrorist']],['GhostSquad'],['United States'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,United States,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-ghost-squad-ddos-on-kkk-website/']
868,Black-Lives-Matter offline,"The Anonymous-affiliated hacking group ""Ghost Squad"" defaced the ""Black Lives Matter"" webportal with ""All Lives Matter"" banners",2016-04-30,2016-04-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Other social groups']],['GhostSquad'],['United States'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,United States,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-ddos-black-lives-matter-website/']
869,MagicHound,Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named MagicHound. This appears to be an attack campaign focused on espionage. Possibly related to Iranian state-sponsored RocketKittenGroup aka CobaltGypsy aka APT35.,2016-05-01,2016-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Energy', '']]","['APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064', 'Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064; Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,['https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/', 'https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf']"
870,Netrepser,"A complex, targeted malware framework that, unlike a military-grade APT, is“ stitched together” with freeware utilities in order to spy on more than 500 government agencies and organizations worldwide.",2016-05-01,2017-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,"[['State institutions / political system', 'Other']]",,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.bitdefender.de/files/News/CaseStudies/study/152/Bitdefender-Whitepaper-Netrepser-A4-en-EN-web.pdf']
866,TeamSystemDz defacement of western websites,"Pro-ISIS Algerian-based TeamSystemDz defaced 88 websites from the US, France, Israel and the UK. In particular, it defaced several websites in Richland County.",2016-04-14,2016-04-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"['United States', 'France', 'Israel', 'United Kingdom']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Civil service / administration', 'Health'], ['Government / ministries', 'Civil service / administration', 'Health'], ['Government / ministries', 'Civil service / administration', 'Health'], ['Government / ministries', 'Civil service / administration', 'Health']]",['Team System Dz'],['Algeria'],['Non-state-group'],['Terrorist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team System Dz,Algeria,Non-state-group,Terrorist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://news.softpedia.com/news/pro-isis-group-defaces-88-websites-in-three-day-rampage-503153.shtml', 'https://www.hackread.com/richland-county-website-sheriffs-dept-hacked/']"
872,Turkish Election Data dump,"Not identified hacker(s) posted to the web a 1.4 gigabyte compressed bittorrent file that appears to contain personal data on 50 million Turkish citizens, including their names, addresses, parents 'firstnames, cities of birth, birthdates, and a national identifier number used by the Turkish government, all of which were verified as authentic by the Associated Press.",2016-05-01,2016-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Civil service / administration']],,['United States'],['Individual hacker(s)'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,United States,Individual hacker(s),,"['https://www.wired.com/2016/04/hack-brief-turkey-breach-spills-info-half-citizens/', 'https://www.heise.de/security/meldung/Persoenliche-Daten-von-49-Millionen-tuerkischen-Waehlern-veroeffentlicht-3161729.html']",System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.wired.com/2016/04/hack-brief-turkey-breach-spills-info-half-citizens/', 'https://www.heise.de/security/meldung/Persoenliche-Daten-von-49-Millionen-tuerkischen-Waehlern-veroeffentlicht-3161729.html']"
873,#OpIcarus,"Anonymous and Ghost Squad have targeted many international banks and central banks with DDoS attacks, in protest against corruption.",2016-05-01,2016-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"['Nepal', 'Kuwait', 'Chile', 'Greece', 'Mexico', 'Dominican Republic', 'Guernsey', 'Maldives', 'Netherlands', 'Kenya']","[['ASIA', 'SASIA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['SOUTHAM'], ['EUROPE', 'NATO', 'EU', 'BALKANS'], [], [], ['EUROPE', 'NORTHEU'], ['ASIA', 'SASIA'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['AFRICA', 'SSA']]","[['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure']]","[['Other (e.g., embassies)', 'Finance'], ['Other (e.g., embassies)', 'Finance'], ['Other (e.g., embassies)', 'Finance'], ['Other (e.g., embassies)', 'Finance'], ['Other (e.g., embassies)', 'Finance'], ['Other (e.g., embassies)', 'Finance'], ['Finance'], ['Other (e.g., embassies)', 'Finance'], ['Other (e.g., embassies)', 'Finance'], ['Other (e.g., embassies)', 'Finance']]","['Anonymous', 'GhostSquad']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; GhostSquad,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.rt.com/uk/342958-opicarus-anonymous-bank-england/', 'https://www.ibtimes.co.uk/op-icarus-anonymous-launches-ddos-attacks-8-international-banks-1558987', 'https://www.hackread.com/opicarus-anonymous-shut-down-5-more-banks/', 'https://www.ibtimes.co.uk/opicarus-ny-stock-exchange-us-federal-reserve-many-financial-institutions-attacked-by-anonymous-1560836']"
874,Anonymous DDOS vs. North Carolina,"Anonymous hacked Government websites of North Carolina in protest against an ""anti-LGBT"" Bathroom Law",2016-05-14,2016-05-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-ddos-north-carolina-anti-lgbt-law/']
875,Tutorial Attack,"PhineasFisher attacked the Catalan police union, defaced it's website, plundered their webserver, published personal information about policeofficers and hijacked their Twitteraccount, to protest their past extremely questionable and likely criminal behavior. He recorded the attack and made it public as a tutorial video",2016-05-19,2016-05-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Spain'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Police']],['Phineas Fischer'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Phineas Fischer,Unknown,Individual hacker(s),,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.helpnetsecurity.com/2016/05/20/phineas-fisher-records-latest-attack/']
876,GhostSquad vs. Trump,GhostSquad conducted a DDoS attack on the Trump Hotel Collection website to target Trump’s hate mongering,2016-05-21,2016-05-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['GhostSquad'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/donald-trump-hotel-collections-website-down/']
877,Attack on Irans Statistical Centre,"Iran's cyber police claim Statistical Centre was attacked by hackers in three Arab countries, including Saudi Arabia",2016-05-24,2016-05-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Civil service / administration']],,['Saudi Arabia'],['Non-state-group'],['Criminal(s)'],1,,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Saudi Arabia,Non-state-group,Criminal(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/iran-cyber-police-claim-saudi-arabia-behind-hacking-government-website-1562673']
878,Gambling Hack,Hackers target Czech Republic gov’t sites over plans to block gambling domains,2016-05-30,2016-05-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Czech Republic'],"[['EUROPE', 'NATO', 'EU', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Legislative', 'Police', 'Intelligence agencies']]",['Anonymous'],['Czech Republic'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Czech Republic,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://calvinayre.com/2016/06/01/business/hackers-target-czech-republic-plans-gambling-domains/', 'https://news.softpedia.com/news/anonymous-hackers-attack-czech-finance-minister-because-of-online-gambling-law-506946.shtml']"
879,Anonymous DataLeak Spanish Police,"Anonymous leaked personal details of 5,000 Spanish cops online as a protest against the gag law",2016-05-31,2016-05-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Spain'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-hacks-spanish-police-against-gag-law/']
880,Operation BugDrop,Espionage Campaign which is possibly linked to Operation Groundbait from 2015.,2016-06-01,2016-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Ukraine', 'Austria', 'Russia']","[['EUROPE', 'EASTEU'], ['EUROPE', 'EU', 'WESTEU'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['International / supranational organization', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['International / supranational organization', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['International / supranational organization', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science']]",,['Operation Bugdrop'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Operation Bugdrop,Unknown,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://cyberx-labs.com/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/']
881,Pakistani Defacement,"Pakistani Hackers Deface Websites for Seven Indian Embassies, One Police Station",2016-06-01,2016-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['', 'Police']]",['Team Pak'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team Pak,Pakistan,Non-state-group,Hacktivist(s),[],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/pakistani-hackers-deface-websites-for-seven-indian-embassy-one-police-station-505119.shtml']
882,#OpSilence,"Ghost Squad Hackers Announce #OpSilence, Month-Long Attacks on Mainstream Media",2016-06-01,2016-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Media']],,['GhostSquad'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media-504760.shtml']
883,Anonymous vs. Anti-White-Movemnets,Anonymous Attacks Anti-White Movements in South Africa and Zimbabwe,2016-06-14,2016-06-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"['Zimbabwe', 'South Africa']","[['AFRICA', 'SSA'], ['AFRICA', 'SSA']]","[['State institutions / political system'], ['State institutions / political system']]","[['Political parties'], ['Political parties']]","['Anonymous', 'Zim4thewin']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Anonymous; Zim4thewin,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/anonymous-attacks-anti-white-movements-in-south-africa-and-zimbabwe-505251.shtml']
884,Muslim Brotherhood-Hack,A hacker going by the handle of  SkyNetCentral conducted as series of distributed denial-of-service (DDoS) attack on the official website of Society of the MuslimBrothers or MuslimBrotherhood (Al-Ikhwanal-Muslimun in Arabic) forcing the website to go offline despite using CloudFlareDDoS protection service,2016-06-16,2016-06-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Egypt'],"[['MENA', 'MEA', 'AFRICA', 'NAF']]",[['State institutions / political system']],[['Political parties']],['Skynetcentral'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Skynetcentral,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/muslim-brotherhoods-website-suffers-ddos-attacks/']
885,Takedown of House-Democrats,Hackers down House Democrats' websites,2016-06-23,2016-07-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Legislative']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.politico.com/story/2016/06/hackers-house-democrats-websites-224904']
886,Diplomats in EasternEurope bitten by a TurlaMosquito,Evidence was found that Turla installers were exfiltrating information since at least July 2016. The targets are mainly consulates and embassies from different countries in Eastern Europe or the vicinity.,2016-07-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Eastern Europe'],,"[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Civil service / administration', '', '']]","['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)', 'FSB']","['Unknown', 'Unknown']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01; 2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center); FSB; Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center); FSB",Unknown; Unknown; Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.valisluureamet.ee/pdf/raport-2018-ENG-web.pdf'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf', 'https://www.valisluureamet.ee/pdf/raport-2018-ENG-web.pdf']"
887,Russia/Belarus-Aerospace Chinese Hack,"According to the firm ProofPoint, Chinese state-sponsored actors continues to spy on military and aerospace organizations in Russia and Belarus.",2016-07-01,2017-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Russia', 'Belarus']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO']]","[['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure']]","[['Military', 'Defence industry'], ['Military', 'Defence industry']]",,['China'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,"Non-state actor, state-affiliation suggested",,"['https://securityaffairs.co/wordpress/55942/APT /chinese-state-sponsored-aerospace.html', 'https://www.proofpoint.com/us/threat-insight/post/APT -targets-russia-belarus-zerot-plugx']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/55942/APT%20/chinese-state-sponsored-aerospace.html', 'https://securityaffairs.co/wordpress/55942/APT /chinese-state-sponsored-aerospace.html', 'https://www.proofpoint.com/us/threat-insight/post/APT -targets-russia-belarus-zerot-plugx']"
888,Voting Systems hacked in US states before elections,"Voters personal data was stolen from Election Authorities in Illinois and Arizona, but also other states. At least 200.000 persons affected. But ""due to the ambiguous nature of the attack,"" the elections board warned, ""we may never know the exact number of affected voters"".",2016-07-01,2016-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Civil service / administration', '']]",['GRU'],['Russia'],['State'],,1,2017-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,GRU,Russia,State,,"['https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/', 'https://www.reuters.com/article/us-usa-cyber-election/arizona-election-database-targeted-in-2016-by-criminals-not-russia-source-idUSKBN1HF11F', 'https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.heise.de/security/meldung/Das-FBI-untersucht-Hacker-Angriffe-auf-US-Waehlerregister-3310460.html', 'http://www.governing.com/topics/elections/tns-illinois-arizona-hackers-elections.html', 'https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/', 'https://www.reuters.com/article/us-usa-cyber-election/arizona-election-database-targeted-in-2016-by-criminals-not-russia-source-idUSKBN1HF11F', 'https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf']"
889,Russia economic espionage,20 Russian government and military facilities alongside several defence contractors were targeted via a spear-phishing campaign with malware sent via email.,2016-07-01,2016-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Civil service / administration', 'Defence industry']]",,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.heise.de/newsticker/meldung/Russischer-Geheimdienst-meldet-schweren-Fall-von-Cyberspionage-3282142.html']
890,shad0ws3c vs. Paraguyan Secretary of National Emergency,Hacktivist group leaks information from Paraguayan Secretary of National Emergency,2016-07-01,2016-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Paraguay'],[['SOUTHAM']],[['State institutions / political system']],[['Government / ministries']],['shad0ws3c'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,shad0ws3c,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/shad0ws3c-leaks-data-from-paraguay-s-government-507695.shtml']
891,Anonymous vs. Zimbabwean Government,"Anonymous conducted a series of cyber attacks on the Zimbabwe government websites for #ZimShutDown2016 or #ShutDownZimbabwe, a protest movement in which citizens are protesting against the Robert Mugabe’s government who has been in power for last 36 years. Sites went offline for several hours.",2016-07-04,2016-07-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Zimbabwe'],"[['AFRICA', 'SSA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Election infrastructure / related systems']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-ddos-zimbabwe-government-sites/']
892,Wikileaks-Turkey-attack,"The whistleblowing website WikiLeaks said it had suffered a ""sustained attack"" over the announcement of publication of documents of Turkey's political power structure and the country's leadership.",2016-07-11,2016-07-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Disruption,,['Sweden'],"[['EUROPE', 'EU', 'NORTHEU']]",[['Social groups']],[['Advocacy / activists (e.g. human rights organizations)']],,['Turkey'],"['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Turkey,"Non-state actor, state-affiliation suggested",,[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://sputniknews.com/world/201607191043251623-turkey-wikileaks-attack-release/', 'https://nakedsecurity.sophos.com/2016/07/19/wikileaks-suffers-sustained-attack-after-announcing-release-of-turkish-government-docs/']"
893,DDOS against phillipine pages,"Philippines Government Websites Hit by Massive DDoS Attacks, China Suspected",2016-07-12,2016-07-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],,['China'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,China,Unknown - not attributed,,[],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://news.softpedia.com/news/philippines-government-websites-hit-by-massive-ddos-attacks-china-suspected-506412.shtml']
894,Anonymous vs. Brazilian courts,Anonymous hacks a Brazilian Court for blocking WhatsApp.,2016-07-19,2016-07-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Brazil'],[['SOUTHAM']],[['State institutions / political system']],[['Judiciary']],['Anonymous'],['Brazil'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Brazil,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/anonymous-ddos-rio-court-site-for-blocking-whatsapp/', 'http://anonhq.com/anonymous-shuts-brazilian-court-blocking-whatsapp/']"
895,Defacement of Vietnamese Airports,Information screens on Vietnamese Airports were hacked to show anti-Chinese messages,2016-07-29,2016-07-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Vietnam'],"[['ASIA', 'SCS', 'SEA']]",[['Critical infrastructure']],[['Transportation']],['1937CN'],['China'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,1937CN,China,Non-state-group,Hacktivist(s),['https://www.cyberdefensemagazine.com/china-1937cn-team-hackers-attack-airports-in-vietnam/'],Territory; Resources,Territory; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/world/2016/jul/29/flight-information-screens-in-two-vietnam-airports-hacked', 'https://www.cyberdefensemagazine.com/china-1937cn-team-hackers-attack-airports-in-vietnam/']"
896,North Korea attack on South Korean Military,"NorthKorea appears to have hacked SouthKorea's cybercommand in what could be the latest cyberattack against Seoul, the military here said Tuesday,",2016-08-01,2016-10-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Military']],,"[""Korea, Democratic People's Republic of""]",['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Korea, Democratic People's Republic of",Unknown - not attributed,,['https://arxiv.org/ftp/arxiv/papers/1711/1711.04500.pdf'],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://en.yna.co.kr/view/AEN20161207002951315?section=search', 'https://arxiv.org/ftp/arxiv/papers/1711/1711.04500.pdf']"
897,WADA-Hack,"The World Anti-Doping Agency said on Tuesday that hackers stole confidential medical information about U.S. Olympic athletes and published it on the internet, blaming a Russian group for the attack. In 2018, the US and some of its allies attributed this attack to Russian GRU officers.",2016-08-01,2016-09-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft & Doxing,,['World Anti-Doping Agency'],,[['International / supranational organization']],,"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],['State'],,3,2016-01-01; 2016-01-01; 2016-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement/report and indictment / sanctions",Receiver attributes attacker; IT-security community attributes attacker; Attribution by third-party,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia; Russia,"State; Non-state actor, state-affiliation suggested; State",,"['https://www.threatconnect.com/blog/fancy-bear-anti-doping-agency-phishing/', 'https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and', 'https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed']",System / ideology; Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-doping-wada-cyber/anti-doping-agency-says-athlete-data-stolen-by-russian-group-idUSKCN11J26T', 'https://www.threatconnect.com/blog/fancy-bear-anti-doping-agency-phishing/', 'https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and', 'https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed', 'https://www.nytimes.com/2017/01/06/sports/russia-cyberattacks-wada-doping.html']"
898,APT  3 vs. Hongkong Organizations and Government Agencies,"APT 3, a state-sponsored Chinese hacking group, accessed two networks of the HongKong-City-Government, as well as other targets since march 2016 (according to Symantec).",2016-08-01,2016-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Hong Kong'],[['ASIA']],"[['State institutions / political system', 'Other']]","[['Government / ministries', '']]","['APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)', 'Boyusec']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2016-01-01; 2016-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec); Boyusec",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.securityweek.com/hong-kong-authorities-attacked-chinese-hackers'],System / ideology; Autonomy,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.securityweek.com/hong-kong-authorities-attacked-chinese-hackers']
899,Intsights vs. ISIS,The israeli cyber-securityfirm Intsights hacked an ISIS forum and found information concerning future terrorist attacks,2016-08-04,2016-08-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Unknown'],,[['Social groups']],[['Terrorist']],['Intsights'],['Israel'],['Non-state-group'],['Private technology companies / hacking for hire groups without state affiliation / research entities'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Intsights,Israel,Non-state-group,Private technology companies / hacking for hire groups without state affiliation / research entities,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/security-firm-says-it-uncovered-new-terrorist-attacks-after-hacking-isis-forum-506960.shtml']
900,Anonymous Brazil vs. Brazil,"Anonymous conducted cyber attacks on the government websites forcing several of them to go offline. The targeted websites include the official website of the federal government for the 2016 Games (brasil2016.gov.br), Portal of the State Government of Rio de Janeiro (rj.gov.br), Ministry of sports (esporte.gov.br), Brazil Olympic Committee COB (cob.org.br) and the official website of the Rio 2016 Olympics (rio2016.com).",2016-08-05,2016-08-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Brazil'],[['SOUTHAM']],[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Brazil'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Brazil,Non-state-group,Hacktivist(s),[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-ddos-brazilian-government-websites/']
901,GhostSquad vs. Israeli Prime Minister,GhostSquad took down the website of the israelian primeminister,2016-08-25,2016-08-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['GhostSquad'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Resources; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/ghost-squad-attacks-israeli-prime-minister-site/']
902,Azerbaijani Bank Data Leak,"Armenian hackers from the Monte Melkonian Cyber Army (MMCA) have leaked a number of data allegedly belonging to Azerbaijani banks, military and police servers.",2016-09-01,2016-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Azerbaijan'],"[['ASIA', 'CENTAS']]","[['State institutions / political system', 'Critical infrastructure', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Finance', 'Military', 'Police']]",['Monte Melkonian Cyber Army'],['Armenia'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Monte Melkonian Cyber Army,Armenia,Non-state-group,Hacktivist(s),[],System / ideology; Territory,Territory,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.hackread.com/armenian-hackers-leak-azeri-banking-military-data/']
903,GhostSquad Defacement of Afghani Sites,GhostSquad Hackers deface 12 Afghan Government websites,2016-09-01,2016-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Afghanistan'],"[['ASIA', 'SASIA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Civil service / administration']]",['GhostSquad'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,GhostSquad,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/ghost-squad-hackers-deface-12-afghan-government-websites-507900.shtml']
904,Anonymous DDOS vs. Japan,Anonymous attacked japanese sites in response to renewed dolphin hunting,2016-09-03,2016-09-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://asia.nikkei.com/Japan-Update/Dolphin-hunt-prompts-renewed-Anonymous-cyberattacks-on-Japan']
905,Australia census pages DDOS,Australia's first digital census website receives DDoS attacks and breaks down,2016-09-08,2016-09-08,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption,,['Australia'],[['OC']],[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/australias-first-digital-census-monumental-failure-website-goes-into-meltdown-1575307']
906,DDOS attack on austrian central bank,A turkish hacktivist group managed to overload the website of the austrian central bank via an DDOS-attack,2016-09-13,2016-09-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Austria'],"[['EUROPE', 'EU', 'WESTEU']]","[['State institutions / political system', 'Critical infrastructure']]","[['Other (e.g., embassies)', 'Finance']]",,['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://kurier.at/chronik/wien/hacker-attackierten-oesterreichische-nationalbank/220.829.900']
907,Hack of AHRC,Hacker attacks American Human Rights Council and 62 other websites calling for jihad,2016-09-14,2016-09-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Other social groups']],['Muslim Leads'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Muslim Leads,Unknown,Individual hacker(s),,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/hacker-attacks-american-human-rights-council-62-other-websites-calling-jihad-1581813']
908,Indian CBI Hack,"Indian Central Bureau of Investigation and Army officers were targeted by a phishing campaign, according to an Indian Cybersecurity Blog/Research-Entity.",2016-09-20,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",,['Pakistan'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Pakistan,"Non-state actor, state-affiliation suggested",,['https://cysinfo.com/uri-terror-attack-spear-phishing-emails-targeting-indian-embassies-and-indian-mea/'],International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officials/', 'https://cysinfo.com/uri-terror-attack-spear-phishing-emails-targeting-indian-embassies-and-indian-mea/']"
909,Turkish Energy Leak,RedHack leaks personal E-Mail accounts of Turkish Energy Minister and Erdogan's son-in-law Albayrak,2016-09-23,2016-09-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['RedHack'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RedHack,Turkey,Non-state-group,Hacktivist(s),[],System / ideology; Autonomy,Autonomy,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.dailydot.com/layer8/redhack-turkey-albayrak-censorship/']
910,India/Pakistan Ehdoor Espionage,"SymantecCorp, a digital security company, says it has identified a sustained cyberspying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.",2016-10-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Pakistan', 'India']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military'], ['Government / ministries', 'Military']]",,['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-india-cyber-threat-idUSKCN1B80Y2']
871,APT 15 aka Ke3chang,Chinese hackers APT 15 spied on UK military contractors.,2016-05-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Defence industry', '']]",['Ke3chang/Vixen Panda/APT 15'],['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Ke3chang/Vixen Panda/APT 15,China,Unknown - not attributed,,['https://www.nccgroup.com/uk/about-us/newsroom-and-events/press-releases/2018/march/new-tools-uncovered-from-hacking-group-APT 15/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://threatpost.com/china-linked-APT%2015-used-myriad-of-new-tools-to-hack-uk-government-contractor/130376/', 'https://www.nccgroup.com/uk/about-us/newsroom-and-events/press-releases/2018/march/new-tools-uncovered-from-hacking-group-APT 15/']"
912,Bradley-Foundation Hack,Hackers penetrated the networks of the Bradley Foundation and leaked data (additionally some fake data),2016-10-01,2016-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Other social groups']],"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.vocativ.com/372088/bradley-foundation-hack-clinton-cammpaign-fake-files/', 'https://www.databreaches.net/bradley-foundation-hacked-to-expose-contribution-to-clinton-campaign/']"
913,Defacement of Indian Websites,Indian government sites hacked and defaced with propaganda by pakistani hackers.,2016-10-01,2016-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],,['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.gadgetsnow.com/tech-news/Pakistan-steps-up-cyberwar-over-35-Indian-websites-hit/articleshow/54753240.cms']
914,Surkov Leaks,"Ukrainian hackers CyberHunta leaked over a gigabyte of emails (2,300) of Kremlin official Vladislav Surkov (with plans to destabilise Ukraine). Ukrainian officials affirm authenticity of the documents while the Kremlin says it's fake and denies Surkov even using email.",2016-10-01,2016-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Cyber Hunta'],['Ukraine'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cyber Hunta,Ukraine,Non-state-group,Hacktivist(s),['https://medium.com/dfrlab/breaking-down-the-surkov-leaks-b2feec1423cb#.t4wz7vsnx'],System / ideology; Resources; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securitylab.ru/news/484218.php', 'https://medium.com/dfrlab/breaking-down-the-surkov-leaks-b2feec1423cb#.t4wz7vsnx', 'https://www.newsweek.com/kremlin-denies-putin-aide-hack-because-he-does-not-use-email-514038?rx=us']"
915,DPR pension fund,"Chairperson of Donetsk People's Republic pension fund reported an attack and blocking of the fund database, so that pension payments were suspended. DPR blaimed Ukrainian hackers, presumably related to advance poll in DPR",2016-10-04,2016-10-04,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Civil service / administration']],,['Ukraine'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,Ukraine,Non-state-group,Hacktivist(s),[],System / ideology; Resources; Secession,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.segodnya.ua/regions/donetsk/zhiteli-dnr-ostalis-bez-pensiy-boeviki-obvinyayut-hakerov-758334.html', 'https://russian.rt.com/article/324629-v-dnr-zayavili-o-vzlome-bazy-dannyh']"
916,SEA vs. Belgian Media,Syrian Cyberarmy hacks Belgian Media Sites.,2016-10-24,2016-10-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Belgium'],"[['EUROPE', 'EU', 'NATO', 'WESTEU']]",[['Media']],,['Syrian Cyber Army'],['Syria'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Syrian Cyber Army,Syria,Non-state-group,Hacktivist(s),"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']",System / ideology,System/ideology; Resources,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html', 'https://news.softpedia.com/news/syrian-cyber-army-claim-ddos-attacks-on-belgian-media-509623.shtml', 'https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0']"
917,Break of US election Agency,"US election agency breached and 100 credentials of voters stolen, hacker tried to sell the data",2016-11-01,2016-11-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Individual hacker(s)'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,,Unknown,Individual hacker(s),,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-election-hack-commission-idUSKBN1442VC?il=0']
918,"Malware ""Stonedrill""","A wiper malware sharing similarities with Shamoon 2.0, but even stronger with past attacks of Newsbeef aka Newscaster aka CharmingKitten targeted Saudi Arabian Corporations and was even found in an Kaspersky Network in Europe.",2016-11-01,2016-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,"['Europe (region)', 'Saudi Arabia']","[[], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Other'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Other']]",,"['APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064', 'Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064; Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf', 'https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf', 'https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf']"
919,N.T.R. Greyhat leak,"Hacker leaks personal data of 34 Mio. Keralites from Kerala government’s civil supplies department website, after department fails to address security flaws in website",2016-11-01,2016-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Civil service / administration']],['N.T.R.'],['India'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,N.T.R.,India,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://gulfnews.com/xpress/news/data-of-34-million-keralites-leaked-in-massive-breach-1.1930317']
920,DDOS vs. Wikileaks,"WikiLeaks hit with'targeted' cyberattack after publishing over 8,000 more DNC emails",2016-11-07,2016-11-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,['Unknown'],,[['Social groups']],[['Advocacy / activists (e.g. human rights organizations)']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/wikileaks-hit-targeted-cyberattack-after-publishing-over-8000-more-dnc-emails-1590267']
911,Lazarus vs. Polish Banks,"Attacks aimed at banks in Poland appear to be part of a bigger campaign targeting financial organizations around the world, and researchers have found some links to the threat actor known as Lazarus.",2016-10-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,"['Poland', 'United States', 'Mexico', 'Brazil', 'Denmark', 'Venezuela', 'Colombia', 'Peru', 'United Kingdom', 'India']","[['EUROPE', 'NATO', 'EU', 'EASTEU'], ['NATO', 'NORTHAM'], [], ['SOUTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['SOUTHAM'], ['SOUTHAM'], ['SOUTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'SASIA', 'SCO']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Finance'], ['Finance'], ['Finance'], ['Finance'], ['Finance'], ['Finance'], ['Finance'], ['Finance'], ['Finance'], ['Finance']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)', 'Reconnaissance General Bureau']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2017-01-01; 2017-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug-180129.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/malware-attacks-polish-banks-linked-lazarus-group#:~:text=The%20custom%20exploit%20kit%20was,toolkit%20of%20the%20Lazarus%20Group.', 'https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug-180129.pdf']"
922,CozyBear vs. US-Think Tanks etc. - 2016,"Mere hours after Donald Trump was declared victorious in the wake of the US elections, Kremlin-linked hacker group CozyBear(APT29) ,reportedly launched a wave of attacks on US-based targets. According to Washington-based cyber response firm Volexity, CozyBear hackers launched five different spear-phishing campaigns,""with a heavy focus on U.S.-based think tanks and non-governmental organizations (NGOs)"".",2016-11-08,2016-11-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['Social groups', 'Science']]","[['Other social groups', '']]",['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)'],['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.ibtimes.co.uk/russia-linked-dnc-hackers-launched-wave-cyberattacks-hours-after-trump-victory-1590976', 'https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/']"
923,Russian-Banks-DDoS,"A hacker calling himself vim products claimed to have taken down the webpages of several mayor Russian banks for ""customers""who bought the DDoS attack because their disapproval about Russias interference in the US elections. The effected sites included the Moscow Exchange, the Bank of Moscow, Rosbank, and Alfa-Bank.",2016-11-08,2016-11-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Critical infrastructure']],[['Defence industry']],['Vimproducts'],['Unknown'],['Individual hacker(s)'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Vimproducts,Unknown,Individual hacker(s),,[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://motherboard.vice.com/en_us/article/4xa5y9/hacker-claims-to-take-down-russian-bank-websites-on-election-day']
924,Shamoon 2.0,"Likely Iranian State-sponsored hackers (Crowd strike) have conducted a series of destructive attacks on Saudi Arabia over the last two weeks, erasing data and wreaking havoc in the computerbanks of the agency running the country’s airports and hitting five additional targets.",2016-11-17,2017-01-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Energy', 'Transportation', '']]",['APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,"['https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf', 'https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/', 'https://www.reuters.com/article/us-saudi-cyber-idUSKBN1571ZR']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf', 'https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/', 'https://www.reuters.com/article/us-saudi-cyber-idUSKBN1571ZR', 'https://www.nytimes.com/2016/12/01/world/middleeast/saudi-arabia-shamoon-attack.html', 'https://arstechnica.com/information-technology/2022/12/effective-fast-and-unrecoverable-wiper-malware-is-popping-up-everywhere/', 'https://cyberscoop.com/pro-iranian-abraham-ax-saudi-israel-moses-staff/', 'https://twitter.com/780thC/status/1618571785276100609']"
925,Kapustkiy vs. Italian Government,"Kaputskiy hacks into Italian government site and exposes 45,000 users' data",2016-11-18,2016-11-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Government / ministries']],['Kapustkiy'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/hacker-breaks-into-italian-government-website-45-000-users-exposed-510332.shtml']
926,Kapustkiy vs. Indian regional Council,"Kaputskiy Breaks into Indian Regional Council Server and exposes 17,000 users' data",2016-11-20,2016-11-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Kapustkiy'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/kapustkiy-breaks-into-indian-regional-council-server-17-000-users-exposed-510355.shtml']
927,Shad0wS3C vs. Mexican Regional Government,Shad0wS3C Hacker Breaches Mexican Government Website and exposes sensitive user date,2016-11-23,2016-11-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Mexico'],,[['State institutions / political system']],[['Civil service / administration']],['Shad0wS3C'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Shad0wS3C,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/shad0ws3c-hacker-breaches-mexican-government-website-510447.shtml']
928,DDoS European Commission,"DDoS attack brought down the Internet connection of the EU Commission staff. No data leak, no sign so far related attacks such as hijacking.",2016-11-24,2016-11-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['EU (region)'],[['EU']],[['International / supranational organization']],,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.politico.eu/pro/european-commission-cyberattack-internet-loss-hacked-what-we-know-and-dont-know/', 'https://www.hackread.com/european-commission-suffers-ddos-attacks/']"
929,Foreign Ministry Austria DDoS,Austrian Foreign Ministry suffered a DDoS attack leading to the shutdown of webpage. Turkish involvement due to Austrian position on EU membership suggested.,2016-11-25,2016-11-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Austria'],"[['EUROPE', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],,['Turkey'],['Unknown - not attributed'],,1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,,Turkey,Unknown - not attributed,,[],Other,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.heise.de/newsticker/meldung/DDoS-Angriff-auf-oesterreichisches-Aussenministerium-3505859.html', 'https://www.welt.de/politik/ausland/article159785771/Tuerkische-Hacker-greifen-Website-des-Aussenministeriums-an.html']"
930,Kapustkiy vs. India,Kaputskiy hacks into Indian High Commissions in Ghana and Fiji and exposes credentials of 200 accounts,2016-11-26,2016-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,"['India', 'Fiji', 'Ghana']","[['ASIA', 'SASIA', 'SCO'], ['OC'], ['AFRICA', 'SSA']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries']]",['Kapustkiy'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/powerful-greek-army-hacker-breaches-high-commission-websites-in-india-510519.shtml']
931,Kuwaiti Parliament Defacment,Hackers defaced Kuwaiti parliament website one lection day accusing MP of being an Iranian agent,2016-11-26,2016-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Kuwait'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'State institutions / political system']]","[['Legislative', 'Election infrastructure / related systems']]",['Group_dmar'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Group_dmar,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/hackers-defaced-kuwaiti-parliament-website-election-day-accusing-mp-being-iranian-agent-1593992']
932,SF Muni Hack,"San Francisco Metro and Buscompany Muni was hacked, bringing their payment systems down for several days.",2016-11-26,2016-11-28,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Transportation']],,['Unknown'],['Individual hacker(s)'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Individual hacker(s),,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cnet.com/news/hackers-sf-muni-ransomware-attack-muni/', 'https://www.cnet.com/news/sf-muni-hack-contained-next-transit-hack-could-be-train-wreck/', 'https://www.washingtonpost.com/news/dr-gridlock/wp/2017/01/09/cyberattack-on-san-francisco-transit-agency-prompts-senate-questions-for-metro/?utm_term=.0f18ec42e255']"
921,Shutdown of ScotlandYard,The website of ScotlandYard was taken down by Anonymous in response to an arrest of people at an anti-capitalist protest,2016-11-07,2016-11-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.thetimes.co.uk/article/hackers-hit-police-site-after-arrests-at-protest-7fj2dhzqw']
934,Israel Propaganda Broadcast,Hackers took control of an Israeli newschannel and broadcast the Muslim call to prayer followed by anti-Israel propaganda which lasted about 30 seconds before the connection was restored. The hack allegedly took place in protest of a controversial bill that limits the volume of the ‘Adhan’from mosques in Israel.,2016-11-30,2016-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Media']],,,['Unknown'],['Non-state-group'],['Religious actors'],1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Non-state-group,Religious actors,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.independent.co.uk/news/world/middle-east/hackers-take-control-israelim-channel-2-tv-broadcast-muslim-call-to-prayer-a7461911.html', 'https://www.heise.de/newsticker/meldung/Hacker-senden-anti-israelischen-Kurzfilm-im-Fernsehen-in-Israel-3518414.html']"
935,Kaputskiy vs. Slovak Chamber of Commerece,"Kaputskiy breaks into Slovak Chamber of Commerce and accesses and exposes data belonging to more than 4,000 users",2016-12-01,2016-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Slovakia'],"[['EUROPE', 'NATO', 'EU', 'EASTEU']]",[['State institutions / political system']],[['Civil service / administration']],['Kapustkiy'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://securityaffairs.co/wordpress/54550/data-breach/slovak-chamber-commerce-hacked.html']
936,Turkish Power Outage 2016,"Sources from the Energy Ministry claim that a major cyber-attack is the source of the widespread electricity cuts across Istanbul in december, according to reports in the Turkish media.",2016-12-01,2016-12-01,"Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]",[['Critical infrastructure']],[['Energy']],,['United States'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,United States,Unknown - not attributed,,['https://securityaffairs.co/wordpress/55176/hacking/power-outages-turkey.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Widespread effects, e.g., affecting different regions of country or a country as a whole (incident scores 2 points in intensity)",Short duration (< 24h; incident scores 1 point in intensity),6,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",9.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.csa.gov.sg/singcert/publications/energy', 'http://www.hurriyetdailynews.com/major-cyber-attack-on-turkish-energy-ministry-claimed-107981', 'https://securityaffairs.co/wordpress/55176/hacking/power-outages-turkey.html']"
937,Red Alpha Team against Tibetan Targets,"Citizen Lab provides an in-dep th view into a phishing operation that ran for 1 19 months, and which targeted the Tibetan community. Recorded Future later linked this campaign to the so called Chinese state-backed group Red Alpha.",2016-12-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['Social groups']],[['Ethnic']],['RedAlpha\xa0'],['China'],"['Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,RedAlpha ; RedAlpha ,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.recordedfuture.com/redalpha-cyber-campaigns/'],System / ideology; Autonomy; Resources,System/ideology; Autonomy; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-with-targets-in-the-tibetan-community/', 'https://www.recordedfuture.com/redalpha-cyber-campaigns/']"
938,"Hacking-for-Hire group Bahamut aka ""The White Company"" spied on various targets in the Middle East from December 2016 until June 2017","The hacking-for-hire group Bahamut aka ""The White Company"" spied on diverse political, economic, and social sectors in the Middle East since December 2016, with specifically crafted phishing attacks and highly-sophisticated malware, according to Bellingcat researchers. The group seems to work for multiple state-sponsors according to the wide-ranging victomology, including actors from Egypt, Iran, Palestine, Turkey, Tunisia, and the United Arab Emirates. According to a second report from Bellingcat, the group stopped those attacks after its public exposure in June 2017, but soon continued its operations. (See incident ""In September 2017, Bahamut aka ""The White Company"" resumed its espionage, focusing on South Asia and the Middle East""). 
Bellingcat also identified connections to an operation disclosed by Amnesty International, called ""Kingphish"".",2016-12-01,2017-06-01,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,"[['Not available'], ['Ministry of Foreign Affairs (United Arab Emirates)'], ['Minister of State for Foreign Affairs (United Arab Emirates)'], ['Union of Arab Banks'], ['Minister of Foreign Affairs (Turkey)'], ['UNESCO delegate (Turkey) '], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['Egypt', 'United Arab Emirates', 'United Arab Emirates', 'Lebanon', 'Turkey', 'Turkey', 'Iran, Islamic Republic of', 'United Arab Emirates', 'Iran, Islamic Republic of', 'Middle East (region)']","[['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA'], []]","[['Media'], ['State institutions / political system'], ['State institutions / political system'], ['International / supranational organization'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['Social groups'], ['Social groups', 'Media'], ['Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[[''], ['Government / ministries'], ['Government / ministries'], [''], ['Government / ministries'], ['Other (e.g., embassies)'], ['Other (e.g., embassies)'], ['Other social groups'], ['Advocacy / activists (e.g. human rights organizations)', ''], ['Advocacy / activists (e.g. human rights organizations)', '', '']]",,['Unknown'],"['Non-state actor, state-affiliation suggested', 'Non-state-group']","['', 'Private technology companies / hacking for hire groups without state affiliation / research entities']",1,2017-06-12; 2017-06-12; 2017-06-12; 2017-06-12,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,Bellingcat; Bellingcat; Bellingcat; Bellingcat,,,,Unknown; Unknown; Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state-group; Non-state-group",; Private technology companies / hacking for hire groups without state affiliation / research entities; ; Private technology companies / hacking for hire groups without state affiliation / research entities,['https://www.bellingcat.com/news/mena/2017/06/12/bahamut-pursuing-cyber-espionage-actor-middle-east/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,"['https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf', 'https://www.bellingcat.com/news/mena/2017/06/12/bahamut-pursuing-cyber-espionage-actor-middle-east/', 'https://www.bellingcat.com/news/mena/2017/06/12/bahamut-pursuing-cyber-espionage-actor-middle-east/', 'https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.ibeidghw5']"
939,Kaputskiy vs. Venezuelan Army,"Kaputskiy hacks Venezuelan Army and exposes details of  3,000 accounts",2016-12-02,2016-02-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Venezuela'],[['SOUTHAM']],[['State institutions / political system']],[['Military']],['Kapustkiy'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/venezuelan-army-website-hacked-details-of-3-000-accounts-exposed-510676.shtml']
940,Kaputskiy vs. Ecuadorian National Assembly,Kaputskiy hacks into Ecuador National Assembly and exposes 550-600 accounts,2016-12-05,2016-12-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Ecuador'],,[['State institutions / political system']],[['Legislative']],['Kapustkiy'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://securityaffairs.co/wordpress/54068/data-breach/national-assembly-of-ecuador-hacked.html']
941,Sandworm 2.0-Attacks on Ukrainian financial Institutions - 2016,"In December 2016, almost exactly a year after the attacks on Ukraine's power grid, Russian hackers shut down the payment system of Ukraine's Ministry of Finance, Treasury and Pension Fund.",2016-12-06,2016-12-08,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Civil service / administration', 'Finance', '']]","['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)', 'GRU']","['Russia', 'Russia']","['State', 'State']",,2,2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action; Domestic legal action",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by third-party; Attribution by third-party,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU; Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU",Russia; Russia; Russia; Russia,State; State; State; State,,"['https://www.wired.com/story/russian-hackers-attack-ukraine/', 'https://www.ukrinform.ru/rubric-polytics/2176548-rossia-atakovala-finansovuu-infrastrukturu-ukrainy-virusom-telebots-sbu.html', 'https://www.securitylab.ru/news/484704.php', 'https://lenta.ru/news/2017/02/17/uahacked/', 'https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and']",System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.wired.com/story/russian-hackers-attack-ukraine/', 'https://www.rferl.org/a/ukraine-cyberattacks-finance-ministry-treasury-infrastructure-russia/28172004.html', 'https://www.ukrinform.ru/rubric-polytics/2176548-rossia-atakovala-finansovuu-infrastrukturu-ukrainy-virusom-telebots-sbu.html', 'https://www.securitylab.ru/news/484704.php', 'https://lenta.ru/news/2017/02/17/uahacked/', 'https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and', 'https://www.epravda.com.ua/rus/publications/2016/12/9/613957/']"
942,Kaputskiy and Kasimierz hack into Argentinian Ministry of Industry,Kaputskiy and Kasimierz hack into Argentinian Ministry of Industry  website and breach personaldata,2016-12-07,2016-12-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Argentina'],[['SOUTHAM']],[['State institutions / political system']],[['Government / ministries']],"['Kapustkiy', 'Kasimierz']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Kapustkiy; Kasimierz,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/argentinian-government-site-suffers-major-breach-personal-information-exposed-510780.shtml']
943,Disruption of Ukrainian Defense Ministry,Ukraine Defence Ministry website disrupted,2016-12-13,2016-12-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],System / ideology,System/ideology; Resources; Secession,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-ukraine-crisis-cyber/ukraines-defence-ministry-says-website-hit-by-cyber-attack-idUSKBN1421YT']
944,Kaputskiy vs. Russian Consulate,"Kaputskiy hacks into Russian Consulate department Russian National Visa Bureau websites in the Netherlands, steals and exposes user information",2016-12-13,2016-12-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Kapustkiy'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.softpedia.com/news/russian-consulate-hacked-passport-numbers-and-personal-information-stolen-510928.shtml']
945,Cryptolulz vs. RussianEmbassy in Armenia,Individual hacker Cryptolulz breaks into the data base of the website of Russian embassy of Armenia and leaks data,2016-12-14,2016-12-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],,['Cryptolulz'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cryptolulz,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://securityaffairs.co/wordpress/54393/hacking/russian-embassy-of-armenia-hacked.html']
946,Cryptolulz DDOS vs. Italian Governments,Cryptolulz targets Russian and Italian governments websites and conducts a DDoS attack,2016-12-16,2016-12-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,"['Russia', 'Italy']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'NATO', 'EU']]","[['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries']]",['Cryptolulz'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Cryptolulz,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://securityaffairs.co/wordpress/54459/hacking/cryptolulz666-ddos.html']
947,Ukraine Power Grid 2,"Hackers struck an electric transmission station north of the city of Kiev, blacking out a portion of the Ukrainian capital equivalent to a fifth of its total power capacity. The outage lasted about an hour.",2016-12-17,2016-12-18,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['Critical infrastructure']],[['Energy']],"['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']",['Russia'],['State'],,3,2017-01-01; 2017-01-01; 2017-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Domestic legal action",Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by third-party,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia; Russia; Russia,"State; Non-state actor, state-affiliation suggested; State",,['https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and'],Territory,Territory,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)","Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",Short duration (< 24h; incident scores 1 point in intensity),5,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",7.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://cyberscoop.com/ransomware-manufacturing-dragos/', 'https://www.wired.com/story/ukraine-russia-wiper-malware/', 'https://cyberscoop.com/ukraine-russia-cyberwar-anniversary/', 'https://twitter.com/Dennis_Kipker/status/1629122902099361795', 'https://www.darkreading.com/vulnerabilities-threats/vulkan-playbook-leak-exposes-russia-plans-worldwide-cyber-war', 'https://dragos.com/blog/crashoverride/CrashOverride-01.pdf', 'https://www.securitylab.ru/news/484757.php', 'https://www.ukrinform.ru/rubric-polytics/2176548-rossia-atakovala-finansovuu-infrastrukturu-ukrainy-virusom-telebots-sbu.html', 'https://motherboard.vice.com/en_us/article/bmvkn4/ukrainian-power-station-hacking-december-2016-report', 'https://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/', 'https://www.wired.com/story/crash-override-malware/', 'https://www.securitylab.ru/news/484704.php', 'https://lenta.ru/news/2017/02/17/uahacked/', 'https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and', 'https://www.securityweek.com/ukraine-says-russia-planning-massive-cyberattacks-critical-infrastructure', 'https://www.cyberscoop.com/ukrainians-warn-of-massive-cyberattacks/']"
948,Anonymous vs. Thai Government (OPSingle Gateway),"After the Single Internet Gateway was passed into a law, the websites of the National Security Agency and the Ministry of Defense and four other ministries became inaccessible, Anonymous also defaced Thai LA consulate and leaked data in protest of arrests related to OpSingleGateway.",2016-12-20,2016-12-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Thailand'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/anonymous-against-thai-internet-censorship-surveillance-law/', 'https://www.hackread.com/anonymous-hacks-thailand-navy-foreign-affairs/']"
949,Chinese Ministry of State Security campaign,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2016-02-01,2016-02-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Hijacking without Misuse,,['Netherlands'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Li Xiaoyu/Oro01xy', 'MSS']","['China', 'China']","['State', 'State']",,1,2020-01-01; 2020-01-01,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Li Xiaoyu/Oro01xy; MSS,China; China,State; State,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a']
950,UN International Civil Aviation Organization hack,China-linked group Emissary Panda breached into computer systems of UN International Civil Aviation Organization and spread malware to foreign government websites.,2016-11-01,2016-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'International / supranational organization']]","[['Government / ministries', '']]",['Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.cbc.ca/news/canada/montreal/montreal-based-un-aviation-agency-tried-to-cover-up-2016-cyberattack-documents-show-1.5033733']
951,Montenegro national election 2016,Allegedly Russian hackers disrupted various websites a few days before and on election day (16th of october). The montenegrin leaders accuse russia of these hacks and supporting even the preparation of a coup.,2016-10-13,2016-10-16,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,['Montenegro'],"[['EUROPE', 'BALKANS', 'NATO', 'WBALKANS']]","[['State institutions / political system', 'State institutions / political system', 'Media']]","[['Political parties', 'Election infrastructure / related systems', '']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://balkaninsight.com/2016/11/07/montenegro-to-tighten-cyber-security-against-hackers-11-04-2016/', 'https://www.euractiv.com/section/global-europe/news/montenegro-hit-by-cyber-attacks-on-election-day/']"
952,Bulgaria presidential election and referendum hack,"Allegedly Russian hackers disrupted the websites of the bulgarian electoral commission, presidency and other government institutions in the course of the upcoming presidential elections and the referendum on 6th of novermber.",2016-10-01,2016-10-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,['Bulgaria'],"[['EUROPE', 'BALKANS', 'NATO', 'EU']]",[['State institutions / political system']],[['Election infrastructure / related systems']],"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.bbc.com/news/world-europe-37867591']
953,Chinese espionage campaign,"Chinese state-sponsored hacking group ""Emissary Panda"" compromised the network systems of an European drone company and a U.S. subsidiary of a French energy management company in order to steal information relevant to economic and military competition.",2016-06-01,2016-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Europe (region)', 'France']","[[], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure']]","[['Energy', 'Defence industry'], ['Energy', 'Defence industry']]",['Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2016-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",,['https://threatconnect.com/blog/threatconnect-discovers-chinese-APT -activity-in-europe/'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://threatconnect.com/blog/threatconnect-discovers-chinese-APT%20-activity-in-europe/', 'https://threatconnect.com/blog/threatconnect-discovers-chinese-APT -activity-in-europe/']"
954,Naikon Cyber Espionage,State-sponsored Chinese hacking group Naikon/APT 30 conducted long-term espionage campaign agaginst government entities and government-owned companies in South East Asia and Australia.,2016-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Australia', 'India', 'Vietnam', 'Myanmar', 'Philippines', 'Thailand', 'Brunei']","[['OC'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SCS']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries']]","['APT30/Naikon/G0013 (PLA, Unit 78020)', 'PLA Unit 78020']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT30/Naikon/G0013 (PLA, Unit 78020); PLA Unit 78020",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://research.checkpoint.com/2020/naikon-APT -cyber-espionage-reloaded/'],Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cnbc.com/2020/05/07/chinese-hacking-group-naikon-reportedly-spying-on-asia-governments.html', 'https://research.checkpoint.com/2020/naikon-APT -cyber-espionage-reloaded/', 'https://twitter.com/elinanoor/status/1630983893573566481']"
955,Kaputskiy vs. Russian Visa Centre in USA,Kaputskiy hacks Russian Visa Centre in USA and accessed information of around 3000 individuals,2016-12-25,2016-12-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Civil service / administration']],['Kapustkiy'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kapustkiy,Unknown,Individual hacker(s),,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['http://securityaffairs.co/wordpress/54709/hacking/russian-visa-center-hacked.html']
956,Tick aka PLA Unit 61419 vs. Japanese Defense Companies,Japanese law enforcement believes Tick is linked to the Chinese military and behind a broad cyber-espionage campaign that has breached more than 200 Japanese companies and organizations since at least 2016.,2016-01-01,2021-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,,['Japan'],"[['ASIA', 'SCS', 'NEA']]","[['Critical infrastructure', 'Critical infrastructure', 'Media']]","[['Transportation', 'Defence industry', '']]","['Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit\xa061419)', 'PLA Unit 61419']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2021-01-01; 2021-01-01; 2021-01-01; 2021-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,,,,"Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419); PLA Unit 61419; Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419); PLA Unit 61419",China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://therecord.media/japanese-police-say-tick-APT -is-linked-to-chinese-military/'],International power,Territory; Resources; International power; Other,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://therecord.media/japanese-police-say-tick-APT%20-is-linked-to-chinese-military/', 'https://therecord.media/japanese-police-say-tick-APT -is-linked-to-chinese-military/']"
957,Covellite attack on US electric grid,"Covellite, a propably state-sponsored north Korean group tried to access networks of US-American and subsequently European and asian companies associated with the electrical grid.",2017-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,"['United States', 'Europe (region)', 'Asia (region)']","[['NATO', 'NORTHAM'], [], []]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Energy'], ['Energy'], ['Energy']]",['Covellite'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,Covellite,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://collaborate.mitre.org/attackics/index.php/Group/G0008'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/north-korean-apt-group-covellite-abandons-us-targets/', 'https://dragos.com/resource/covellite/', 'https://collaborate.mitre.org/attackics/index.php/Group/G0008']"
958,APT35/Newscaster attack on US companies,"APT35 (The Newscaster Team) compromising at least three U.S.-based companies, and performing reconnaissance at two other U.S. organizations and one non-U.S. company. At least one organization was likely compromised due to the attacker exploiting unpatched vulnerabilities in the Ektron CMS platform, which allowed them to upload web shell backdoors.",2017-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf']
959,Darkpulsar,The NSA conducted a major hijacking operation against various asian targets,2017-01-01,2017-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Russia', 'Egypt', 'Iran, Islamic Republic of']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'MENA', 'MEA']]","[['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science']]","[['Energy', 'Chemicals', 'Defence industry', ''], ['Energy', 'Chemicals', 'Defence industry', ''], ['Energy', 'Chemicals', 'Defence industry', '']]",['NSA/Equation Group'],['Unknown'],['Unknown - not attributed'],,2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,NSA/Equation Group; NSA/Equation Group,Unknown; United States,Unknown - not attributed; State,,['https://www.zdnet.com/article/kaspersky-says-it-detected-infections-with-darkpulsar-alleged-nsa-malware/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/darkpulsar/88199/https://securelist.com/darkpulsar-faq/88233/', 'https://www.zdnet.com/article/kaspersky-says-it-detected-infections-with-darkpulsar-alleged-nsa-malware/']"
933,Telekom-Hack,"Nearly 1 Million Telekom Routers (and several hundred thousands from other companies) were targeted in order to include them in a gigantic Botnet. The hack did not function properly and led to the internet disruption of the affected enduser's systems. An individual hacker from London called ""Spiderman"" was arrested as only responsible individual.",2016-11-27,2016-11-27,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption,,"['Germany', 'United Kingdom']","[['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Critical infrastructure'], ['Critical infrastructure']]","[['Telecommunications'], ['Telecommunications']]",['Spiderman'],['United Kingdom'],['Non-state-group'],['Criminal(s)'],1,,Domestic legal action,Attribution by receiver government / state entity,,,,Spiderman,United Kingdom,Non-state-group,Criminal(s),['https://www.spiegel.de/netzwelt/netzpolitik/telekom-hack-prozess-gegen-29-jaehrigen-briten-hat-begonnen-a-1159071.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://www.zdnet.de/88283775/telekom-hack-das-sind-die-hintergruende-so-schuetzen-sich-anwender/?inf_by=59c8c424671db86a6a8b4aa4', 'https://www.spiegel.de/netzwelt/netzpolitik/telekom-hack-prozess-gegen-29-jaehrigen-briten-hat-begonnen-a-1159071.html', 'https://www.wiwo.de/unternehmen/it/streit-um-it-sicherheit-nach-telekom-hackerangriff-der-fensterbauer-haftet-nicht-wenn-eingebrochen-wird/14914942.html', 'https://www.bleepingcomputer.com/news/security/notorious-bestbuy-hacker-arraigned-for-running-dark-web-market/', 'https://therecord.media/notorious-hacker-daniel-kaye-arraigned-for-allegedly-running-dark-web-marketplace/']"
961,Lazarus Bitcoin Hijack,The APT Lazarus hijacked south-Korean servers to run cryptocoin miners,2017-01-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)', 'Reconnaissance General Bureau']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Unknown - not attributed', 'Unknown - not attributed']",,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of",Unknown - not attributed; Unknown - not attributed,,[],System / ideology; International power; Other,System/ideology; International power; Other,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
962,SunTeam Kakao Hack,"The actor SunTeam, attributed to be North Korean, hacked the devices of northKorean defectors and of journalists in South Korea to access the saved data",2017-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['Social groups', 'End user(s) / specially protected groups', 'Media']]","[['Political opposition / dissidents / expats', '', '']]",['Sun Team'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Sun Team,Unknown,Unknown - not attributed,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cyberscoop.com/new-hacking-campaign-targets-north-korean-defectors-in-south-korea/', 'https://www.mcafee.com/blogs/other-blogs/mcafee-labs/north-korean-defectors-journalists-targeted-using-social-networks-kakaotalk/']"
963,Octopus infected Seas of Central Asia,Octopus infected Seas of Central Asia,2017-01-01,2018-01-01,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Central Asia (region)', 'Afghanistan']","[[], ['ASIA', 'SASIA']]","[['State institutions / political system', 'End user(s) / specially protected groups'], ['State institutions / political system', 'End user(s) / specially protected groups']]",,"['DustSquad/Nomadic Octopus', 'APT-C-34/Golden Falcon']","['Russia', 'Russia']","['Unknown - not attributed', 'Unknown - not attributed']",,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,DustSquad/Nomadic Octopus; APT-C-34/Golden Falcon,Russia; Russia,Unknown - not attributed; Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html']
964,Macron Leaks,Fancy Bear leaked Mails of the Macron French Presidential Campaign with the goal of influencing the French elections,2017-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Data theft & Doxing,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system', 'State institutions / political system']]","[['Political parties', '']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,2,2017-01-01; 2017-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action",IT-security community attributes attacker; Attribution by third-party,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,"Non-state actor, state-affiliation suggested; State",,['https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and  https://www.cyberscoop.com/researchers-link-macron-hack-to-apt28-with-moderate-confidence/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bbc.com/news/blogs-trending-39845105', 'https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and  https://www.cyberscoop.com/researchers-link-macron-hack-to-apt28-with-moderate-confidence/']"
966,Reaper vs. Japan/Vietnam/Middle East,The North Korean Proxy Reaper (APT37) expanded its focus to Japanese and Vietnamese targets as well as Middle Eastern companies.,2017-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Vietnam', 'Japan', 'Middle East (region)']","[['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'NEA'], []]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Transportation', '', '', 'Health', 'Chemicals', 'Telecommunications', 'Finance', 'Defence industry'], ['Government / ministries', 'Transportation', '', '', 'Health', 'Chemicals', 'Telecommunications', 'Finance', 'Defence industry'], ['Government / ministries', 'Transportation', '', '', 'Health', 'Chemicals', 'Telecommunications', 'Finance', 'Defence industry']]","['APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067', 'Group123']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067; Group123,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf'],International power,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf', 'https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf']"
967,MSS 2020 Indictment Case 2017,"MSS supported hackers have stolen sensitive data by different companies and research entities in the US, Europe and Korea in 2017, according to a 2020 indictment.",2017-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['United States', 'Sweden', 'Germany', 'Lithuania']","[['NATO', 'NORTHAM'], ['EUROPE', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['MSS supported Hackers'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,MSS supported Hackers,China,"Non-state actor, state-affiliation suggested",,[],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
968,Anonymous vs. Thai Government,Anonymous hacks Thai Gov’t job portal; leaks a trove of data,2017-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Thailand'],"[['ASIA', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,,['https://www.hackread.com/anonymous-hacks-thai-govt-job-portal/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-hacks-thai-govt-job-portal/']
969,NATO Smartphone Hack - 2017,Russia managed to hack into at least 4000 NATO soldiers’ personal smartphones to obtain military information.,2017-01-01,2017-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['NATO (region)'],,"[['State institutions / political system', 'International / supranational organization']]","[['Military', '']]",,['Russia'],['State'],,1,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Russia,State,,"['https://www.hackread.com/smartphones-nato-soldiers-compromised-russian-hackers/', 'https://nypost.com/2017/10/04/russia-has-been-hacking-smartphones-of-nato-troops/']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://koddos.net/blog/russia-hacks-nato-soldiers-smartphones/', 'https://www.hackread.com/smartphones-nato-soldiers-compromised-russian-hackers/', 'https://nypost.com/2017/10/04/russia-has-been-hacking-smartphones-of-nato-troops/']"
970,Thrip17,"A group of hackers traced to China are waging a sophisticated cyberespionage campaign against satellite operators, telecommunication companies and defense contractors in the US and Southeast Asia",2017-01-01,2018-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Southeast Asia (region)']","[['NATO', 'NORTHAM'], []]","[['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure']]","[['Telecommunications', 'Defence industry'], ['Telecommunications', 'Defence industry']]",['Thrip'],['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Thrip,China,Unknown - not attributed,,['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cnet.com/news/china-based-espionage-campaign-targets-satellite-defense-companies/', 'https://www.globaldots.com/china-based-cyber-espionage-campaign-targets-satellite-telecom-defense-firms/', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets']"
971,Conimes,"Cyberspies working for or on behalf of China's government have broadened attacks against official and corporate targets in Vietnam at a time of raised tension over the South China Sea, cyber security company Fire Eye said.",2017-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,['Vietnam'],"[['ASIA', 'SCS', 'SEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Conimes', 'Hellsing']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2017-01-01; 2017-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,Conimes; Hellsing,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.reuters.com/article/us-vietnam-china-cyber-idUSKCN1BB0I5'],Territory; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://uk.news.yahoo.com/chinese-cyber-spies-broaden-attacks-060012176.html', 'https://www.reuters.com/article/us-vietnam-china-cyber-idUSKCN1BB0I5']"
972,Triton (GroupTEMP.VelesakaXenotime),"Attackers, believed to work for a nationstate, used malware–called Triton–to infiltrate a safety system for operations in critical infrastructure organizations. After initial allegations towards Iran, Fireeye reported in 2018, that it is highly likely, that the state-owned Russian Science Institute CNIIHM developed the malware.
In June 2021, an indictment in the District of Columbia, United States v. Evgeny Viktorovich Gladkikh, charged a Russian ministry of defense research institute employee, Viktorovich Gladkikh, with conspiring to damage critical infrastructure outside the United States from May 2017 to September 2017 through causing direct physical damage to the facilities by disabling the safety systems with Triton (or also known as ""Trisis"").",2017-05-01,2017-09-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['Critical infrastructure']],[['Chemicals']],['Evgeny Viktorovich Gladkikh (TsNIIKhM)'],['Russia'],['State'],,5,2022-03-24; 2017-01-01; 2018-10-23; 2018-10-23; 2018-10-23; 2018-10-23; 2017-12-15; 2020-10-23,"Domestic legal action; Media report (e.g., Reuters makes an attribution statement, without naming further sources); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action",Attribution by third-party; Media-based attribution; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party,US Department of Justice (DoJ); Not available; Mandiant; Mandiant; Mandiant; Mandiant; CyberX; Department of the Treasury’s Office of Foreign Assets Control (OFAC),,United States; Not available; United States; United States; United States; United States; Israel; United States,Evgeny Viktorovich Gladkikh (TsNIIKhM); Temp.Veles; Temp.Veles; Temp.Veles; Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM; a.k.a. ЦНИИХМ); Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM; a.k.a. ЦНИИХМ); None; State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM),"Russia; Russia; Russia; Russia; Russia; Russia; Iran, Islamic Republic of; Russia","State; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; State; State",,"['https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical', 'https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html?mtrref=undefined', 'https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html', 'https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html', 'https://home.treasury.gov/news/press-releases/sm1162']",Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,2,2020-10-23; 2022-03-24,"Peaceful means: Retorsion (International Law); Other legal measures on national level (e.g. law enforcement investigations, arrests)",Economic sanctions; ,United States; United States,US Department of the Treasury; US Justice Department,Not available,,,,"['https://cyberscoop.com/vulnerabilities-industrial-conference-s4x23/', 'https://www.malwarebytes.com/blog/news/2023/03/ransomware-gunning-for-transport-sectors-ot-systems-next', 'https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical', 'https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html?mtrref=undefined', 'https://www.reuters.com/article/us-cyber-infrastructure-attack/hackers-halt-plant-operations-in-watershed-cyber-attack-idUSKBN1E8271', 'https://www.theguardian.com/technology/2017/dec/15/triton-hackers-malware-attack-safety-systems-energy-plant', 'https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html', 'https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html', 'https://home.treasury.gov/news/press-releases/sm1162', 'https://www.theguardian.com/world/2022/mar/24/us-charges-russian-hackers-cyber-attacks', 'https://www.securityweek.com/iran-used-triton-malware-target-saudi-arabia-researchers']"
973,Pakistan vs. Indian Security Guard Website,"Hackers suspected to be affiliated with Pakistan attacked the website of the elite National Security Guard (NSG), defacing the homepage with a profanity laden message against Prime Minister Modi.",2017-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Military']],"['Alone Injector', 'ISI']","['Pakistan', 'Pakistan']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2017-01-01; 2017-01-01,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Alone Injector; ISI,Pakistan; Pakistan,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],System / ideology; Territory; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://timesofindia.indiatimes.com/india/national-security-guard-website-hacked-defaced-with-abusive-message-against-pm-modi/articleshow/56280790.cms']
974,Indian Revenge: Ransomware against Pakistani Airports,"Indian hackers claimed to have infected three Pakistani Airports with ransomware, as a revenge action after the defacement of the Indian Security Guard Website.",2017-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Ransomware,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['Critical infrastructure']],[['Transportation']],['Mallu Cyber Soldiers'],['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Mallu Cyber Soldiers,India,Non-state-group,Hacktivist(s),[],System / ideology; Territory; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.dailymail.co.uk/indiahome/indianews/article-4082644/The-India-Pakistan-cyber-war-intensifies-retaliatory-ransomware-attack-cripples-websites-Islamabad-Multan-Karachi-airports.html']
975,Fancy Bear UN-Mail Leak,The Russian APT Fancy Bear leaked E-Mails of UN Staff,2017-01-01,2017-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United Nations Organization'],,[['International / supranational organization']],,"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],['State'],,1,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,['https://www.bild.de/politik/inland/hacker/fuehren-deutschen-top-diplomaten-vor-53910162.bild.html?wt_eid=2147080677200839578&wt_t=2151118029200488870'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.politico.eu/article/russian-hackers-fancy-bear-behind-leak-of-un-diplomats-email-report/', 'https://www.bild.de/politik/inland/hacker/fuehren-deutschen-top-diplomaten-vor-53910162.bild.html?wt_eid=2147080677200839578&wt_t=2151118029200488870']"
976,Pupy RAT,"Iranian PupyRAT Bites Middle Eastern Organizations, closely related or working on behalf of Magic Hound (Palo Alto) APT 35 (Mandiant) Cobalt Gypsy (Secure Works)RocketKitten (CrowdStrike)",2017-01-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,['Mena Region (region)'],,[['Unknown']],,['OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations']
977,Chafer 2.0,Iran-based group Chafer remains highly active and is moving up the telecoms and transport supply chain to facilitate widescale surveillance of targets. One of the tools used by Chafer was the EternalBlue exploit that was previously deployed in the devastating WannaCry and Petya attacks.,2017-01-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Israel', 'Jordan', 'United Arab Emirates', 'Saudi Arabia', 'Turkey']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'NATO', 'MEA']]","[['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Transportation', 'Telecommunications', ''], ['Transportation', 'Telecommunications', ''], ['Transportation', 'Telecommunications', ''], ['Transportation', 'Telecommunications', ''], ['Transportation', 'Telecommunications', '']]",['APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company)'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions?SID=86151X1538609X92fba9ea2ae860e8e0dfe5d0fdc6793a&API1=100&API2=7887077&cjid=7887077&cjevent=415f80e0e04111e9811400500a18050e']
978,Charming Kitten vs. Instagram and Telegram,Talos Intelligence reports several attacks on users of Instagram and Telegram. The Attacker used greyware of these applications to gain access to private information about his victims.,2017-01-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['End user(s) / specially protected groups']],,['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://blog.talosintelligence.com/2018/11/persian-stalker.html']
979,"""Operation/Group Rancor""","The RANCOR APT  group has been targeting political entities in Singapore, Cambodia, and Thailand, and likely in other countries, using two previously unknown strain of malware. The two malware families were tracked as DDKONG and PLAINTEE. The group might be related to the Chinese-based group DragonOk.",2017-01-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,,"['North America', 'Asia (region)']",,"[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', 'Telecommunications', '', ''], ['Government / ministries', 'Telecommunications', '', '']]",,['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.phnompenhpost.com/national/kingdom-targeted-new-malware'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/73927/APT%20/rancor-cyber-espionage.html%20https://unit42.paloaltonetworks.com/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/', 'https://www.phnompenhpost.com/national/kingdom-targeted-new-malware']"
980,"""Bundeshack""","The russia APT Turla attacked the German government, after Fancy Bear was the suspect at the beginning of the investigation.",2017-01-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Legislative']],"['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center); Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.heise.de/newsticker/meldung/Bundeshack-Russische-Hackergruppe-Snake-soll-hinter-Angriff-stecken-3984930.html', 'https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/']"
981,"""Operation PZChao""","""Operation PZChao"" targets US and Asian organisations with cyber-attacks reminiscent of Iron Tiger - but this time with the ability to drop trojans, conduct espionage, and mine bitcoin. Researchers spectaculate that the same Chinese-based APT (APT27 aka Emissary Panda) as in the Iron Tiger operation takes part in the new project but this is not proven yet.",2017-01-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Mena Region (region)', 'Africa', 'Palestine', 'Global (region)']","[[], [], ['ASIA', 'MENA', 'MEA'], []]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science']]","[['Government / ministries', 'Legislative', 'Civil service / administration', 'Intelligence agencies', 'Election infrastructure / related systems', 'Finance', '', '', ''], ['Government / ministries', 'Legislative', 'Civil service / administration', 'Intelligence agencies', 'Election infrastructure / related systems', 'Finance', '', '', ''], ['Government / ministries', 'Legislative', 'Civil service / administration', 'Intelligence agencies', 'Election infrastructure / related systems', 'Finance', '', '', ''], ['Government / ministries', 'Legislative', 'Civil service / administration', 'Intelligence agencies', 'Election infrastructure / related systems', 'Finance', '', '', '']]",['Gaza Cybergang'],['Unknown'],['Unknown - not attributed'],,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Gaza Cybergang,Unknown,Unknown - not attributed,,"['https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177', 'https://download.bitdefender.com/resources/files/News/CaseStudies/study/185/Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse.pdf?adobe_mc=MCMID%3D81353798674868294900645340493449571262%7CMCORGID%3D0E920C0F53DA9E9B0A490D45%2540AdobeOrg%7CTS%3D1594802281', 'https://securityaffairs.co/wordpress/68581/apt/operation-pzchao.html']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/espionage-malware-snoops-for-passwords-mines-bitcoin-on-the-side/', 'https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177', 'https://download.bitdefender.com/resources/files/News/CaseStudies/study/185/Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse.pdf?adobe_mc=MCMID%3D81353798674868294900645340493449571262%7CMCORGID%3D0E920C0F53DA9E9B0A490D45%2540AdobeOrg%7CTS%3D1594802281', 'https://securityaffairs.co/wordpress/68581/apt/operation-pzchao.html']"
982,UK starts cybercampaign against ISIS,The British governement initiated a cybercampaign against ISIS disrupting all of its actions within the Internet. Through 2017 ISIS was strongly prohibited in sharing ist propaganda over the web.,2017-01-01,2017-12-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Disruption,,['ISIS'],,[['Social groups']],[['Terrorist']],['GCHQ'],['United Kingdom'],['State'],,1,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,GCHQ,United Kingdom,State,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.bbc.com/news/technology-43738953']
983,Sea Turtle,"Unknown state-sponsored actors hijacked parts of the DNS-Infrastructure, allowing them to phish credentials of middle-eastern foreign offices and energy provides, before accessing confidential data",2017-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by IT-security company; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Middle East (region)'],,"[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Military', 'Intelligence agencies', 'Energy']]",,['Unknown'],"['Non-state actor, state-affiliation suggested']",,2,2019-01-01; 2019-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attribution by third-party,,,,,Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.heise.de/ct/artikel/DNSpionage-Massive-Angriffe-auf-Mail-und-VPN-User-4333644.html', 'https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://blog.talosintelligence.com/2019/04/seaturtle.html', 'https://us-cert.cisa.gov/ncas/alerts/AA19-024A', 'https://www.heise.de/ct/artikel/DNSpionage-Massive-Angriffe-auf-Mail-und-VPN-User-4333644.html', 'https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html']"
984,APT28 Intelligence Gathering,APT28 continued lowlevel intelligence gathering action between 2017 and 2018,2017-01-01,2018-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Europe (region)', 'South America']",,"[['State institutions / political system', 'State institutions / political system', 'International / supranational organization'], ['State institutions / political system', 'State institutions / political system', 'International / supranational organization']]","[['', 'Military', ''], ['', 'Military', '']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],['State'],,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://symantec-enterprise-blogs.security.com/blogs/election-security/apt28-espionage-military-government']
985,Singapore Defense Ministry Hack,Singapore Reveals CyberAttack on Defense Ministry,2017-02-01,2017-02-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['Singapore'],[['ASIA']],"[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",,['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,"Non-state actor, state-affiliation suggested",,['https://www.straitstimes.com/singapore/personal-data-of-850-mindef-servicemen-and-staff-leaked-due-targeted-planned-cyber-attack'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://thediplomat.com/2017/03/singapore-reveals-cyber-attack-on-defense-ministry/', 'https://www.straitstimes.com/singapore/personal-data-of-850-mindef-servicemen-and-staff-leaked-due-targeted-planned-cyber-attack']"
986,Pentagon-Twitter Attack,Russian hackers targeted Pentagon workers with malware-laced Twitter messages,2017-02-01,2017-03-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); ,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",,['Russia'],['State'],,1,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Russia,State,,['http://time.com/4783932/inside-russia-social-media-war-america/'],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theverge.com/2017/5/18/15658300/russia-hacking-twitter-bots-pentagon-putin-election', 'http://time.com/4783932/inside-russia-social-media-war-america/']"
987,Muddy Water,"Researchers from Palo Alto Networks' Unit 42 reveal the details of Muddy Water, a campaign carried on by a politically-motivated actor targeting Middle Eastern nations. Reaqta links the campaign to Iran as the geographical origin.",2017-02-01,2017-12-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Saudi Arabia', 'United States', 'Iraq', 'Israel', 'United Arab Emirates', 'Georgia', 'Pakistan', 'India', 'Turkey']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['NATO', 'NORTHAM'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'CENTAS'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Energy', 'Telecommunications'], ['Government / ministries', 'Energy', 'Telecommunications'], ['Government / ministries', 'Energy', 'Telecommunications'], ['Government / ministries', 'Energy', 'Telecommunications'], ['Government / ministries', 'Energy', 'Telecommunications'], ['Government / ministries', 'Energy', 'Telecommunications'], ['Government / ministries', 'Energy', 'Telecommunications'], ['Government / ministries', 'Energy', 'Telecommunications'], ['Government / ministries', 'Energy', 'Telecommunications']]",['Muddy Water'],"['Iran, Islamic Republic of']",['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Muddy Water,"Iran, Islamic Republic of",Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/', 'https://unit42.paloaltonetworks.com/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/https://securityaffairs.co/wordpress/78586/apt/muddywater-powershell-backdoor.html']"
988,"""Operation Honeybee""","McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as bait to lure victims into opening malicious Microsoft Word documents. The Analysts of McAfee have named this Operation Honeybee, based on the names of the malicious documents used in the attacks.",2017-02-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Cambodia', 'Singapore', 'Thailand']","[['ASIA', 'SEA'], ['ASIA'], ['ASIA', 'SEA']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries']]","['Rancor', 'DragonOk']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Rancor; DragonOk,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/hacking-operation-uses-malicious-word-documents-to-target-aid-organisations/', 'https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/']"
989,Russian hackergroup CozyBear vs. Norway,"Norway’s security service says nine emailaccounts—including those belonging to the Labourparty, the foreign ministry and defenseministry—have been targeted by hackers belonging APT 29.",2017-02-03,2017-02-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft,,['Norway'],"[['EUROPE', 'NATO', 'NORTHEU']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Political parties']]",['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)'],['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,"Non-state actor, state-affiliation suggested",,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bbc.com/news/world-europe-38859491', 'https://eu.usatoday.com/story/news/2017/02/03/norway-russian-hackers-hit-spy-agency-defense-labour-party/97441782/', 'https://apnews.com/9aaf954bb24f4a289d4c399db7d71f8e']"
990,Defacement of the 45 Committe website,"The website of 45 Committee, a PAC supporting President Donald Trump, is defaced.",2017-02-06,2017-02-06,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Political parties']],,['United States'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,United States,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://edition.cnn.com/2017/02/06/politics/45-committee-website-hacked/index.html']
991,Charming Kitten hacks MacUsers,"Two security researchers reveal the details of a new campaign linked to Charming Kitten, a cyber espionage group linked to the Iranian Government using an unsophisticated strain of malware, dubbed MacDownloader, to steal credentials and other data from Mac computers.",2017-02-06,2017-02-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Unknown'],,"[['Social groups', 'Critical infrastructure']]","[['Advocacy / activists (e.g. human rights organizations)', 'Defence industry']]","['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059', 'Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,,,,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://iranthreats.github.io/resources/macdownloader-macos-malware/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/56095/intelligence/macdownloader-iranian-hackers.html', 'https://iranthreats.github.io/resources/macdownloader-macos-malware/']"
1078,Patchwork/ Dropping Elephant espionage campaign,The hacking group Patchwork/ Dropping Elephant conducted an espionage campaign on China and other states in order to gain sensitive information.,2017-01-01,2017-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['China', 'South Asia (region)', 'United Kingdom', 'Turkey', 'Israel']","[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], [], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'MENA', 'MEA']]","[['International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['International / supranational organization', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['', 'Transportation', 'Telecommunications', 'Finance', '', ''], ['', 'Transportation', 'Telecommunications', 'Finance', '', ''], ['', 'Transportation', 'Telecommunications', 'Finance', '', ''], ['', 'Transportation', 'Telecommunications', 'Finance', '', ''], ['', 'Transportation', 'Telecommunications', 'Finance', '', '']]",['Patchwork/Dropping Elephant'],['India'],['Unknown - not attributed'],,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Patchwork/Dropping Elephant,India,Unknown - not attributed,,['https://www.trendmicro.com/en_us/research/17/l/untangling-the-patchwork-cyberespionage-group.html?_ga=2.34283175.767906807.1607518516-2094640627.1607518516'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.trendmicro.com/en_us/research/17/l/untangling-the-patchwork-cyberespionage-group.html?_ga=2.34283175.767906807.1607518516-2094640627.1607518516']
993,Indian Cyber Army vs. Pakistani Embassy in Serbia,"Hackergroup ""Indian Cyber Army"" hacks website of Pakistani embassy in Serbia, leaves message.",2017-02-17,2017-02-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Hijacking without Misuse,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],,['Indian Cyber Army'],['India'],['Non-state-group'],['Ethnic actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Indian Cyber Army,India,Non-state-group,Ethnic actors,[],Territory; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/pakistani-embassy-in-serbia-website-hacked-by-indian-cyber-army/']
994,Cuba Ransomware Gang disrupted Montenegro government servers in DDOS and Ransomware attack - 2022,"An initial attack against the Montenegro government occurred on August 20, 2022, and by August 22, 2022, the government reported that ""two series of cyber-attacks on government servers"" were occurring. According to the malware researchers at VX-Underground, the Cuba Ransomware Gang claimed responsibility, via their leak site During the cyber attack, 150 workstations in 10 state institutions in Montenegro were disrupted, including the Ministry of Finance, using the virus Zerodate. The hackers also claimed to have stolen internal information and the media reported that exfiltrated information was leaked. Disclosed data comprised financial documents, correspondence with banks, balance sheets, tax documents, compensation, and source code tied to the Montenegrin parliament, according to the hacker group and Montenegrin state officials. Additionally, the media reported that the hackers demanded $10 million as a ransom payment; however, officials have now stated that a demand for ransom payment was never received. The cyber attack included targeting electricity systems, ""water supply systems, transportation services and online government services;"" and infected data at the Ministry of Public Administration and ""some retail tax collection."" The National Security Agency (ANB) stated that the attack was ""unprecedented."" EPCG, a state-owned power utility, switched to manual operation as a preventative measure after the ANB warned that they could be a target during the attack. Public Administration Minister Maras Dukaj stated that the attack was still ongoing on September 1, 2022, and many government websites were still unavailable to users. Having the digital infrastructure of the government and judicial system remain offline also led to delays in court processes since users could not access the Judicial Information System, PRIS. Experts identified that tactics of the cyber attack involved both DDOS and ransomware.

Shortly after the attack, Deputy Prime Minister and Minister of Defense Rasko Konjevic noted his belief that the government had gathered sufficient evidence to link the interference to Russia, supported by an informal press briefing by Montenegro's National Security Agency that pointed to ""several Russian services"" as the sponsors of the attack. In a meeting on October 4, the National Security Council concluded to wait for further details from foreign partners to make any determination of the responsible party with confidence. Anonymous high-ranking officials of the Montenegrin National Security Agency (ANB) continue to suspect that Russian security services are responsible for the cyber-attack that held critical infrastructure, specifically electricity and water supply, at risk and forced a switch to manual control of power plants. In a rare instance, the US embassy in Montenegro issued a security alert on August 26, 2022, advising to limit movement to necessary travel in response to uncertain disruptions to public utilities, transportation, and telecommunication caused by a ""persistent and ongoing cyber-attack"". Reporting on August 31st, 2022, stated that the US would send FBI cyber experts, called Cyber Action Teams (CAT), to Montenegro in a support capacity. France sent a team from the National Agency for the Security of Information Systems. The states sent support in response due to Montenegro's NATO membership and the commitment to collective defense of the NATO alliance.

Experts are not readily willing to link the Cuba ransomware gang to the Russian government. However, researchers who have analyzed the ransom negotiations with the cyber threat actors claim that the hackers linked to the leak site for the group speak Russian. The cyber gang was first noticeable in 2020.",2022-08-20,2022-09-02,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company; Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft & Doxing; Disruption; Ransomware,"[['Ministry of Finance (Montenegro)'], ['Parliament (Montenegro)'], ['Not available'], ['Not available']]","['Montenegro', 'Montenegro', 'Montenegro', 'Montenegro']","[['EUROPE', 'BALKANS', 'NATO', 'WBALKANS'], ['EUROPE', 'BALKANS', 'NATO', 'WBALKANS'], ['EUROPE', 'BALKANS', 'NATO', 'WBALKANS'], ['EUROPE', 'BALKANS', 'NATO', 'WBALKANS']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['Critical infrastructure']]","[['Government / ministries'], ['Legislative'], ['Government / ministries'], ['Energy']]",['Cuba Ransomware'],['Not available'],['Non-state-group'],['Criminal(s)'],3,2022-08-19; 2022-08-31; 2022-08-26,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Political statement / report (e.g., on government / state agency websites); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attribution by receiver government / state entity; Attribution by receiver government / state entity,"Cuba Ransomware; Marash Dukaj (Public Administration Minister, Montenegro); Agencija za Nacionalnu Bezbjednost (ANB)",,Montenegro; Montenegro; Montenegro,Cuba Ransomware; Not available; Not available,Not available; Not available; Russia,Non-state-group; Non-state-group; State,Criminal(s); Criminal(s); ,"['https://www.rferl.org/a/montenegro-cyberattack-russia/32006237.html', 'https://www.reuters.com/world/europe/montenegro-blames-criminal-gang-cyber-attacks-government-2022-08-31/', 'https://www.bleepingcomputer.com/news/security/montenegro-hit-by-ransomware-attack-hackers-demand-10-million/', 'https://www.euractiv.com/section/global-europe/news/cyberattack-hits-montenegro-government-defence-minister-points-at-russia/', 'https://mobile.twitter.com/javnaupravamne/status/1565043988800978944']",Not available,Not available,,Not available,,2,2022-08-26; 2022-09-02; NaT,State Actors: Preventive measures; N; N,Awareness raising; ; ,Montenegro; United States; France,Rasko Konjevic (Minister of Defense); Federal Bureau of Investigation (FBI); National Agency for the Security of Information Systems (France),No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,3,Moderate - high political importance,3.0,Low,8.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,Montenegro,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/', 'https://www.gov.me/en/News/169508/Web-portal-of-Government-of-Montenegro-and-several-other-web-sites-were-under-enhanced-cyberattacks.html', 'https://www.rferl.org/a/montenegro-cyberattack-russia/32006237.html', 'https://lookingglasscyber.com/blog/threat-intelligence-insights/cyber-monitor-september22022/', 'https://therecord.media/fbi-and-french-officials-arrive-in-montenegro-to-investigate-ransomware-attack/', 'https://www.securityweek.com/montenegro-wrestles-massive-cyberattack-russia-blamed', 'https://securityaffairs.co/wordpress/135667/hacking/montenegro-massive-cyber-attack.html', 'https://www.bleepingcomputer.com/news/security/cuba-ransomware-affiliate-targets-ukrainian-govt-agencies/', 'https://www.reuters.com/world/europe/montenegro-blames-criminal-gang-cyber-attacks-government-2022-08-31/', 'https://www.reuters.com/world/montenegro-says-fbi-will-help-investigate-cyber-attacks-2022-08-31/', 'https://orf.at/stories/3284892/', 'https://www.bleepingcomputer.com/news/security/montenegro-hit-by-ransomware-attack-hackers-demand-10-million/', 'https://www.bleepingcomputer.com/news/security/montenegro-says-russian-cyberattacks-threaten-key-state-functions/', 'https://me.usembassy.gov/security-alert-montenegro-august-26-2022/', 'https://www.euractiv.com/section/global-europe/news/cyberattack-hits-montenegro-government-defence-minister-points-at-russia/', 'https://mobile.twitter.com/mdukaj1/status/1563047270345748482', 'https://mobile.twitter.com/mdukaj1/status/1563047271964352513', 'https://mobile.twitter.com/javnaupravamne/status/1565043988800978944', 'https://twitter.com/BlackBerrySpark/status/1586085423314599937', 'https://me.usembassy.gov/security-alert-montenegro-august-26-2022/', 'https://www.gov.me/en/article/national-security-council-holds-its-third-session-2', 'https://www.spiegel.de/netzwelt/montenegro-sieht-ausreichende-hinweise-fuer-russische-cyberattacke-a-2b48d900-9389-4fb7-9c1c-d3e99ba72486#ref=rss', 'https://www.reuters.com/world/europe/montenegros-state-infrastructure-hit-by-cyber-attack-officials-2022-08-26/', 'https://slate.com/technology/2022/09/russia-cyberattack-montenegro-ukraine.html', 'https://apnews.com/article/russia-ukraine-technology-hacking-montenegro-2a8eb2df87f657b6d7b9971b7419bff9', 'https://balkaninsight.com/2022/09/07/montenegro-blames-slowed-court-processes-on-cyber-attacks/', 'https://politicalviolenceataglance.org/2022/09/21/who-attacked-montenegro-the-moral-and-strategic-hazards-of-misassigning-blame/', 'https://balkaninsight.com/2022/08/29/montenegro-still-assessing-damage-from-mystery-cyber-attacks/', 'https://cybernews.com/cyber-war/montenegro-blames-cuba-ransomware-for-attacking-the-country/', 'https://shared-public-reports.s3-eu-west-1.amazonaws.com/Cuba+Ransomware+Group+-+on+a+roll.pdf', 'https://www.ic3.gov/Media/News/2021/211203-2.pdf', 'https://www.latimes.com/world-nation/story/2022-09-12/nato-montenegro-massive-cyberattack-russia-blamed']"
995,Black Hat Hackers leak Navy Data of India,"Bangladeshi Hacker group ""Black Hat Hackers"" extracts and leaks personal information of Indian Navy officials from government servers.",2017-02-25,2017-02-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Military']],['Black Hat Hackers'],['Bangladesh'],['Non-state-group'],['Ethnic actors'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Black Hat Hackers,Bangladesh,Non-state-group,Ethnic actors,[],Territory; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/indian-navy-officers-private-details-leaked-by-bangladeshi-black-hat-hackers/']
996,Luxembourg DDoS 2017,DDoS attack takes down Luxembourg government servers,2017-02-27,2017-02-27,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['Luxembourg'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/ddos-attack-takes-down-luxembourg-government-servers-1609380']
997,US DDoS towards North Korean,"The United States targeted North Korea’s military spy agency. The attack was a distributed denial of service (DDoS) campaign with an aim to flood North Korean spy agency’s servers with traffic, crippling its access to the internet.",2017-03-01,2017-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,"[""Korea, Democratic People's Republic of""]","[['ASIA', 'NEA']]",[['State institutions / political system']],[['Intelligence agencies']],['US CYCOM'],['United States'],['State'],,1,2017-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,US CYCOM,United States,State,,['https://thediplomat.com/2017/10/how-to-make-sense-of-offensive-us-cyber-operations-against-north-korean-military-intelligence/'],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cybersecurityintelligence.com/blog/cyberwarfare-us-launches-ddos-attacks-against-n-korean-spy-agency-2902.html', 'https://thediplomat.com/2017/10/how-to-make-sense-of-offensive-us-cyber-operations-against-north-korean-military-intelligence/']"
998,Unknown hacker attacks Kansas department of Commerce,A security breach in the Kansas Department of Commerce exposes millions of Social Security numbers from people across 10 states to hackers. Many other accounts are also attacked.,2017-03-01,2017-03-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.kcur.org/post/hackers-kansas-system-accessed-social-security-numbers-millions-10-states#stream/0']
999,DarkHydrusin 2017,The hacker group DarkHydrusaka Copy Kittenaka LazyMeerkat in 2017 mainly hacked the governmental and educational sector of different Middle East countries. The hacks are mainly harvesting attacks.,2017-03-01,2017-12-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,['Middle East (region)'],,[['State institutions / political system']],[['Government / ministries']],['DarkHydrus/LazyMeerkat'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DarkHydrus/LazyMeerkat,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://unit42.paloaltonetworks.com/unit42-darkhydrus-uses-phishery-harvest-credentials-middle-east/']
1000,Unknown group attacks Democratic Party in Pennsylvania (USA),"The Pennsylvania Senate Democratic Caucus was hit by a ransomware attack, blocking access to its entire IT systems and web servers. The separate networks used by Democratic state senators remained unaffected.",2017-03-03,2017-03-03,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Political parties']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.nbcnews.com/news/us-news/senate-democrats-pennsylvania-are-being-held-cyber-hostage-n728901', 'https://www.zdnet.com/article/pennsylvania-senate-democrats-paid-700000-to-recover-from-ransomware-attack/']"
1001,Attack on various US progressive groups (probably by CozyBear),"New reports reveal that Russian hackers are targeting U.S. progressive groups in a new wave of attacks. According to the report, at least a dozen groups have faced extortion attempts since the U.S. presidential election. The ransom demands are accompanied by samples of sensitive data in the hackers’ possession.",2017-03-06,2017-03-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Other social groups']],['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)'],['Russia'],"['Non-state actor, state-affiliation suggested']",,2,2017-01-01; 2017-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by receiver government / state entity; Media-based attribution,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
1002,RanRan Ransomware deployed against government entitites in the Middle East,"Malware researchers at Palo Alto Networks discovered a new strain of ransomware, dubbed Ran Ran, that has been used in targeted attacks against government organizations in the Middle East.",2017-03-08,2017-03-08,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse; Ransomware,,['Mena Region (region)'],,[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://securityaffairs.co/wordpress/57031/malware/ranran-ransomware.html']
1003,Turkish hackers attack several Dutch websites,Turkish hackergroups target a large number of Dutch websites after the political fallout between the Netherlands and Turkey over the weekend.,2017-03-11,2017-03-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Netherlands'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Media']],,['Akincilar'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Akincilar,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://nltimes.nl/2017/03/14/turkish-hacker-groups-focus-cyberattacks-dutch-websites-incl-nl-times']
1004,Canadian Statistics website got shut down by hackers,The Canadian government confirms that the Statistics Canada website is hacked and taken offline for over two days. In the aftermath of the cyberattack parts of the Canada Revenue Agency's (CRA) site is also reportedly taken offline by authorities as a precaution.,2017-03-14,2017-03-16,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,['Canada'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/statistics-canada-site-hit-by-hackers-taken-offline-peak-tax-season-1611419']
1005,Ransomware found in the systems of the Tweede Kamer(NLD),"Ransomware is found on the computersystems of the Tweede Kamer, the lower house of Dutch parliament.",2017-03-28,2017-03-28,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption; Ransomware,,['Netherlands'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Legislative']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,Phishing,Data Encrypted for Impact,Required,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://nltimes.nl/2017/03/28/ransomware-found-dutch-parliament']
1006,IAAF Hack,IAAF says medical records compromised by Fancy Bear hackinggroup,2017-04-01,2017-04-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,['International Association of Athletics Federations'],,[['International / supranational organization']],,"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],['State'],,2,2017-01-01; 2017-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Domestic legal action",Receiver attributes attacker; Attribution by third-party,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,State; State,,['https://www.justice.gov/opa/documents-and-resources-october-4-2018-press-conference'],Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-sport-doping-iaaf-idUSKBN1750ZM', 'https://www.justice.gov/opa/documents-and-resources-october-4-2018-press-conference']"
960,Operation Wocao,"An unknown actor with direct ties to the Chinese government leveraged malware deposited by other threatactors, to gain access to high-level networks in various countries",2017-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Brazil', 'China', 'France', 'Germany', 'Italy', 'Mexico', 'Spain', 'Portugal', 'United Kingdom']","[['NATO', 'NORTHAM'], ['SOUTHAM'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU'], [], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['', 'Energy', 'Transportation', 'Health', 'Finance', ''], ['', 'Energy', 'Transportation', 'Health', 'Finance', ''], ['', 'Energy', 'Transportation', 'Health', 'Finance', ''], ['', 'Energy', 'Transportation', 'Health', 'Finance', ''], ['', 'Energy', 'Transportation', 'Health', 'Finance', ''], ['', 'Energy', 'Transportation', 'Health', 'Finance', ''], ['', 'Energy', 'Transportation', 'Health', 'Finance', ''], ['', 'Energy', 'Transportation', 'Health', 'Finance', ''], ['', 'Energy', 'Transportation', 'Health', 'Finance', ''], ['', 'Energy', 'Transportation', 'Health', 'Finance', '']]",['APT 20'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT 20,China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf']
1008,Lazarus (NorthKorea) attacks endusers because of financial interests,Focusing on financial interests (Bitcoin) the NorthKorean APT Lazarus ends false job recruitments to gain data from endusers.,2017-04-01,2017-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,"[['Critical infrastructure', 'Critical infrastructure']]","[['Finance', 'Defence industry']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/']
1009,Yapizon Hack (Lazarus),"Lazarus managed to hack into Yapizon, a South Korean cryptocurrency exchange in April 2017 and stole 3,816 Bitcoins valued at $5.3million.",2017-04-01,2017-12-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Critical infrastructure']],[['Finance']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)', 'Military Unit 121']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2017-01-01; 2017-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Military Unit 121","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.html', 'https://www.recordedfuture.com/north-korea-cryptocurrency-campaign/']",System / ideology; Territory; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/', 'https://btcmanager.com/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/?q=/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/&', 'https://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.html', 'https://www.recordedfuture.com/north-korea-cryptocurrency-campaign/']"
1010,APT28 Operation Dealer`s Choice - 2017,APT28 targeted primarily NATO Countries as well as Ukraine (among others) in a spearphishing campaign.,2017-04-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['NATO (region)', 'Ukraine']","[[], ['EUROPE', 'EASTEU']]","[['State institutions / political system'], ['State institutions / political system']]","[['Military'], ['Military']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://securityaffairs.co/wordpress/69365/apt/sofacy-apt-east.htmlhttps://securelist.com/a-slice-of-2017-sofacy-activity/83930/']
1075,Domestic Kitten,"The iranian government concucted an extensive surveillance program through the hacking group APT-C-50 on internal dissidents, oppositions forces, ISIS advocates, the Kurdish minority in Iran, and more.",2017-01-01,2021-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of', 'United States', 'United Kingdom', 'Pakistan', 'Afghanistan', 'Turkey']","[['ASIA', 'MENA', 'MEA'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA'], ['ASIA', 'NATO', 'MEA']]","[['Social groups', 'Social groups', 'Social groups'], ['Social groups', 'Social groups', 'Social groups'], ['Social groups', 'Social groups', 'Social groups'], ['Social groups', 'Social groups', 'Social groups'], ['Social groups', 'Social groups', 'Social groups'], ['Social groups', 'Social groups', 'Social groups']]","[['Ethnic', 'Terrorist', 'Political opposition / dissidents / expats'], ['Ethnic', 'Terrorist', 'Political opposition / dissidents / expats'], ['Ethnic', 'Terrorist', 'Political opposition / dissidents / expats'], ['Ethnic', 'Terrorist', 'Political opposition / dissidents / expats'], ['Ethnic', 'Terrorist', 'Political opposition / dissidents / expats'], ['Ethnic', 'Terrorist', 'Political opposition / dissidents / expats']]","['APT-C-50', 'Domestic Kitten']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT-C-50; Domestic Kitten,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://blogs.360.cn/post/APT-C-50.html#toc-90c', 'https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/']",System / ideology; National power; International power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://blogs.360.cn/post/APT-C-50.html#toc-90c', 'https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/']"
1013,Leviathan aka TEMP.periscope aka APT 40 influences on the election in Cambodia,"Since they want them to win the Chinese-based APT 40 supports a Chinese-friendly party in the Cambodian elections. Fire Eye has examined a range of TEMP. Periscope activity revealing extensive interest in Cambodia's politics, with active compromises of multiple Cambodian entities related to the country’s electoralsystem. This includes compromises of Cambodian government entities charged with overseeing the elections, as well as the targeting of opposition figures.",2017-04-01,2018-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Cambodia'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'State institutions / political system', 'Social groups', 'Media']]","[['Legislative', 'Election infrastructure / related systems', 'Advocacy / activists (e.g. human rights organizations)', '']]","['APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company)']",['China'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company)",China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html']
1014,Unknown hacker disrupts emergency sirens in Dallas,A computer hack sets off all the emergency sirens in Dallas for about 90 minutes.,2017-04-07,2017-04-08,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],,,['United States'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,United States,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,"Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",Short duration (< 24h; incident scores 1 point in intensity),3,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-texas-sirens-idUSKBN17B001', 'https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/']"
1015,Unknown APT attacks Singapore government and universities,"Reports emerge that the two Singapore universities suffered APT (advanced persistent threat) attacks last month, with the attackers specifically targeting government and research data.",2017-04-11,2017-04-11,"Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,['Singapore'],[['ASIA']],[['Science']],,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.zdnet.com/article/singapore-university-breaches-reveal-wider-attack-surface-to-safeguard/']
1017,Berserker Bear,Russian state-sponsored hackers managed to access secured parts of the German energy network,2017-05-01,2017-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Critical infrastructure']],[['Energy']],"['Energetic Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035 (FSB,\xa016th Center)', 'Energetic Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035 (FSB,\xa016th Center)']","['Russia', 'Russia']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,"Energetic Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035 (FSB, 16th Center)",Russia,"Non-state actor, state-affiliation suggested",,"['https://www.reuters.com/article/us-germany-cyber-russia/german-intelligence-sees-russia-behind-hack-of-energy-firms-media-report-idUSKBN1JG2X2', 'https://www.verfassungsschutz.de/download/broschuere-2018-06-bfv-cyber-brief-2018-01-neu.pdf']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.n-tv.de/wirtschaft/Hacker-greifen-EnBW-Tochter-an-article20436822.html', 'https://www.reuters.com/article/us-germany-cyber-russia/german-intelligence-sees-russia-behind-hack-of-energy-firms-media-report-idUSKBN1JG2X2', 'https://www.verfassungsschutz.de/download/broschuere-2018-06-bfv-cyber-brief-2018-01-neu.pdf']"
1018,OceanLotus vs. Asean,"OceanLotus accessed networks of local SEA governments, to use the mass taging points against the local organisation ASEAN.In the same campaign attacks were started against local humanrights defenders",2017-05-01,2017-11-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Laos', 'Philippines', 'Cambodia', 'Vietnam', 'China']","[['ASIA', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Social groups', 'Media'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Social groups', 'Media']]","[['Government / ministries', 'Civil service / administration', 'Military', 'Police', '', '', 'Energy', 'Political opposition / dissidents / expats', 'Other social groups', ''], ['Government / ministries', 'Civil service / administration', 'Military', 'Police', '', '', 'Energy', 'Political opposition / dissidents / expats', 'Other social groups', ''], ['Government / ministries', 'Civil service / administration', 'Military', 'Police', '', '', 'Energy', 'Political opposition / dissidents / expats', 'Other social groups', ''], ['Government / ministries', 'Civil service / administration', 'Military', 'Police', '', '', 'Energy', 'Political opposition / dissidents / expats', 'Other social groups', ''], ['Government / ministries', 'Civil service / administration', 'Military', 'Police', '', '', 'Energy', 'Political opposition / dissidents / expats', 'Other social groups', '']]",['APT32/Ocean Lotus/Sea Lotus'],['Vietnam'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus,Vietnam,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-cyber-attack-vietnam/vietnams-neighbors-asean-targeted-by-hackers-report-idUSKBN1D70VU', 'https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/']"
1019,Youbit Hack by Lazarus,The South Korean crypto exchange Youbit fell victim to a large-scale security breach that led to the theft of a fifth of its user funds. The North Korean Lazarus Group is suspected to be behind the attack.,2017-05-01,2017-12-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Critical infrastructure']],[['Finance']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)', 'Military Unit 121']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; IT-security community attributes attacker; Media-based attribution; Media-based attribution,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Military Unit 121; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Military Unit 121","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.htmlhttps://www.recordedfuture.com/north-korea-cryptocurrency-campaign/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://bitnewsbot.com/north-korea-accused-of-hacking-south-korean-bitcoin-exchange-youbit/', 'https://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.htmlhttps://www.recordedfuture.com/north-korea-cryptocurrency-campaign/']"
1020,Attack on Equifax,"The world's largest consumer credit reporting agency Equifax which is located in the USA was attacked by a first unknown group of hackers. As a result the attackers were able to steal personal information (adresses, social insurance numbers etc.) of more than 143 Million clients. In February 2020, the US unsealed an indictment against four Chinese PLA officers and blamed them for committing the hacks.",2017-05-01,2017-05-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Finance']],['PLA'],['China'],['State'],,1,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,PLA,China,State,,"['https://www.spiegel.de/netzwelt/netzpolitik/equifax-hack-usa-klagen-vier-chinesische-militaerangehoerige-an-a-7a50d266-0c53-44ca-a619-8a98b593ec73', 'https://www.justice.gov/opa/press-release/file/1246891/download']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.heise.de/security/meldung/Equifax-Hack-Angreifer-ueber-Apache-Struts-Luecke-eingestiegen-3831905.html', 'https://www.heise.de/newsticker/meldung/Nach-Megahack-bei-Equifax-Spekulation-ueber-Verbleib-der-Daten-4309723.html', 'https://xakep.ru/2017/09/08/equifax-hack/', 'https://www.spiegel.de/netzwelt/netzpolitik/equifax-hack-usa-klagen-vier-chinesische-militaerangehoerige-an-a-7a50d266-0c53-44ca-a619-8a98b593ec73', 'https://www.justice.gov/opa/press-release/file/1246891/download', 'https://www.cnbc.com/2017/09/13/us-senator-on-equifax-hack-somebody-needs-to-go-to-jail.html', 'https://www.reuters.com/article/ctech-us-equifax-cyber-heitkamp-idCAKCN1BN1WN-OCATC', 'https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/', 'https://krebsonsecurity.com/2022/12/the-equifax-breach-settlement-offer-is-real-for-now/', 'https://www.darkreading.com/application-security/appsec-playbook-2023-study-of-829m-attacks-on-1-400-websites']"
1021,Lebanon-Hezbollah Phone Hack 2017,Lebanon blames Israel for anti-Hezbollah telecoms hacking,2017-05-01,2017-05-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,['Lebanon'],"[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Transportation']],,['Israel'],['State'],,1,2017-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Israel,State,,['https://www.haaretz.com/israel-news/israel-responsible-for-anti-hezbollah-propaganda-phone-hack-lebanon-says-1.5471465'],Territory; International power,Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.apnews.com/42d48c9b5b2d4b7e9c96d96f8ac92c3e', 'https://www.haaretz.com/israel-news/israel-responsible-for-anti-hezbollah-propaganda-phone-hack-lebanon-says-1.5471465']"
1022,Operation Cobalt Kitty,"Cyber reason reveals the details of Operation Cobalt Kitty, a campaign carried on by APT32, an advanced threatgroup that conducts targeted intrusions at large multi national businesses with interests in Vietnam.",2017-05-14,2017-05-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,['Asia (region)'],,[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['APT32/Ocean Lotus/Sea Lotus'],['Vietnam'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus,Vietnam,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html'],Resources,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html', 'https://www.cybereason.com/blog/operation-cobalt-kitty-apt']"
1023,Trump-Duterte-Conversion Hack-->OceanLotus aka APT32,A stolen Trump-Duterte transcript appears to be just one part of a larger hacking story,2017-05-15,2017-05-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft & Doxing,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",['APT32/Ocean Lotus/Sea Lotus'],['Philippines'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus,Philippines,"Non-state actor, state-affiliation suggested",,['https://www.cyberscoop.com/apt-32-trump-duterte-hacking-xi-jinping-vietnam/'],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.cyberscoop.com/apt-32-trump-duterte-hacking-xi-jinping-vietnam/']
1024,ATP28 vs. Montenegro,A Russia-linked hacking group was found to have launched a spear-phishing campaign against Montenegro after the country announced its decision to join NATO,2017-06-01,2017-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Montenegro'],"[['EUROPE', 'BALKANS', 'NATO', 'WBALKANS']]",[['State institutions / political system']],[['Government / ministries']],"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,"['https://cyware.com/news/fireeye-russian-group-apt28-targeted-montenegro-government-with-cyber-attacks-b8d077e5', 'https://www.darkreading.com/threat-intelligence/fireeye-finds-russian-group-apt28-targeted-montenegro-government-with-cyber-attacks/d/d-id/1329060']",System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/59820/apt/apt28-targets-montenegro.html', 'https://cyware.com/news/fireeye-russian-group-apt28-targeted-montenegro-government-with-cyber-attacks-b8d077e5', 'https://www.darkreading.com/threat-intelligence/fireeye-finds-russian-group-apt28-targeted-montenegro-government-with-cyber-attacks/d/d-id/1329060']"
1025,A fake story was planted on the Qatar News Agency systems that sparked the Qatar Crisis in 2017,"According to an investigation by the FBI, Russian hackers may have planted a fake news story on the Qatar news agency’s website in May 2016 by hacking the agency`s system. The hack sparked one of the biggest crisis between Qatar and six Arab countries. Initially, unnamed observers suspected the United Arab Emirates as being involved, reported via media articles. The hack may also have precipitated the crisis that saw six Arab countries sever their relations with Qatar.",2017-05-01,2017-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Disruption,[['Qatar News Agency']],['Qatar'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['Media']],,['Not available'],['United Arab Emirates'],['State'],,4,2017-06-01; 2017-06-07; 2017-06-07; 2017-06-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Media-based attribution; Attribution by third-party; Attribution by third-party,Not available; Not available; Federal Bureau of Investigation (FBI); US intelligence agencies,,Qatar; Not available; United States; United States,,United Arab Emirates; United Arab Emirates; Russia; United Arab Emirates,"State; Non-state actor, state-affiliation suggested; Non-state-group; State",; ; Private technology companies / hacking for hire groups without state affiliation / research entities; ,"['https://www.theguardian.com/world/2017/jun/07/russian-hackers-qatar-crisis-fbi-inquiry-saudi-arabia-uae', 'https://www.aljazeera.com/news/2017/07/uae-arranged-hacking-qatari-media-washington-post-170717004353563.html', 'https://www.washingtonpost.com/world/national-security/uae-hacked-qatari-government-sites-sparking-regional-upheaval-according-to-us-intelligence-officials/2017/07/16/00c46e54-698f-11e7-8eb5-cbccc2e7bfbf_story.html?noredirect=on']",System / ideology; International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://www.bbc.com/news/world-middle-east-40026822', 'https://www.theguardian.com/world/2017/jun/07/russian-hackers-qatar-crisis-fbi-inquiry-saudi-arabia-uae', 'https://www.aljazeera.com/news/2017/07/uae-arranged-hacking-qatari-media-washington-post-170717004353563.html', 'https://www.washingtonpost.com/world/national-security/uae-hacked-qatari-government-sites-sparking-regional-upheaval-according-to-us-intelligence-officials/2017/07/16/00c46e54-698f-11e7-8eb5-cbccc2e7bfbf_story.html?noredirect=on', 'https://www.nytimes.com/2017/06/08/world/middleeast/qatar-cyberattack-espionage-for-hire.html', 'https://www.reuters.com/article/us-gulf-qatar-cyber-idUSKCN1B608L']"
1026,"Red Alpha Team Operation ""2017 hktechy""","Recorded Future discovered a new espionage campaign dubbed the""Red Alpha""APT  with Chinese origin. One part of it, the campaign""2017 hktechy""took place in 2017 against the Tibetan Community.",2017-06-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['Social groups']],[['Ethnic']],['RedAlpha\xa0'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,RedAlpha ,China,"Non-state actor, state-affiliation suggested",,[],System / ideology; Autonomy; Resources,System/ideology; Autonomy; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.recordedfuture.com/redalpha-cyber-campaigns/']
1027,Attack on Al-Jazeera Media Network,The Al-Jazeera Media Network was attacked by an unknown hacker group. The group disrupted and hijacked the system afterwards. Then the website sent pro-iranien and pro-israelian contents for a couple of hours.,2017-06-08,2017-06-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,['Qatar'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['Media']],,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.aljazeera.com/news/2017/06/al-jazeera-media-platforms-cyberattack-170608170600837.html', 'https://www.nzz.ch/international/krise-am-golf-gross-angelegter-hackerangriff-auf-katarischen-sender-al-jazeera-ld.1299975']"
1028,Vigilance attacks the governmental site of Minnesota,"A hacker calling himself Vigilance hacks a database belonging to the Minnesota state government, and steals about 1,400 email addresses and passwords.",2017-06-16,2017-06-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['Vigilance'],['Unknown'],['Individual hacker(s)'],,1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Vigilance,Unknown,Individual hacker(s),,[],System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.vice.com/en_us/article/ywzje5/hacktivist-breaks-into-minnesota-government-databases-to-protest-philando-castile-verdict']
1029,ISIS hacks Argentinian military,A hackergroup of ISIS defaced the mainsite of the Argentinian military. As a result the site contained a message which was warning Argentinia about the ISIS in their country. After 20 minutes the army took down the site.,2017-06-19,2017-06-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Argentina'],[['SOUTHAM']],[['State institutions / political system']],[['Military']],['Pro-ISIS'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Pro-ISIS,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://en.mercopress.com/2017/06/20/argentine-army-s-website-hacked-by-isis', 'https://www.reuters.com/article/us-argentina-security-idUSKBN19A2R7']"
992,Hackergroup linked to ISIS attacks NHS websites,"The Independent reveals that, over the past six weeks, six NHS websites were defaced showing grue some images of the conflict in Syria with the hashtags: #Op_Russiaand#save_aleppo.",2017-02-07,2017-02-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized",,Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Critical infrastructure']],[['Health']],"['Tunisian Fallaga Team', 'Pro-ISIS']","['Tunisia', 'Tunisia']","['Non-state-group', 'Non-state-group']","['Terrorist(s)', 'Terrorist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Tunisian Fallaga Team; Pro-ISIS,Tunisia; Tunisia,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.independent.co.uk/news/uk/crime/isis-islamist-hackers-nhs-websites-cyber-attack-syrian-civil-war-images-islamic-state-a7567236.html']
1031,ISIS hacks the governor's office of Ohio(USA),"Ohio Gov. John Kasich’s website is hacked ,appearing to show pro- ISIS propaganda. Ohio first lady Karen Kasich’s website, along with the Ohio Department of Rehabilitation and Corrections website, are also hacked.",2017-06-25,2017-06-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],"['Team System Dz', 'Pro-ISIS']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,Team System Dz; Pro-ISIS,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://thehill.com/policy/cybersecurity/339395-kasichs-website-hacked-with-what-appears-to-be-pro-isis-messages']
1032,"The Russian state-sponsored APT Sandworm initially targeted Ukrainian infrastructures with wiper-campaign called ""NotPetya"" since June 2017, affecting targets worldwide","The APT Sandworm which is affiliated with Russia`s military intelligence service GRU used a Trojan to initially target Ukrainian infrastructure, including power companies, airports, and public transit, with a wiper called NotPetya, that should appear as ransomware. The initial access point was a Ukrainian tax software called MeDoc, which then infected almost all companies worldwide that pay taxes in Ukraine, causing a financial damage of reportedly more than 10 billion dollars. The IT-company ESET linked the campaign to the group Telebots (Sandworm), which evolved from BlackEnergy and is held responsible for the Industroyer/Crashoverride attacks against Ukrainian power grid in December 2016. Multiple governments attributed the campaign to Russia`s GRU and its Unit 74455 that is affiliated with Sandworm aka Telebots. NotPetya, just like WannaCry, uses the primary NSA vulnerability ""Eternal Blue"". ",2017-06-27,2017-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,"[['Not available'], ['Not available']]","['Global (region)', 'Ukraine']","[[], ['EUROPE', 'EASTEU']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure']]","[['', ''], ['Energy', 'Transportation', 'Finance']]","['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']",['Russia'],['State'],,10,2018-02-15; 2017-06-28; 2018-01-12; 2017-07-03; 2018-02-15; 2018-02-16; 2018-02-16; 2018-02-16; 2020-10-19; 2020-10-19; 2020-10-19; 2020-10-19; 2020-10-19; 2020-10-19; 2020-07-30,"Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by EU institution/agency,"Lord (Tariq) Ahmad of Wimbledon (Minister of State for the Middle East, North Africa, South Asia and United Nations at the Foreign, Commonwealth & Development Office (FCDO); GBR); Roman Boyarchuk (Head of the Center for Cyber Protection within the State Special Communications Service of Ukraine (SSSCIP)); Central Intelligence Agency ; ESET; The White House; Government of Canada; Angus Taylor (Minister for Law Enforcement and Cyber Security; AUS);  Andrew Hampton (Director-General of the Government Communications Security Bureau (GCSB); NZL); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); Council of the European Union (European Council)",,United Kingdom; Ukraine; United States; Slovakia; United States; Canada; Australia; New Zealand; United States; United States; United States; United States; United States; United States; EU (region),"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Unknown; GRU; Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU; Not available; Not available; Not available; Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко) --> Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sergey Vladimirovich Detistov (Сергей Владимирович Детистов) --> Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Pavel Valeryevich Frolov (Павел Валерьевич Фролов) --> Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев) --> Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко) --> Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Petr Nikolayevich Pliskin (Петр Николаевич Плискин) --> Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Main Centre for Special Technologies (GTsST) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU)",Russia; Russia; Russia; Not available; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,"State; State; State; Non-state actor, state-affiliation suggested; State; State; State; State; State; State; State; State; State; State; State","; ; ; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; ; ; ; ; ; ; ; ; ; ","['https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and', 'https://www.spiegel.de/politik/ausland/eu-beschliesst-sanktionen-gegen-hacker-aus-russland-und-china-a-77111293-2651-4bb8-a2e3-fb6c3a04eea5', 'https://www.wired.com/story/petya-ransomware-ukraine/', 'https://www.washingtonpost.com/world/national-security/russian-military-was-behind-notpetya-cyberattack-in-ukraine-cia-concludes/2018/01/12/048d8506-f7ca-11e7-b34a-b85626af34ef_story.html', 'https://www.cyberscoop.com/uk-government-blames-russian-military-infamous-notpetya-cyberattacks/', 'https://blog.talosintelligence.com/2017/07/the-medoc-connection.html', 'https://www.reuters.com/article/us-ukraine-cybersecurity-sandworm-idUSKBN0UM00N20160108', 'https://trumpwhitehouse.archives.gov/briefings-statements/statement-press-secretary-25/', 'https://cse-cst.gc.ca/en/information-and-resources/news/cse-statement-notpetya-malware', 'https://www.dfat.gov.au/sites/default/files/australia-attributes-notpetya-malware-to-russia.pdf', 'https://www.gcsb.govt.nz/news/new-zealand-joins-international-condemnation-of-notpetya-cyber-attack/', 'https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32020D1127&from=EN']",International power,Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 2,6,2018-02-15; 2018-02-15; 2018-02-16; 2018-02-16; 2018-02-16; 2017-07-01,State Actors: Stabilizing measures; EU member states: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Preventive measures,Statement by head of state/head of government; Statement by other ministers/members of parliament; Statement by other ministers/members of parliament; Statement by other ministers/members of parliament; Statement by other ministers/members of parliament; Awareness raising,United States; United Kingdom; Canada; Australia; New Zealand; United States,The White House; Lord (Tariq) Ahmad of Wimbledon (Foreign Office Minister; GBR); Government of Canada; Angus Taylor (Minister for Law Enforcement and Cyber Security; AUS); Andrew Hampton (Director-General of the Government Communications Security Bureau (GCSB); NZL); Cybersecurity and Infrastructure Security Agency (CISA),No,,Supply Chain Compromise,Data Destruction; Data Encrypted for Impact,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,Direct (official members of state entities / agencies / units responsible),International peace; Sovereignty,Use of force; ,Not available,3,2019-01-12; 2018-03-15; 2020-07-30,Not available; Peaceful means: Retorsion (International Law); Peaceful means: Retorsion (International Law),; Economic sanctions; Economic sanctions,United States; United States; EU (region),Mondelez International; US Department of the Treasury; Council of the European Union (European Council),Sovereignty,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://twitter.com/lukOlejnik/status/1623630238163804160', 'https://www.spiegel.de/politik/ausland/eu-beschliesst-sanktionen-gegen-hacker-aus-russland-und-china-a-77111293-2651-4bb8-a2e3-fb6c3a04eea5', 'https://www.wired.com/story/petya-ransomware-ukraine/', 'https://www.washingtonpost.com/world/national-security/russian-military-was-behind-notpetya-cyberattack-in-ukraine-cia-concludes/2018/01/12/048d8506-f7ca-11e7-b34a-b85626af34ef_story.html', 'https://www.cyberscoop.com/uk-government-blames-russian-military-infamous-notpetya-cyberattacks/', 'https://blog.talosintelligence.com/2017/07/the-medoc-connection.html', 'https://www.reuters.com/article/us-ukraine-cybersecurity-sandworm-idUSKBN0UM00N20160108', 'https://www.wired.com/story/white-house-russia-notpetya-attribution/', 'https://therecord.media/mondelez-and-zurich-reach-settlement-in-notpetya-cyberattack-insurance-suit/', 'https://www.govinfosecurity.com/oreo-maker-settles-insurer-over-notpetya-damages-claim-a-20396', 'https://www.welivesecurity.com/deutsch/2017/07/03/telebots-supply-chain-attack-gegen-ukraine/', 'https://trumpwhitehouse.archives.gov/briefings-statements/statement-press-secretary-25/', 'https://cse-cst.gc.ca/en/information-and-resources/news/cse-statement-notpetya-malware', 'https://www.dfat.gov.au/sites/default/files/australia-attributes-notpetya-malware-to-russia.pdf', 'https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and', 'https://home.treasury.gov/news/press-releases/sm0312', 'https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32020D1127&from=EN', 'https://www.ncsc.gov.uk/news/russian-military-almost-certainly-responsible-destructive-2017-cyber-attack', 'https://www.cisa.gov/uscert/ncas/alerts/TA17-181A', 'https://www.cyberscoop.com/dhs-mayorkas-cybersecurity/', 'https://arstechnica.com/information-technology/2022/12/effective-fast-and-unrecoverable-wiper-malware-is-popping-up-everywhere/', 'https://www.wired.com/story/worst-hacks-2022/', 'https://portswigger.net/daily-swig/security-done-right-infosec-wins-of-2022', 'https://twitter.com/RecordedFuture/status/1619109632882135040', 'https://therecord.media/sandworm-swiftslicer-malware-ukraine-russia-eset/', 'https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html', 'https://www.gcsb.govt.nz/news/new-zealand-joins-international-condemnation-of-notpetya-cyber-attack/', 'https://elpais.com/tecnologia/2023-02-14/por-que-rusia-no-ha-logrado-ganar-la-guerra-cibernetica-en-ucrania.html', 'https://english.elpais.com/international/2023-02-14/why-russia-has-failed-to-win-the-cyberwar-in-ukraine.html', 'https://english.elpais.com/international/2023-02-14/why-russia-has-failed-to-win-the-cyberwar-in-ukraine.html', 'https://twitter.com/RidT/status/1627423109459460097', 'https://www.wired.com/story/ukraine-russia-wiper-malware/', 'https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months', 'https://cyberscoop.com/ukraine-russia-cyberwar-anniversary/', 'https://www.wired.com/story/us-military-email-leak/', 'https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/', 'https://www.nrc.nl/nieuws/2023/02/26/zelfs-rusland-houdt-grote-cyberaanvallen-maar-eventjes-vol-a4158110', 'https://twitter.com/Dennis_Kipker/status/1629122902099361795', 'https://www.c4isrnet.com/cyber/2023/03/02/biden-vows-to-wield-all-instruments-in-fighting-cyber-threats/', 'https://www.welivesecurity.com/2023/03/30/eset-research-podcast-year-fighting-rockets-soldiers-wipers-ukraine/']"
1033,Gamefish,"The Russian hacker group known as APT28, or Fancy Bear, has targeted victims via their connections to hacked hotel Wi-Fi networks.",2017-07-01,2017-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,['Unknown'],,[['Other']],,"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html', 'https://www.fireeye.de/current-threats/apt-groups.html#apt28', 'https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html']",Resources; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cyberscoop.com/fancy-bear-eternal-blue-fire-eye/', 'https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html', 'https://www.fireeye.de/current-threats/apt-groups.html#apt28', 'https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html']"
1034,"APT ""Leafmine"" aka ""Raspite""","Symantec has uncovered the operations of a threat actor named Leafminer that is targeting a broad list of government organizations and business verticals in various regions in the Middle East since at least early 2017. The group tends to adapt publicly available techniques and tools for their attacks and experiments with published proof-of-concept exploits. Leafminer attempts to infiltrate target networks through various means of intrusion: watering hole websites, vulnerability scans of network services on the internet, and brute-force/dictionary login attempts. The actor’s post-compromise toolkit suggests that the group is looking for email data, files, and database servers on compromised target systems.",2017-07-01,2017-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Saudi Arabia', 'Israel', 'Lebanon', 'Kuwait', 'United States', 'Japan', 'Europe (region)']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'NEA'], []]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Intelligence agencies', 'Energy', 'Transportation', 'Chemicals', 'Telecommunications', 'Food', 'Finance'], ['Government / ministries', 'Intelligence agencies', 'Energy', 'Transportation', 'Chemicals', 'Telecommunications', 'Food', 'Finance'], ['Government / ministries', 'Intelligence agencies', 'Energy', 'Transportation', 'Chemicals', 'Telecommunications', 'Food', 'Finance'], ['Government / ministries', 'Intelligence agencies', 'Energy', 'Transportation', 'Chemicals', 'Telecommunications', 'Food', 'Finance'], ['Government / ministries', 'Intelligence agencies', 'Energy', 'Transportation', 'Chemicals', 'Telecommunications', 'Food', 'Finance'], ['Government / ministries', 'Intelligence agencies', 'Energy', 'Transportation', 'Chemicals', 'Telecommunications', 'Food', 'Finance'], ['Government / ministries', 'Intelligence agencies', 'Energy', 'Transportation', 'Chemicals', 'Telecommunications', 'Food', 'Finance']]",['Leafminer/Raspite'],"['Iran, Islamic Republic of']",['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Leafminer/Raspite,"Iran, Islamic Republic of",Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://dragos.com/resource/raspite/', 'https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east']"
1035,National Australian University attacked by Chinese hackers,"China-based hackers have successfully infiltrated the IT systems at the Australian National University, potentially compromising the home of Australia's leading national security college and key defence research projects.",2017-07-06,2018-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft,,['Australia'],[['OC']],[['Science']],,,['China'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.smh.com.au/politics/federal/chinese-hackers-breach-anu-putting-national-security-at-risk-20180706-p4zq0q.htmlhttps://www.9news.com.au/national/2018/07/06/16/46/anu-hacked-china-security-threat']
1036,New Details about SpringDragon (APT  of China),KasperskyLab reveals the details of a new wave of attacks carried on by a long running APT  actor dubbed SpringDragon (also known as LotusBlossom).,2017-07-24,2017-07-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Taiwan', 'Indonesia', 'Philippines', 'Vietnam', 'Hong Kong', 'Malaysia', 'Thailand']","[['ASIA', 'SCS'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SEA']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', 'Political parties', 'Telecommunications', '', ''], ['Government / ministries', 'Political parties', 'Telecommunications', '', ''], ['Government / ministries', 'Political parties', 'Telecommunications', '', ''], ['Government / ministries', 'Political parties', 'Telecommunications', '', ''], ['Government / ministries', 'Political parties', 'Telecommunications', '', ''], ['Government / ministries', 'Political parties', 'Telecommunications', '', ''], ['Government / ministries', 'Political parties', 'Telecommunications', '', '']]",['Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030,China,"Non-state actor, state-affiliation suggested",,[],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securityaffairs.co/wordpress/61328/APT%20/spring-dragon-APT.html']
1037,Rousseau,"In August anonymous hackers broke into Italy's 5-Star’s webplatform, called “Rousseau” and obtained secret data on ist members and donors.",2017-08-01,2017-10-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Disruption,,['Italy'],"[['EUROPE', 'NATO', 'EU']]","[['State institutions / political system', 'State institutions / political system']]","[['Political parties', 'Election infrastructure / related systems']]",,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-italy-politics-5star/hacking-attacks-a-pre-election-setback-for-italys-5-star-movement-idUSKBN1CA1TM']
1038,Sandworm vs. GermanMedia - 2017,Fraudulent mails with malicious code addressed to German media companies and organizations in the field of chemical weapons research,2017-08-01,2017-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Critical infrastructure', 'Media', 'Science']]","[['Chemicals', '', '']]","['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Media-based attribution,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.verfassungsschutz.de/embed/broschuere-2018-07-bfv-cyber-brief-2018-02.pdf', 'https://www.onvista.de/news/bfv-cyberangriffe-gegen-medienunternehmen-und-chemiewaffenforschung-105840187']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.heise.de/security/meldung/Verfassungsschutz-alarmiert-Cyberangriffe-auf-deutsche-Organisationen-4109407.html', 'https://www.verfassungsschutz.de/embed/broschuere-2018-07-bfv-cyber-brief-2018-02.pdf', 'https://www.onvista.de/news/bfv-cyberangriffe-gegen-medienunternehmen-und-chemiewaffenforschung-105840187']"
1039,"""Operation Parliament""",An unknown hacker group with the capabilities of a state-sponsored APT attacked several countries with espionage malware. Most of the targets were located in the MENA-region.,2017-08-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,[['Social groups']],[['Advocacy / activists (e.g. human rights organizations)']],"['Gaza Cybergang 3', 'Hamas']","['Unknown', 'Unknown']","['State', 'State']",,1,2020-01-01; 2020-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,Gaza Cybergang 3; Hamas,Unknown; Unknown,State; State,,"['https://www.kaspersky.de/blog/gaza-cybergang/19002/, https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.scmagazine.com/home/security-news/government-and-defense/operation-parliament-targeting-middle-east-nations-with-cyberespionage-malware/', 'https://securelist.com/operation-parliament-who-is-doing-what/85237/', 'https://www.kaspersky.de/blog/gaza-cybergang/19002/, https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion']"
1040,Democratic opponent of Rep. Dana Rohrbacher was attacked several times,"FBI agents in California and Washington, D.C. , have investigated a series of cyberattacks over the past year that targeted a Democratic opponent of Rep. Dana Rohrabacher (R-CA). Rohrabacher is a 15-term incumbent who is widely seen as the most pro-Russia and pro-Putin member of Congress and is as taunch supporter of President Trump.",2017-08-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Election infrastructure / related systems']],,['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,,Russia,"Non-state actor, state-affiliation suggested",,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://in.reuters.com/article/us-usa-election-hacking-exclusive-idINKBN1L22BZ', 'https://www.rollingstone.com/politics/politics-news/california-election-hacking-711202/', 'https://www.rollingstone.com/politics/politics-news/california-election-hacking-711202']"
1041,Axiom vs. Software Ccleaner,"The Chinese state-sponsored APT  Axiom or rather APT  17 conducted a multi-staged espionage campaign first against the Software Ccleaner, owned by Avast, and at a later stage against targets like Google etc.. Important: Axiom and APT  17 are named as one actor in the report but not so by other sources, as for example the THAI CERT Threat Group Cards.",2017-08-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\xa0Winnti Umbrella/G0044\xa0', 'Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\xa0Winnti Umbrella/G0044\xa0']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.darkreading.com/endpoint/privacy/chinese-APT%20-backdoor-found-in-ccleaner-supply-chain-attack/d/d-id/1331250?', 'http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf', 'https://www.bleepingcomputer.com/news/security/hackers-abuse-google-command-and-control-red-team-tool-in-attacks/']"
1042,Ne0-H4ck3r,"The official website of the Government of Pakistan was hacked by anonymous hackers on Thursday, who posted the Indian national anthem and Independence Day greetings on the portal.",2017-08-03,2017-08-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],,['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,India,Non-state-group,Hacktivist(s),[],System / ideology; Autonomy; Territory,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://zeenews.india.com/asia/pakistan-govt-website-hacked-hackers-post-indian-national-anthem-independence-day-greetings-on-it-2029858.html', 'https://www.hackread.com/pakistani-govt-portal-hacked-to-play-indian-national-anthem/']"
1043,The Binary Guardians,"Hackers disrupted and shut down dozens of Venezuelan government and state-backed websites, pledging online support to a protest campaign against the country's leader, Nicolas Maduro.",2017-08-07,2017-08-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Venezuela'],[['SOUTHAM']],"[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Legislative', 'Judiciary', 'Telecommunications']]",['The Binary Guardians'],['Venezuela'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,The Binary Guardians,Venezuela,Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.ibtimes.co.uk/our-struggle-digital-hackers-open-about-attacks-venezuelan-government-websites-1634050', 'https://phys.org/news/2017-08-cyberattack-millions-mobile-venezuela.html']"
1044,DDoS Ukrposhta,"The computer networks of Ukrposhta, the national postal service in Ukraine, have reportedly been disrupted by a two-day distributed-denial-of-service cyberattack.",2017-08-07,2017-08-08,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.ibtimes.co.uk/ukraines-national-postal-service-networks-disrupted-by-two-day-ddos-cyberattack-1634132', 'https://www.cybersecurity-insiders.com/ddos-cyber-attack-on-ukraines-postal-department/']"
1045,Op Domestic Terrorism,"The online hacktivist group Anonymous has claimed responsibility for carrying out a DDoS attack on the official website of Charlottesville, Virginia. The motive behind was to protest against an incident in which activists were hit while protesting against a group of white supremacists.",2017-08-12,2017-08-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],"['New World Hackers', 'Anonymous']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,New World Hackers; Anonymous,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/anonymous-shut-down-charlottesville-city-website/', 'https://www.telegraph.co.uk/technology/2017/08/14/anonymous-shuts-neo-nazi-kkk-websites-charlottesville-rally/']"
1046,Russian ATP Turla attacks G-20 participants,"ProofPoint reveals that Turla (Russian APT) appears to be actively targeting G20 participants and those interested in its activities including policy makers, member nations and journalists.The analysis is based on the discovery of a new Java Script dropper for a backdoor called KopiLuwak that Turla has been known to use.",2017-08-17,2017-08-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,,,,,"['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia,"Non-state actor, state-affiliation suggested",,['https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://unit42.paloaltonetworks.com/unit42-the-blockbuster-sequel/', 'https://unit42.paloaltonetworks.com/unit42-blockbuster-saga-continues/', 'https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf']"
1047,Blockbuster Sequel,Researchers from Palo Alto Networks reveal the details of a new operation carried on by the North Korea-linked Lazarus Group against individuals involved with US Defense Contractors.,2017-07-14,2017-08-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack'],System / ideology; International power; Other,System/ideology,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.darkreading.com/attacks-breaches/russian-speaking-apt-engaged-in-g20-themed-attack/d/d-id/1329673', 'https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack']"
1048,Operation Sharpshooter,"Using the ""risings unim plant"", the North-Korean Lazarus Group hacked various organisations and institutions in Europe, the UK and the US. These attacks provided the group with informations on critical infrastructure (in the sectors of finance, energy, transport etc.) as well as the military.
",2017-09-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Energy', 'Finance', 'Defence industry']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ",[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/78884/hacking/operation-sharpshooter.html', 'https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf', 'https://techcrunch.com/2019/03/03/north-korea-lazarus-hackers/']"
1049,Disruption of Verrit,"Verrit, a political fact-checking site is DDoSed almost immediately after it was endorsed by Hillary Clinton.",2017-09-04,2017-09-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source),Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.cnet.com/news/hillary-clinton-verrit-backs-fact-check-site-targeted-by-hackers-donald-trump-fake-news/']
1050,Unknown hacker attacks Russian-speaking endusers,Security Firm FireEye reveals that the Zero-day vulnerability CVE-2017-0199 in Microsoft Office was exploited by suspected nation state hackers to spread the FinSpy malware,2017-09-13,2017-09-13,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,[['Unknown']],,,['Unknown'],['State'],,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,State,,['https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html'],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.ibtimes.co.uk/microsoft-office-zero-day-bug-was-used-by-suspected-state-backed-hackers-spread-finspy-malware-1639196', 'https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html']"
1051,Operation Catalonia,"Digital activists linked to the Anonymous collective have claimed responsibility for a wave of cyberattacks against a number of Spanish government websites, the constitutional court and the Royal House website as part of a pro-Catalonia protest campaign.",2017-09-24,2017-10-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Spain'],"[['EUROPE', 'NATO', 'EU']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Judiciary']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology; Secession,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://sputniknews.com/europe/201710211058429552-spain-court-website-attack/', 'https://www.ibtimes.co.uk/anonymous-hacks-spanish-government-websites-free-catalonia-cyber-campaign-1644210']"
1052,Aslan Neferler Tim,A Turkish hacker group has claimed responsibility for a cyber attack that has rendered the Danish Ministry of Immigration website inaccessible.,2017-09-27,2017-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['Denmark'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],['Aslan Neferler Tim'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Aslan Neferler Tim,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.thelocal.dk/20170928/two-danish-ministries-taken-offline-by-cyber-attack']
1053,Lazarus Casino Hack,The north Korean APT Lazarus hacked an online casino and managed to steal an substantial part of the earnings of the casino,2017-10-01,2017-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,['Central America (region)'],,[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)', 'Reconnaissance General Bureau']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2018-01-01; 2018-01-01; 2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau; Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Reconnaissance General Bureau","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://us-cert.cisa.gov/ncas/alerts/aa20-239a', 'https://www.kaspersky.de/about/press-releases/2017_jadg-auf-lazarus-gruppe-verhindert-groben-cyberbankuberfall']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/', 'https://us-cert.cisa.gov/ncas/alerts/aa20-239a', 'https://www.kaspersky.de/about/press-releases/2017_jadg-auf-lazarus-gruppe-verhindert-groben-cyberbankuberfall']"
1054,HRD Hack,Actors tied to the Moroccan government accessed the phones of human rights defenders in Morrocco,2017-10-01,2019-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Morocco'],"[['AFRICA', 'NAF', 'MENA']]","[['Social groups', 'Social groups']]","[['Political opposition / dissidents / expats', 'Other social groups']]",,['Morocco'],['State'],,1,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party,,,,,Morocco,State,,['https://www.forbes.com/sites/thomasbrewster/2019/10/09/moroccan-activist-says-nsos-elite-spy-tools-hacked-his-iphone/#13a389a82489'],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.amnesty.org/en/latest/research/2019/10/morocco-human-rights-defenders-targeted-with-nso-groups-spyware/', 'https://www.forbes.com/sites/thomasbrewster/2019/10/09/moroccan-activist-says-nsos-elite-spy-tools-hacked-his-iphone/#13a389a82489']"
1055,Hudson attack,Chinese cyberattackers allegedly crashed the website of the Hudson Institute as the think tank was about to host an event with a Chinese political dissident that the Chinese government considers to be a criminal.,2017-10-01,2017-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Other social groups']],,['China'],"['Non-state actor, state-affiliation suggested']",,2,2017-01-01; 2017-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Receiver attributes attacker,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['http://www.thinktankwatch.com/2017/10/doj-steps-in-after-cyber-attack-on.html', 'https://www.reuters.com/article/us-china-corruption-tycoon/china-denies-links-to-alleged-cyber-attacks-in-united-states-targeting-exiled-tycoon-guo-idUSKBN1CD0AP']",System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-china-corruption-tycoon-idUSKBN1CD0AP', 'http://www.thinktankwatch.com/2017/10/doj-steps-in-after-cyber-attack-on.html', 'https://www.reuters.com/article/us-china-corruption-tycoon/china-denies-links-to-alleged-cyber-attacks-in-united-states-targeting-exiled-tycoon-guo-idUSKBN1CD0AP']"
1056,Lazarus (SubgroupAPT38/Bluenoroff) vs. Far Eastern Bank,"NorthKorean Lazarus (SubgroupAPT38/Bluenoroff) hackinggroup is likely responsible for attempt to steal US$ 500,000 from FarEasternbank.",2017-10-01,2017-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Hijacking with Misuse,,['Taiwan'],"[['ASIA', 'SCS']]",[['Critical infrastructure']],[['Finance']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/', 'https://content.fireeye.com/apt/rpt-apt38', 'https://www.reuters.com/article/us-cyber-heist-north-korea-taiwan/north-korea-likely-behind-taiwan-swift-cyber-heist-bae-idUSKBN1CL2VOhttps://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/', 'https://www.bleepingcomputer.com/news/security/north-korean-hackers-used-hermes-ransomware-to-hide-recent-bank-heist/', 'https://content.fireeye.com/apt/rpt-apt38', 'https://www.reuters.com/article/us-cyber-heist-north-korea-taiwan/north-korea-likely-behind-taiwan-swift-cyber-heist-bae-idUSKBN1CL2VOhttps://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html', 'http://focustaiwan.tw/search/201710070007.aspx?q=Far%20Eastern%20International%20Bank']"
1057,VPN Filter,VPN Filter malware infected thousands of home and small business routers and network devices worldwide.,2017-10-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Global (region)'],,[['End user(s) / specially protected groups']],,"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,3,2018-01-01; 2018-01-01; 2018-01-01,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by third-party,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia; Russia,"Non-state actor, state-affiliation suggested; Unknown - not attributed; Non-state actor, state-affiliation suggested",,"['https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/', 'https://www.reuters.com/article/us-cyber-routers-ukraine/cyber-firms-ukraine-warn-of-planned-russian-attack-idUSKCN1IO1U9 https://arstechnica.com/information-technology/2018/05/fbi-seizes-server-russia-allegedly-used-to-infect-500000-consumer-routers/', 'https://www.ncsc.gov.uk/news/russian-state-sponsored-cyber-actors-targeting-network-infrastructure-devices']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://us-cert.cisa.gov/ncas/alerts/TA18-106A?utm_source=newsletter&utm_medium=email&utm_campaign=kremlin_watch_briefing_british_parliament_moves_toward_a_more_coordinated_investigation&utm_term=2019-03-16', 'https://bgr.com/2018/06/07/vpnfilter-malware-security-threat-fix/', 'https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/', 'https://www.reuters.com/article/us-cyber-routers-ukraine/cyber-firms-ukraine-warn-of-planned-russian-attack-idUSKCN1IO1U9 https://arstechnica.com/information-technology/2018/05/fbi-seizes-server-russia-allegedly-used-to-infect-500000-consumer-routers/', 'https://www.ncsc.gov.uk/news/russian-state-sponsored-cyber-actors-targeting-network-infrastructure-devices', 'https://twitter.com/Dennis_Kipker/status/1629122902099361795']"
1058,Hackers deceive facebook users with fake profiles,"Using fake profiles on facebook, a group (probably the Hezbollah) tried to convince end users, download a contagious messenger program. With the spy software the hackers were able to steal data from the private devices immediately. Their targets have been mostly located in Central/Eastern Europe and in the MiddleEast.",2017-10-01,2017-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['Mena Region (region)', 'Europe (region)', 'Eastern Europe']",,"[['End user(s) / specially protected groups'], ['End user(s) / specially protected groups'], ['End user(s) / specially protected groups']]",,['Hezbollah'],['Lebanon'],['Non-state-group'],['Terrorist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,,,,Hezbollah,Lebanon,Non-state-group,Terrorist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.zdnet.com/article/czech-intelligence-service-shuts-down-hezbollah-hacking-operation/']
1059,Chinese hackers attack think tanks and NGOs,Crowd strike reveals the details of espionage-driven targeted attacks carried on by Chinese actors against four Western think tanks and an additional one on governmental organizations (NGOs).,2017-10-01,2017-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,,,,,,['China'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,Unknown - not attributed,,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.crowdstrike.com/blog/an-end-to-smash-and-grab-more-targeted-approaches/']
1060,Emissary Panda (ChineseAPT ) attacks the Mongolian national data center,"According to Kaspersky’s latest research, the Chinese hacking group Emissary Panda aka APT 27 aka LuckyMouse used watering hole-style attacks and spear-phishing emails to breach specific employees of the Mongolian data center. After gaining individual access, they leveraged those accounts to gain additional control over the facility’s infrastructure.",2017-10-01,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,['Mongolia'],"[['ASIA', 'EASIA', 'NEA']]",[['State institutions / political system']],,['Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177', 'https://securelist.com/luckymouse-hits-national-data-center/86083/']",Autonomy; Subnational predominance; Resources,Autonomy; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.cyberscoop.com/APT%2027-mongolia-kaspersky/', 'https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177', 'https://securelist.com/luckymouse-hits-national-data-center/86083/']"
1061,Sandvines Spyware Injection into turkish network,The network company Sandvines injected spyware in the turkish communication network and misused it to controll the showcase of ads,2017-10-01,2018-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,"['Turkey', 'Syria']","[['ASIA', 'NATO', 'MEA'], ['ASIA', 'MENA', 'MEA']]","[['End user(s) / specially protected groups'], ['End user(s) / specially protected groups']]",,['Sandvines'],['Turkey'],['State'],,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Sandvines,Turkey,State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/']
1062,Sandvines Spyware Injection into egyptian network,The network company Sandvines injected spyware in the egyptian communication network and misused it to control the showcase of ads and to mine cryptocurency,2017-10-01,2018-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking with Misuse,,['Egypt'],"[['MENA', 'MEA', 'AFRICA', 'NAF']]",[['End user(s) / specially protected groups']],,['Sandvines'],['Egypt'],['State'],,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Sandvines,Egypt,State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
1063,World War 3,"APT28 has recently dispatched several malware distribution campaigns that try to take advantage of a Flash zero-day vulnerability that Adobe patched earlier this week. According to US cyber-security firm Proofpoint, the one which first spotted these attacks, APT28 targeted abroad set of targets across Europe and in the US.",2017-10-18,2017-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Europe (region)']","[['NATO', 'NORTHAM'], []]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', '']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2017-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,['https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/hackers-race-to-use-flash-exploit-before-vulnerable-systems-are-patched/', 'https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed']"
1064,CSU DDoS,"Two websites run by the Czech Statistical Office(CSU) were taken offline after a DDoS attack tried to disrupt reporting of the country’s parliamentary elections. According to the CSU, the vote count was not affected.",2017-10-21,2017-10-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Czech Republic'],"[['EUROPE', 'NATO', 'EU', 'EASTEU']]",[['State institutions / political system']],[['Election infrastructure / related systems']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.infosecurity-magazine.com/news/ddos-attack-takes-czech-election/', 'https://www.cnbc.com/2017/10/23/czech-election-websites-hacked-vote-unaffected-statistics-office.html']"
1065,BadRabbit - 2017,"A threat actor launched a ransomware operation on networks in several countries, mainly in Russia. The operation is believed to have disrupted the Kiev metro system and the Odessa airport. In October 2018, the United Kingdom attributed this incident to Russian military intelligence GRU. But it seems contested, whether it was the work of Fancy Bear or Telebots (aka Sandworm).",2017-10-24,2017-10-24,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse; Ransomware,,"['Russia', 'Ukraine', 'Bulgaria', 'Turkey']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU'], ['EUROPE', 'BALKANS', 'NATO', 'EU'], ['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media']]","[['Government / ministries', 'Finance', '', '', ''], ['Government / ministries', 'Finance', '', '', ''], ['Government / ministries', 'Finance', '', '', ''], ['Government / ministries', 'Finance', '', '', '']]","['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)', 'Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']","['Russia', 'Russia']","['State', 'State']",,3,2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01; 2017-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by third-party,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia; Unknown; Unknown; Russia; Russia,"State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State","; ; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; ","['https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed', 'https://securelist.com/bad-rabbit-ransomware/82851/', 'https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,Data Encrypted for Impact,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed', 'https://securelist.com/bad-rabbit-ransomware/82851/', 'https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/', 'https://www.wired.com/story/ukraine-russia-wiper-malware/']"
1066,APT34 aka Oilrig hacked unnamed Middle Eastern government entity,"Targeted Phishing Attack against a governmental entity in the middle east, which used a vulnerability which was released just days before.",2017-11-01,2017-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Middle East (region)'],,[['State institutions / political system']],[['Government / ministries']],['OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,"['https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html', 'https://www.fireeye.de/current-threats/apt-groups.html#apt34', 'https://www.thedailybeast.com/irans-cyber-army-is-under-attack-from-all-sides-as-us-tensions-escalate']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/', 'https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html', 'https://www.fireeye.de/current-threats/apt-groups.html#apt34', 'https://www.thedailybeast.com/irans-cyber-army-is-under-attack-from-all-sides-as-us-tensions-escalate']"
1067,Iranian hackers attacked the Austal company,"The Austal company was attacked by unknown hackers who stole shipdesigns, some staff email addresses and mobile phone numbers. Unlike the Australian CyberSecurity Centre (ACSC) the Australian Broadcasting Corporation (local media) claimed that Iranian hackers had executed the attack.",2017-11-01,2017-01-01,"Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft & Doxing,,['Australia'],[['OC']],[['Critical infrastructure']],[['Defence industry']],,"['Iran, Islamic Republic of']",['Non-state-group'],['Criminal(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,"Iran, Islamic Republic of",Non-state-group,Criminal(s),['https://www.abc.net.au/news/2019-02-20/cyber-activists-or-state-actor-attack-how-experts-tell/10825466'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bankinfosecurity.com/australian-shipbuilder-hacked-refuses-to-pay-ransom-a-11662', 'https://www.reuters.com/article/us-australia-iran-cybercrime/australias-cyber-security-chief-says-austal-defense-hack-investigation-may-take-years-idUSKCN1NI03X', 'https://www.abc.net.au/news/2019-02-20/cyber-activists-or-state-actor-attack-how-experts-tell/10825466']"
1068,Akincila,"Hackers affiliated with the hacking group Akincila claimed responsibility for hijacking the Times of Israel and Asia Times websites on Thursday (2 November), replacing their main pages with images of children waving the Turkish flag.",2017-11-02,2017-11-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['Israel', 'Hong Kong']","[['ASIA', 'MENA', 'MEA'], ['ASIA']]","[['Media'], ['Media']]",,['Akincilar'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Akincilar,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/times-israel-asia-times-websites-hijacked-defaced-by-suspected-pro-palestine-turkish-hackers-1645729']
1069,"Hacking-for-Hire group Bahamut aka ""The White Company"" spied on the Pakstani Air Force since 2017 within ""Operation Shaheen""","A new APT, called ""The White Company"", later attributed to the hacking for hire group Bahamut by Blackberry, attacked the Pakistan Air Force with spear-phishing messages that weaponized lure files with names referenced events, government documents, or news articles of interest for the targets.",2017-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Pakistan Air Force']],['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",['Bahamut/The White Company/Windshift'],['Unknown'],"['Non-state actor, state-affiliation suggested', 'Non-state-group']","['', 'Private technology companies / hacking for hire groups without state affiliation / research entities']",2,2020-01-01; 2020-01-01; 2020-01-01; 2020-01-01; 2018-11-01; 2018-11-01; 2018-11-01; 2018-11-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team; Cylance (today: Blackberry); Cylance (today: Blackberry); Cylance (today: Blackberry); Cylance (today: Blackberry),,United States; United States; United States; United States; United States; United States; United States; United States,Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift,Unknown; Unknown; Unknown; Unknown; Unknown; Unknown; Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state-group; Non-state-group; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state-group; Non-state-group",; Private technology companies / hacking for hire groups without state affiliation / research entities; ; Private technology companies / hacking for hire groups without state affiliation / research entities; ; Private technology companies / hacking for hire groups without state affiliation / research entities; ; Private technology companies / hacking for hire groups without state affiliation / research entities,"['https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf', 'https://www.bellingcat.com/resources/case-studies/2017/10/27/bahamut-revisited-cyber-espionage-middle-east-south-asia/']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,"['https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf', 'https://securityaffairs.co/wordpress/77982/apt/operation-shaheen-campaign.html', 'https://www.bellingcat.com/resources/case-studies/2017/10/27/bahamut-revisited-cyber-espionage-middle-east-south-asia/']"
1070,Anonymous steals data from employees of the Italien government,The Anonymous collective publishes some internal document stolen from the email accounts of some government employees.,2017-11-14,2017-11-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://news.trust.org/item/20171114194755-qn91v']
1071,Anonymous defaces neo-nazi-websites,The hacktivist collective Anonymous claims responsibility for taking down over a dozen neo-Nazi sites in retaliation for recent ongoing events in the US. These attacks are a part of the ongoing #OpDomesticTerrorism campaign.,2017-11-14,2017-11-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Advocacy / activists (e.g. human rights organizations)']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,System/ideology; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/opdomesticterrorism-anonymous-hackers-take-down-over-dozen-neo-nazi-sites-new-wave-attacks-1647385']
1072,Gallmaker,"Gallmaker is an attack group that is targeting government, military and defense targets in the Middle East and Eastern Europe. The group uses living off the land (LotL) tactics and publicly available hack tools to carry out activities that seems to be a cyber espionage campaign.",2017-12-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Eastern Europe', 'Middle East (region)']",,"[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Military', 'Election infrastructure / related systems', 'Defence industry'], ['Government / ministries', 'Military', 'Election infrastructure / related systems', 'Defence industry']]",['Gallmaker'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Gallmaker,Unknown,"Non-state actor, state-affiliation suggested",,['https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group']
1073,Anonymous attacks US and Israel government,"In name of #OpIsrael and #OpUSA, hacktivists from the Anonymous Collective leak online names, emails, and passwords of Israeli public employees and share a list of US government sites to target, calling on action against them.",2017-12-08,2017-12-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securityaffairs.co/wordpress/66491/hacktivism/opisrael-opus-anonymous.html']
1074,"""Zebrocy""","In the ""Zebrocy""-campaign the Russian-sponsored APT Fancy Bear aka APT28 aka Sofacy attacked various organisations of governments which are linked to foreign affairs.",2017-12-20,2018-03-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Europe (region)', 'Asia (region)', 'South Africa']","[['NATO', 'NORTHAM'], [], [], ['AFRICA', 'SSA']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science']]","[['Government / ministries', 'Intelligence agencies', 'Chemicals', 'Other social groups', '', '', ''], ['Government / ministries', 'Intelligence agencies', 'Chemicals', 'Other social groups', '', '', ''], ['Government / ministries', 'Intelligence agencies', 'Chemicals', 'Other social groups', '', '', ''], ['Government / ministries', 'Intelligence agencies', 'Chemicals', 'Other social groups', '', '', '']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://securelist.com/a-slice-of-2017-sofacy-activity/83930/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://unit42.paloaltonetworks.com/unit42-sofacy-groups-parallel-attacks/', 'https://securelist.com/a-slice-of-2017-sofacy-activity/83930/']"
1007,Unknown hacker attacks Britain First,"Britain First is hit by a massive hack that targeting its websites and Twitter accounts, and their YouTube channel.",2017-04-01,2017-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Political parties']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.huffingtonpost.co.uk/entry/britain-first-hacked_uk_58f0ccf6e4b0bb9638e323ab']
1076,Chinese Ministry of State Security campaign,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2017-03-01,2017-05-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['United States', 'Sweden', 'Lithuania', 'Germany']","[['NATO', 'NORTHAM'], ['EUROPE', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,"['Li Xiaoyu/Oro01xy', 'MSS']","['China', 'China']","['State', 'State']",,1,2020-01-01; 2020-01-01,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Li Xiaoyu/Oro01xy; MSS,China; China,State; State,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a']
1077,China vs. Uyghurs,"Chinese state hacked into websites, which are mostly used by uyghurs, in order to hack into Apple, Google, and Windows phones.",2017-01-01,2019-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['Social groups', 'End user(s) / specially protected groups']]","[['Ethnic', '']]",,['China'],"['Non-state actor, state-affiliation suggested']",,2,2019-01-01; 2019-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://techcrunch.com/2019/08/31/china-google-iphone-uyghur/', 'https://www.volexity.com/blog/2019/09/02/digital-crackdown-large-scale-surveillance-and-exploitation-of-uyghurs/']",System / ideology; National power,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.forbes.com/sites/thomasbrewster/2019/09/01/iphone-hackers-caught-by-google-also-targeted-android-and-microsoft-windows-say-sources/?sh=245173404adf', 'https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html', 'https://techcrunch.com/2019/08/31/china-google-iphone-uyghur/', 'https://www.volexity.com/blog/2019/09/02/digital-crackdown-large-scale-surveillance-and-exploitation-of-uyghurs/']"
1011,Chinese hackers attack UK think tanks,The Chinese -based APT 26 (aka Deep Panda) attacked several UK think tanks and gained access to information regarding the PC China.,2017-04-01,2017-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Social groups']],[['Other social groups']],['Panda'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Panda,China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.bbc.com/news/uk-43172371']
1079,NASA hack 2018,The network systems of the National Aeronautics and Space Administration (NASA) were breached and approximately 500 MB of data related to Mars missions stolen.,2017-01-01,2018-04-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://oig.nasa.gov/docs/IG-19-022.pdf', 'https://www.zdnet.com/article/nasa-hacked-because-of-unauthorized-raspberry-pi-connected-to-its-network/']"
1080,"DragonOK campaign ""KHRAT""","Allegedly Chinese state-backed hackers used a new malware, named KHRAT, in order to compromise the networks systems of the cambodian government.",2017-01-01,2017-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Cambodia'],"[['ASIA', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['DragonOk'],['Unknown'],['Unknown - not attributed'],,2,2017-01-01; 2017-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attribution by third-party,,,,DragonOk; DragonOk,Unknown; China,"Unknown - not attributed; Non-state actor, state-affiliation suggested",,['https://www.phnompenhpost.com/national/kingdom-targeted-new-malware'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://unit42.paloaltonetworks.com/unit42-updated-khrat-malware-used-in-cambodia-attacks/', 'https://www.phnompenhpost.com/national/kingdom-targeted-new-malware']"
1081,Rana Android Malware,"U.S. authorities detected an Iranian state surveillance campaign on Iranian citizens, especially dissidents and others, conducted by the front company Rana.",2017-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of', 'Global (region)', 'United States']","[['ASIA', 'MENA', 'MEA'], [], ['NATO', 'NORTHAM']]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'End user(s) / specially protected groups', 'Media', 'Science']]","[['Intelligence agencies', 'Transportation', 'Telecommunications', 'Political opposition / dissidents / expats', 'Other social groups', '', '', '', ''], ['Intelligence agencies', 'Transportation', 'Telecommunications', 'Political opposition / dissidents / expats', 'Other social groups', '', '', '', ''], ['Intelligence agencies', 'Transportation', 'Telecommunications', 'Political opposition / dissidents / expats', 'Other social groups', '', '', '', '']]","['APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company)', 'Rana Company/Ministry of Intelligence and Security (Iran)']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2020-01-01; 2020-01-01; 2020-01-01; 2020-01-01,"Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker,,,,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company); Rana Company/Ministry of Intelligence and Security (Iran); APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company); Rana Company/Ministry of Intelligence and Security (Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.ic3.gov/Media/News/2020/200917-2.pdf', 'https://home.treasury.gov/news/press-releases/sm1127', 'https://blog.reversinglabs.com/blog/rana-android-malware']",System / ideology; National power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.govinfosecurity.com/iranian-linked-android-spyware-sneaks-into-private-chats-a-15556', 'https://www.ic3.gov/Media/News/2020/200917-2.pdf', 'https://home.treasury.gov/news/press-releases/sm1127', 'https://blog.reversinglabs.com/blog/rana-android-malware']"
1082,The Chinese Ministry of State Security gained access to classified data of the US Navy in January 2018,"A division of the Chinese Ministry of State Security (MSS) operating out of the province of Guangdong have compromised the computers of an unnamed contractor working for the Naval Undersea Warfare Center during January-February 2018. The state hackers obtained over 600 GB of highly sensitive data related to undersea warfare, according to unidentified US officials and responsible investigators. The sensitive information included secret plans to develop a supersonic anti-ship missile for use on US submarines by 2020 called Sea Dragon; signals and sensor data; submarine radio room information relating to cryptographic systems and the Navy submarine development unit's electronic warfare library.",2018-01-01,2018-02-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on critical infrastructure target(s)",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,[['Not available']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Defence industry']],['MSS'],['China'],['State'],,1,2018-06-08 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,United States,MSS,China,State,,['https://www.washingtonpost.com/world/national-security/china-hacked-a-navy-contractor-and-secured-a-trove-of-highly-sensitive-data-on-submarine-warfare/2018/06/08/6cc396fa-68e6-11e8-bea7-c8eb28bc52b1_story.html'],System / ideology; International power,System/ideology; International power,China – USA; China – USA,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Sovereignty,State actors; ,Not available,1,2018-06-08 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Federal Bureau of Investigation (FBI),Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.telegraph.co.uk/technology/2018/12/14/chinese-hackers-steal-missile-plans-us-navy-contractors/', 'https://www.washingtonpost.com/world/national-security/china-hacked-a-navy-contractor-and-secured-a-trove-of-highly-sensitive-data-on-submarine-warfare/2018/06/08/6cc396fa-68e6-11e8-bea7-c8eb28bc52b1_story.html', 'https://www.c4isrnet.com/cyber/2023/03/27/us-indo-pacific-command-seeks-extra-274-million-for-cyber/', 'https://www.cyberscoop.com/submarine-contractor-hacked-china-us-navy/', 'https://www.c4isrnet.com/cyber/2022/10/31/secure-survive-strike-the-navys-new-approach-for-cyber-dominance/', 'https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/']"
1083,Pentagon attacked by unknown hacker,"Roughly 30,000 DOD military and civilian personnel are believed to be affected by a cyberattack. A third-party contractor is compromised, granting the attackers access to the Pentagon network to steal travel data for DOD personnel.",2018-01-01,2018-06-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.zdnet.com/article/pentagon-discloses-card-breach/']
1030,Iran hacks UK parliament.,"Iran attacks 9,000 emailaccounts in UK parliament. Russia was initially blamed but investigators have traced the attack to the Tehran regime, TheTime scan reveal.",2017-06-23,2017-06-23,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Data theft,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Legislative']],,"['Iran, Islamic Republic of']",['State'],,2,2017-01-01; 2017-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Attribution given, type unclear",Attribution by receiver government / state entity; Media-based attribution,,,,,"Iran, Islamic Republic of; Iran, Islamic Republic of",State; State,,['https://www.thetimes.co.uk/article/iran-attacks-9-000-email-accounts-in-parliament-w5mr836cg'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/politics/2017/jun/24/cyber-attack-parliament-email-access', 'https://www.thetimes.co.uk/article/iran-attacks-9-000-email-accounts-in-parliament-w5mr836cg']"
1085,Midterm Elections-Attack on the Republican Party,Shortly before the Midterm Elections an election campaign comittee of the Republican Party was hacked by an unknown attacker group. Espionaging the e-mail accounts of four highranked employees the attackers gained access to thousands of e-mails.,2018-01-01,2018-04-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Election infrastructure / related systems']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,['https://www.politico.com/story/2018/12/04/exclusive-emails-of-top-nrcc-officials-stolen-in-major-2018-hack-1043309'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.heise.de/newsticker/meldung/Wahlkampf-in-den-USA-Auch-Republikaner-wurden-gehackt-4241151.html', 'https://www.politico.com/story/2018/12/04/exclusive-emails-of-top-nrcc-officials-stolen-in-major-2018-hack-1043309']"
1086,"Red Alpha Team Operation ""2018 internet docss""","Recorded Future discovered a new espionage campaign dubbed the""Red Alpha""APT  with Chinese origin. One part of it, the campaign"" 2018 internet docss""took place in 2018 against the Tibetan Community.",2018-01-01,2018-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]",[['Social groups']],[['Ethnic']],['RedAlpha\xa0'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,RedAlpha ,China,"Non-state actor, state-affiliation suggested",,[],System / ideology; Autonomy; Resources,System/ideology; Autonomy; Resources,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.recordedfuture.com/redalpha-cyber-campaigns/']
1087,APT  10 vs. Airbus,"According to unnamed experts, probably the Chinese APT 10 spied on Airbus in 2018.",2018-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Data theft,,['Europe (region)'],,"[['Critical infrastructure', 'Critical infrastructure']]","[['Transportation', 'Defence industry']]","['APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)', 'MSS']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2019-01-01; 2019-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party; Attribution by third-party,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); MSS",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.reuters.com/article/us-airbus-cyberattack-report/hackers-tried-to-steal-airbus-secrets-via-contractors-afp-idUSKBN1WB0U9'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.france24.com/en/20190926-airbus-hit-by-series-of-cyber-attacks-on-suppliers', 'https://www.reuters.com/article/us-airbus-cyberattack-report/hackers-tried-to-steal-airbus-secrets-via-contractors-afp-idUSKBN1WB0U9']"
1088,Turla/Waterbug Infrastructure Hijacking,The Russian espionage group Waterbug hijacked the infrastructure of an iranian state-sponsored hacking group in order to spy on targets worldwide.,2018-01-11,2019-06-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of', 'Global (region)']","[['ASIA', 'MENA', 'MEA'], []]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Government / ministries', '', 'Telecommunications', '', ''], ['Government / ministries', '', 'Telecommunications', '', '']]","['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://symantec-blogs.broadcom.com/blogs/threat-intelligence/waterbug-espionage-governments', 'https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK']"
1089,North Korean Defectors Hack,"The South Korean Resettlement Agency was hacked, and some hundred sets of personal data of North Korean refugees were leaked",2018-01-01,2018-12-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,,,,,Unknown,Unknown - not attributed,,['https://www.bbc.com/news/world-asia-46698646'],System / ideology; Territory; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.bbc.com/news/world-asia-46698646']
1090,Adobe Zero Day Hack Qatar,"Unknown Actors infected computers of the qatari foreign office with malware, via an Adobe zero-day",2018-01-01,2018-06-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking with Misuse,,['Qatar'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['http://blogs.360.cn/post/cve-2018-5002-en.html', 'https://www.cyberscoop.com/adobe-flash-zero-day-qatar/']"
1091,Qatar vs. Congressman Broidy,"Congressman Broidy was hacked by allegedly qatarian actors, accessing his E-Mail account and leaking the data to American media",2018-01-01,2018-05-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Legislative']],,['Qatar'],['State'],,1,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Qatar,State,,[],International power,International power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.nytimes.com/2018/05/24/world/middleeast/be-very-careful-conversation-cited-to-link-qatar-to-hack-of-gop-donor.html']
1092,Cobalt Dickens,"The iranian group Mabna Institutes proofed websites, and managed to access credentials of various educational institutions worldwide",2018-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,"['United States', 'Australia', 'Canada', 'China', 'Israel', 'Japan', 'Switzerland', 'Turkey', 'United Kingdom']","[['NATO', 'NORTHAM'], ['OC'], ['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'SCS', 'NEA'], ['EUROPE', 'WESTEU'], ['ASIA', 'NATO', 'MEA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Science'], ['Science'], ['Science'], ['Science'], ['Science'], ['Science'], ['Science'], ['Science'], ['Science']]",,"['COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute)', 'COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute)']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities']
1093,StealthFalcon vs. Middle Eastern Targets,"The APT StealthFalcon gained access to various-not further specified networks around the middle eastern region, via an Windows Zero-Day-Vulnerability",2018-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,['Middle East (region)'],,[['Unknown']],,"['Stealth Falcon/Fruity Armor', 'DarkMatter']","['Unknown', 'Unknown']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2019-01-01; 2019-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Stealth Falcon/Fruity Armor; DarkMatter,Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://citizenlab.ca/2016/05/stealth-falcon/'],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://citizenlab.ca/2016/05/stealth-falcon/', 'https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/', 'http://pattersonjournal.com/2019/11/19/stealth-falcon-apt/']"
1094,Pterodo Attack by Gamaredon,The ukrainian cyber-command warned of an increasing number of new malware infections by Russian-aligned Gamaredon APTvs. Ukraine during KerchCrisis,2018-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Government / ministries']],"['Gamaredon Group/Shuckworm/BlueAlpha/ACTINIUM/Primitive Bear/Armageddon/DEV-0157, Group G0047 (FSB, 18th Center, Crimea)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,"Gamaredon Group/Shuckworm/BlueAlpha/ACTINIUM/Primitive Bear/Armageddon/DEV-0157, Group G0047 (FSB, 18th Center, Crimea)",Russia,"Non-state actor, state-affiliation suggested",,[],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://arstechnica.com/information-technology/2018/11/ukraine-detects-new-pterado-backdoor-malware-warns-of-russian-cyberattack/', 'https://www.defenseone.com/technology/2018/12/russia-launched-cyber-attacks-against-ukraine-ship-seizures-firm-says/153375/', 'https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf', 'https://www.cyberscoop.com/ukraine-russian-hackers-armageddon-videos-gamaredon/']"
1095,Lazarus returns against ATMs,The North Korean APT Lazarus targeted Indian ATMs with the help of the banking malware 'ATMDTrack'.,2018-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['India', 'Global (region)']","[['ASIA', 'SASIA', 'SCO'], []]","[['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure']]","[['Finance', 'Finance'], ['Finance', 'Finance']]",,"[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ",['https://us-cert.cisa.gov/ncas/alerts/aa20-239a'],,,,,,0,,,,,,,,,,,False,,none,,,,3,,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://thenextweb.com/security/2019/09/24/north-korean-hackers-are-targeting-atms-in-india-with-new-data-stealing-malware/', 'https://securelist.com/my-name-is-dtrack/93338/', 'https://us-cert.cisa.gov/ncas/alerts/aa20-239a']"
1096,Bronze president vs. SEA NGOs,Various south- and southeastasian NGOs were compromised by the Chinese threat actor Bronze President,2018-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Southeast Asia (region)', 'India', 'Mongolia']","[[], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'EASIA', 'NEA']]","[['State institutions / political system', 'State institutions / political system', 'Social groups'], ['State institutions / political system', 'State institutions / political system', 'Social groups'], ['State institutions / political system', 'State institutions / political system', 'Social groups']]","[['', 'Police', 'Other social groups'], ['', 'Police', 'Other social groups'], ['', 'Police', 'Other social groups']]",['Bronze President'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Bronze President,China,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.secureworks.com/research/bronze-president-targets-ngos']
1097,Phishing Campaign against Amnesty,Amnesty revealed a sophisticated phishing campaign against various Humanright defenders across the middle east,2018-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['Mena Region (region)', 'United Arab Emirates', 'Yemen', 'Egypt', 'Palestine']","[[], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA'], ['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Social groups', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Social groups', 'Media']]","[['', 'Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', ''], ['', 'Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', ''], ['', 'Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', ''], ['', 'Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', ''], ['', 'Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', '']]",,['Gulf Countries (region)'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Gulf Countries (region),Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/']
1098,StrongPity Activity in Turkey,"The APT StrongPity spied on turkish citizens, highly likely with a connection to the conflict between Turkey and the Kurds",2018-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Turkey', 'Syria']","[['ASIA', 'NATO', 'MEA'], ['ASIA', 'MENA', 'MEA']]","[['Critical infrastructure', 'End user(s) / specially protected groups'], ['Critical infrastructure', 'End user(s) / specially protected groups']]","[['Telecommunications', ''], ['Telecommunications', '']]",['StrongPity'],['Turkey'],"['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,StrongPity,Turkey,"Non-state actor, state-affiliation suggested",,[],Autonomy,Autonomy,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://download.bitdefender.com/resources/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf?adobe_mc=MCMID%3D81353798674868294900645340493449571262%7CMCORGID%3D0E920C0F53DA9E9B0A490D45%2540AdobeOrg%7CTS%3D1594802281']
1099,Whitefly vs. SingHealth,"Singapore's largest healthcare group, SingHealth, reveals to have suffered a cyberattack to a company database in which attackers copied information belonging to roughly 1.5 million patients, including the country's primeminster, Lee Hsien Loong. The attack was discovered on July 4 and all patients who visited the clinics from May 1, 2015 through July 4, 2018 were affected.",2018-01-01,2018-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,['Singapore'],[['ASIA']],[['Critical infrastructure']],[['Health']],['Whitefly'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,2,2019-01-01; 2019-01-01,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,Whitefly; Whitefly,Unknown; Unknown,"Non-state actor, state-affiliation suggested; Unknown - not attributed",,['https://www.symantec.com/blogs/threat-intelligence/whitefly-espionage-singapore'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-singapore-cyberattack/cyberattack-on-singapore-health-database-steals-details-of-1-5-million-including-pm-idUSKBN1KA14J', 'https://www.symantec.com/blogs/threat-intelligence/whitefly-espionage-singapore']"
1100,Taidoor and BlackTech vs. Taiwan,"Taiwan attributed an ""omnipresent"" espionage campaign against their government institutions to the Chinese state-sponsored APT s BlackTech and Taidoor",2018-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft,,['Taiwan'],"[['ASIA', 'SCS']]",[['State institutions / political system']],[['Government / ministries']],"['Taidoor', 'Blacktech']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2020-01-01; 2020-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Taidoor; Blacktech,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-taiwan-cyber-china/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK']
1101,Yandex Hack FiveEyes,"According to people with knowledge into the matter, the FiveEyes alliance gained access to Russian Yandex in 2018.",2018-01-01,2018-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Hijacking without Misuse,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Five Eyes'],"['Australia', 'Canada', 'New Zealand', 'United Kingdom', 'United States']",['State'],,1,2019-01-01; 2019-01-01; 2019-01-01; 2019-01-01; 2019-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,,,,Five Eyes; Five Eyes; Five Eyes; Five Eyes; Five Eyes,Australia; Canada; New Zealand; United Kingdom; United States,State; State; State; State; State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-usa-cyber-yandex-exclusive/exclusive-western-intelligence-hacked-russias-google-yandex-to-spy-on-accounts-sources-idUSKCN1TS2SX']
1102,MSS 2020 Indictment Case 2018,"MSS supported hackers have stolen sensitive data by different companies in the US in 2018, according to a 2020 indictment.",2018-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['United States', 'Japan', 'Belarus']","[['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'NEA'], ['EUROPE', 'EASTEU', 'CSTO']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]",,['MSS supported Hackers'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,Domestic legal action,Attribution by receiver government / state entity,,,,MSS supported Hackers,China,"Non-state actor, state-affiliation suggested",,[],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
1103,Twitter account of Syed Akbaruddin hacked,"The verified Twitter account of Syed Akbaruddin, India 'stop diplomat to the United Nations, is briefly taken over by suspected Turkish hackers (AyyıldızTim).",2018-01-14,2018-01-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['International / supranational organization']],,['Ayyıldız Tim Cyber Army'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Ayyıldız Tim Cyber Army,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.ibtimes.co.uk/hackers-hijack-twitter-account-indias-top-diplomat-post-photos-pakistans-flag-1655147']
1104,Fox News Hosts and Trump-supporting Ex-sheriffs Twitter Accounts defaced,The twitter page of two foxnews hosts was taken over by turkish hacktivists and their personal data leaked there,2018-01-16,2018-01-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Media']],,['Ayyıldız Tim Cyber Army'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Ayyıldız Tim Cyber Army,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.ibtimes.co.uk/turkish-hackers-hijack-twitter-account-trump-ally-ex-sheriff-david-clarke-latest-cyberattack-1656221', 'https://www.ibtimes.co.uk/turkish-hackers-hijack-ex-fox-news-hosts-twitter-accounts-post-personal-data-private-messages-1655644']"
1105,The GorgonGroup,"Researchers from Palo Alto Networks Unit 42 uncover Gorgon, a threatactor allegedly operating from Pakistan and targeting governmental organizations in the United Kingdom, Spain, Russia, and the United States leveraging spearphishing emails with Microsoft Word documents exploiting CVE-2017-0199.",2018-02-01,2018-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Russia', 'Spain', 'Pakistan', 'United Kingdom']","[['NATO', 'NORTHAM'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'NATO', 'EU'], ['ASIA', 'SASIA', 'SCO'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Intelligence agencies'], ['Government / ministries', 'Intelligence agencies'], ['Government / ministries', 'Intelligence agencies'], ['Government / ministries', 'Intelligence agencies'], ['Government / ministries', 'Intelligence agencies']]",['GorgonGroup'],['Pakistan'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,GorgonGroup,Pakistan,Unknown - not attributed,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://unit42.paloaltonetworks.com/unit42-gorgon-group-slithering-nation-state-cybercrime/']
1106,The AnonPlus group hacked the Florence branch of the PD,The AnonPlus hacker group says they have hacked the Florence branch of the Italian centre-left Democratic Party (PD) and leaked data regarding leader Matteo Renzi online.,2018-02-06,2018-02-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Political parties']],['AnonPlus'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,AnonPlus,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.ansa.it/english/news/politics/2018/02/06/florence-pd-hacked-renzi-data-published-2_e65dc016-237d-482b-80d6-0072e65ee307.html', 'https://www.thetimes.co.uk/article/hackers-anonplus-and-rogue-o-put-italina-politicians-details-online-qjndfpkl8']"
1107,Olympic Destroyer,"Pyeongchang Winter Olympics organizers confirm that the Games had fallen victim to a cyberattack during Friday’s opening ceremony, but they refused to reveal the source. Researchers from CiscoTalos call the malware OlympicDestroyer and confirm that the only purpose is to disrupt systems. The hackergroup, called Hades by Kaspersky, used techniques to make it look like Lazarus has been responsible. Later on, unnamed US officials from the intelligence branch said that the Russians tateled APTS and worm has been the likely culprit.",2018-02-09,2018-02-09,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['International / supranational organization']],,"['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)', 'GRU']","[""Korea, Democratic People's Republic of"", 'Russia', ""Korea, Democratic People's Republic of"", 'Russia']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,3,2018-01-01; 2018-01-01; 2018-01-01; 2018-01-01; 2018-01-01; 2018-01-01; 2018-01-01; 2018-01-01,"Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Statement in media report and political statement/technical report; Attribution given, type unclear; Attribution given, type unclear; Statement in media report and indictment / sanctions; Statement in media report and indictment / sanctions",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Contested attribution; Contested attribution; Attribution by third-party; Attribution by third-party,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU; GRU; Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU; Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU","Korea, Democratic People's Republic of; Russia; Korea, Democratic People's Republic of; Russia; Russia; Russia; Russia; Russia","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State; State; State",,"['https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and', 'https://www.washingtonpost.com/world/national-security/russian-spies-hacked-the-olympics-and-tried-to-make-it-look-like-north-korea-did-it-us-officials-say/2018/02/24/44b5468e-18f2-11e8-92c9-376b4fe57ff7_story.html', 'https://www.npr.org/sections/thetorch/2018/02/13/585297314/malware-attacks-on-olympics-could-have-come-from-russia-and-north-korea-experts?t=1606841802773', 'https://arstechnica.com/information-technology/2018/02/russia-accused-of-false-flag-attack-on-olympic-opening/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://twitter.com/NCSCgov/status/1623676779826118656', 'https://www.wired.com/story/ukraine-russia-wiper-malware/', 'https://www.heise.de/security/meldung/Olympic-Destroyer-Hackerangriff-auf-die-Olympischen-Spiele-lief-unter-falscher-Flagge-3989288.html', 'https://www.reuters.com/article/us-olympics-2018-cyber/games-organizers-confirm-cyber-attack-wont-reveal-source-idUSKBN1FV036', 'https://securelist.com/olympic-destroyer-is-still-alive/86169/', 'https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and', 'https://www.washingtonpost.com/world/national-security/russian-spies-hacked-the-olympics-and-tried-to-make-it-look-like-north-korea-did-it-us-officials-say/2018/02/24/44b5468e-18f2-11e8-92c9-376b4fe57ff7_story.html', 'https://www.npr.org/sections/thetorch/2018/02/13/585297314/malware-attacks-on-olympics-could-have-come-from-russia-and-north-korea-experts?t=1606841802773', 'https://arstechnica.com/information-technology/2018/02/russia-accused-of-false-flag-attack-on-olympic-opening/', 'https://www.wired.com/story/worst-hacks-2022/', 'https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html']"
1108,"Campaign Desert Scorpion, allegedly tied to Operation Frozen Cell (2016-2017) --> APT-C-23","Researchers from Lookout reveal the details of an espionage campaign using two malware strains called Desert Scorpion and FrozenCell, to spy on targets in Palestine. The attackers are thought to be linked to Hamas.",2018-02-26,2018-03-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Palestine'],"[['ASIA', 'MENA', 'MEA']]",[['End user(s) / specially protected groups']],,"['Desert Falcons/APT-C-23', 'Hamas']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,2,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; IT-security community attributes attacker; Media-based attribution; Media-based attribution,,,,Desert Falcons/APT-C-23; Hamas; Desert Falcons/APT-C-23; Hamas,Unknown; Unknown; Palestine; Palestine,Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group,; ; Terrorist(s); Terrorist(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cyberscoop.com/hamas-spyware-desert-scorpion-apt-c-23-google-play-lookout/', 'https://blog.lookout.com/desert-scorpion-google-play']"
1109,Hackers successfully infiltrated the election campaign computer of David Min,"Reuters reveals that the U.S. Federal Bureau of Investigation is investigating a cyberattack on the congressional campaign of David Min, a Democratic candidate in California.",2018-03-01,2018-03-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Political parties', 'Election infrastructure / related systems']]",,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
1110,LuckyMouse APT  aka Emissary Panda aka APT 27,"KasperskyLab discovers several infections from a previously unknown Trojan, likely related to the infamous Chinese-speaking threat actor–LuckyMouse. The most peculiar trait of this malware is its driver, signed with a legitimate digital certificate.",2018-03-01,2018-09-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Asia (region)'],,[['State institutions / political system']],[['Government / ministries']],['Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/luckymouse-ndisproxy-driver/87914/%C2%A0%C2%A0%C2%A0', 'https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177']"
1111,FoxKittens vs. US,The iranian APT FoxKittens hacks into government and private networks in the US and commercial targets worldwide.,2018-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,"['United States', 'Global (region)']","[['NATO', 'NORTHAM'], []]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', '']]",['Fox Kitten/Parasite/PIONEER KITTEN/UNC757/G0117'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,2,2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,Fox Kitten/Parasite/PIONEER KITTEN/UNC757/G0117; Fox Kitten/Parasite/PIONEER KITTEN/UNC757/G0117,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign.pdf'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.cybersafe.news/fbi-warns-about-iranian-hacking-group-attacking-f5-networking-devices/', 'https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign.pdf']"
1112,Operation Ghost Secret (Lazarus),"The aggressive phishing campaign of Lazarus, executed on Mar.2 and 3, targeted a major government-controlled financial organization, a second government body involved in finance and trade, and three other large financial institutions. All targets are located in Turkey. Later on, McAfee expanded the targets list regarding numerous sectors worldwide.",2018-03-02,2018-03-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Turkey', 'United States', 'Germany', 'Japan', 'Thailand', 'China', 'United Kingdom', 'Australia', 'Global (region)']","[['ASIA', 'NATO', 'MEA'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SEA'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['OC'], []]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Finance', '', ''], ['Finance', '', ''], ['Finance', '', ''], ['Finance', '', ''], ['Finance', '', ''], ['Finance', '', ''], ['Finance', '', ''], ['Finance', '', ''], ['Finance', '', '']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']",['Unknown'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Media-based attribution,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Unknown; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.hurriyetdailynews.com/north-korean-hacking-group-allegedly-targets-turkish-financial-institutions-128495'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/', 'https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/', 'https://www.hurriyetdailynews.com/north-korean-hacking-group-allegedly-targets-turkish-financial-institutions-128495', 'https://thehackernews.com/2023/02/lazarus-group-using-new-winordll64.html']"
1113,Anonymous publishes 26 thousand email addresses of italian teachers,"The Italian branch of the Anonymous collective leaks from the Italian Ministry of Education, 26,000 emails of teachers belonging to all level of schools. They also leak 200 administrative staff addresses.",2018-03-08,2018-03-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Italy'],"[['EUROPE', 'NATO', 'EU']]","[['State institutions / political system', 'Science']]","[['Government / ministries', '']]",['Anonymous/LulzSec Italy'],['Italy'],['Non-state-group'],['Hacktivist(s)'],1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,Anonymous/LulzSec Italy,Italy,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://medium.com/@arturodicorinto/anonymous-has-hacked-and-put-into-the-net-26-thousand-email-addresses-of-italian-teachers-b94e679d2743%20%C2%A0%20%C2%A0%20%C2%A0']
1114,Lazarus goes HakunaMATA,"Lazarus attacked various cooperate entities across Germany, Poland, Turkey, India, Japan and the ROK with its new insertion framework MATA",2018-04-01,2018-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Germany', 'Poland', 'Turkey', 'India', 'Japan', 'Korea, Republic of']","[['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'NEA']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.darkreading.com/threat-intelligence/north-koreas-lazarus-group-developing-cross-platform-malware-framework/d/d-id/1338422', 'https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/']"
1115,Op Israel 2018,"In name of Op Israel, more than a dozen major Israeli websites, belonging to hospitals, local authorities, the Israeli Opera, Israel Teachers Union and the IDF Widows and Orphans Organization are defaced apparently in response to clashes between the IDF and Gazan protesters the previous weekend.",2018-04-03,2018-04-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Critical infrastructure', 'Science', 'Other']]","[['Civil service / administration', 'Health', '', '']]","['Dark-Coder/Th3Falcon.', 'Anonymous']","['Unknown', 'Unknown']","['Individual hacker(s)', 'Individual hacker(s)']",,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,,,,Dark-Coder/Th3Falcon.; Anonymous,Unknown; Unknown,Individual hacker(s); Individual hacker(s),,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.jpost.com/Arab-Israeli-Conflict/Major-Israeli-websites-targeted-in-large-anti-Israel-cyberattack-547834']
1116,Hackers use vulnerability of Cisco switches,"The Iranian IT Ministry reveals that Hackers have attacked networks in a number of countries including datacenters in Iran where they left the image of a U.S. flag on screens along with a warning: “Don’t mess with our elections”. The attack, exploiting CVE-2018-0171, affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in Iran.",2018-04-07,2018-04-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,"['Iran, Islamic Republic of', 'Global (region)']","[['ASIA', 'MENA', 'MEA'], []]","[['State institutions / political system'], ['State institutions / political system']]",,,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-iran-cyber-hackers/iran-hit-by-global-cyber-attack-that-left-u-s-flag-on-screens-idUSKBN1HE0MH']
1117,Team Kerala CyberWarriors attack websites in Pakistan,"Team Kerala CyberWarriors, a hacking group based out of India, initiated a ransomware campaign against websites hosted in Pakistan, deploying customized KCW ransomware.",2018-04-27,2018-04-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Ransomware,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['Unknown']],,['Kerala Cyber Warriors'],['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Kerala Cyber Warriors,India,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.bleepingcomputer.com/news/security/kcw-ransomware-encrypting-web-sites-in-pakistan/']
1118,Greek & Turkishhackers target each other’s mediaoutlets,"The Turkish hacker group Akincilar (""Invaders"") starts its offensive against Greece and defaces four websites(Greek Foreign Ministry, Athens-Macedonia News Agency-ANA-, the Greek Handball Federation, and Suzuki-Greece) in response to Athens'refusal to hand over the Turkish officers who fled to Greece in July 2016. As a retaliation for the attacks of the Turkish collective Akincilar, Greekhackers from Anonymous paralyze the 24TV Livewebsite for several hours. They also claim to have hacked 12,987 routers of TurkTelekom.",2018-04-30,2018-04-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Greece'],"[['EUROPE', 'NATO', 'EU', 'BALKANS']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]",,['Akincilar'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Akincilar,Turkey,Non-state-group,Hacktivist(s),[],Territory; Resources; Other,Territory; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/cyberwar-greek-turkish-hackers-target-media-outlets/']
1119,DDoS-Attack on Tennessee county's website,The Tennessee county's website is taken down by a DDoS attack on election night.,2018-05-01,2018-05-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Election infrastructure / related systems']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://techcrunch.com/2018/05/04/tennessee-election-ddos-knox-county-voting/']
1120,"Russian-based APT(?)Hades attacks targets in Ukraine, Europe and Russia","According to telemetry and the characteristics of the analyzed spear-phishing documents, Kaspersky believes the attackers from Olympic Destroyer are now targeting financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.",2018-05-01,2018-06-01,"Attack on (inter alia) political target(s), not politicized; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Ukraine', 'Russia', 'Netherlands', 'France', 'Germany']","[['EUROPE', 'EASTEU'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure']]","[['Chemicals', 'Finance'], ['Chemicals', 'Finance'], ['Chemicals', 'Finance'], ['Chemicals', 'Finance'], ['Chemicals', 'Finance']]",,['Unknown'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://twitter.com/NCSCgov/status/1623676779826118656']
1121,"OilRig Backdoor ""QUADAGENT""",Researchers from Palo Alto Networks Unit 42 reveal to have detected multiple attacks by the OilRig group appearing to originate from a government agency in the Middle East. The attacks delivered a PowerShell backdoor called QUADAGENT.,2018-05-01,2018-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Middle East (region)'],,"[['State institutions / political system', 'Other']]",,['OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://unit42.paloaltonetworks.com/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/']
1122,Bezos Phone Hack,The Phone of Jeff Bezos was hacked by hackers attributed to be directly connected to the Saudi-Arabian prince,2018-05-01,2019-02-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Media']],,,['Saudi Arabia'],['State'],,1,2020-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by third-party,,,,,Saudi Arabia,State,,['https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=25488&LangID=E'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2020/01/22/world/middleeast/bezos-phone-hacked.html', 'https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=25488&LangID=E']"
1123,Hackers attack Georgia sites,"A group of vigilante hackers going by SB315 deface some Georgia sites and threaten retaliation if a planned bill becomes law. The list of the targets include: the City of Augusta (that denies the hack), the website of Calvary Baptist Church, Georgia Southern University, the sites for two Augusta restaurants, BlueSkyKitchen and SoyNoodleHouse.",2018-05-02,2018-05-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]","[['Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Religious', '']]",['SB315'],['United States'],['Non-state-group'],['Hacktivist(s)'],1,,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attacker confirms,,,,SB315,United States,Non-state-group,Hacktivist(s),[],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.csoonline.com/article/3269535/hackers-protest-georgias-sb-315-anti-hacking-bill-by-allegedly-hacking-georgia-sites.html']
1124,Turkish hackers attack Honda Greece,Turkish hackers from Akincilar launch a new cyberattack against Honda Greece. The automaker’s website in Greece is infiltrated with a message condemning the country for “partnering” with terrorists.,2018-05-07,2018-05-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Greece'],"[['EUROPE', 'NATO', 'EU', 'BALKANS']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Akincilar'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Akincilar,Turkey,Non-state-group,Hacktivist(s),[],Territory; Resources; Other,Territory; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://greece.greekreporter.com/2018/05/07/turkish-hackers-launch-cyber-attack-on-honda-greece/']
1125,Anonymous defaces website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo),"The hacker group Anonymous defaced several subdomains of the official website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo) against the ongoing censorship in the country, especially the recent ban on Telegram.",2018-05-10,2018-05-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.hackread.com/anonymous-hacks-russian-govt-website-against-censorship/']
1126,Attack on Russian Central Election Commission,"The Russian Central Election Commission was hit by a DDoS attack ""from 15 different countries"".",2018-05-13,2018-05-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Election infrastructure / related systems']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.rt.com/news/421622-russian-election-under-cyber-attack/']
1127,City of Atlanta hit by Sam Sam Ransomware,"IT systems used by the City of Atlanta, were hit by a Sam Sam ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk.",2018-05-22,2018-05-23,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.forbes.com/sites/leemathews/2018/03/23/city-of-atlanta-computers-hit-by-ransomware-attack/#55c0636c2ee4']
1128,Anonymous defaces screens at the Mashhad airport,Anonymous defaced the screens at the Mashhad airport in Iran to protest against the Government and the military’s activities in the Middle East.,2018-05-24,2018-05-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Telecommunications']],['Tapandegan (Palpitaters)\xa0'],"['Iran, Islamic Republic of']",['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Tapandegan (Palpitaters) ,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securityaffairs.co/wordpress/72969/hacktivism/mashhad-airport-defacement.html%20%C2%A0%20%C2%A0https://en.radiofarda.com/a/iran-hackers-post-protest-messages-mashad-airport/29250247.html']
1129,Chafer vs. Kuwait,The APT Chafer Attacked primarily Kuwaiti Networks between May 2018 and July 2019,2018-05-30,2019-07-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Kuwait', 'Saudi Arabia']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Transportation'], ['Government / ministries', 'Transportation']]",['APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company)'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://download.bitdefender.com/resources/files/News/CaseStudies/study/332/Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive.pdf', 'https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html']"
1130,Bithumb Hack,South Korean cryptocurrency exchange Bithumb says that 35 billion won ($31.5 million) worth of virtual coins have been stolen by the NorthKorean APT Lazarus.,2018-06-01,2018-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Critical infrastructure']],[['Finance']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://btcmanager.com/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/?q=/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://theblockchainland.com/2018/06/28/a-cybercrime-group-lazarus-is-likely-behind-the-30mln-bithumb-hack/', 'https://thenextweb.com/hardfork/2018/10/19/cryptocurrency-attack-report/', 'https://btcmanager.com/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/?q=/571-million-in-damages-north-korean-hacking-group-lazarus-behind-high-profile-cryptocurrency-hacks/']"
1131,Andariel Group attacks website of South Korean non-profit organisation,Researchers from Trend Micro discover a new campaign from the Andariel Group carried out via the injection of a malicious script into four compromised South Korean websites for reconnaissance purposes.,2018-06-01,2018-06-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Other']]","[['Civil service / administration', '']]","['Andariel/Silent Chollima/G0138 <\xa0Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)', 'Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Andariel/Silent Chollima/G0138 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],System / ideology; International power; Secession,System/ideology; International power; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://blog.trendmicro.com/trendlabs-security-intelligence/new-andariel-reconnaissance-tactics-hint-at-next-targets/']
1132,Reaper drone dataleak,A criminal hacker managed to access secure data files of the US military via an unpatched network gap,2018-06-01,2018-07-03,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],,['Unknown'],['Individual hacker(s)'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Individual hacker(s),,['https://www.recordedfuture.com/reaper-drone-documents-leaked/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.heise.de/newsticker/meldung/Darknet-Hacker-bietet-sensible-Infos-ueber-US-Militaerdrohne-ab-150-US-Dollar-an-4108450.html', 'https://www.recordedfuture.com/reaper-drone-documents-leaked/']"
1133,Operation Shadow Hammer,Barium inserted backdoors into automatic updates for ASUS lAPT ops. The vulnerability was active for about 5 Months.,2018-06-01,2018-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Global (region)'],,"[['End user(s) / specially protected groups', 'Other']]",,"['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044', 'Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\xa0Winnti Umbrella/G0044\xa0']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2019-01-01; 2019-01-01,Statement in media report and political statement/technical report; Statement in media report and political statement/technical report,IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044; Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) < Winnti Umbrella/G0044 ",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://securelist.com/operation-shadowhammer/89992/'],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://threatpost.com/asus-pc-backdoors-shadowhammer/143129/', 'https://securelist.com/operation-shadowhammer/89992/', 'https://www.bleepingcomputer.com/news/security/hackers-abuse-google-command-and-control-red-team-tool-in-attacks/']"
1134,APT38 attacks Chilean Central Bank,"Shares in the Bank of Chile (the country's central bank) have fallen after it confirmed that hackers diverted $10 million of its funds, mainly to Hong Kong. However, according to the bank, no customer accounts were affected but 9,000 workstations and 500 servers. Apparently, a wiper malware was used to reveal the true purpose of the attack (compromising endpoints that process transactions over the SWIFT network).",2018-06-11,2018-06-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,[['Central Bank (Chile) ']],['Chile'],[['SOUTHAM']],"[['State institutions / political system', 'Critical infrastructure']]","[['Other (e.g., embassies)', 'Finance']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://content.fireeye.com/apt/rpt-apt38'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://threatpost.com/banco-de-chile-wiper-attack-just-a-cover-for-10m-swift-heist/132796/', 'https://content.fireeye.com/apt/rpt-apt38']"
1135,DDoS-attack on the website of the Mexican National Action Party,"The website of the Mexican National Action Party is hit by a cyberattack during the final television debate between presidential candidates ahead of the July 1 vote, after the site had published documents critical of the leading candidate.",2018-06-12,2018-06-12,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,['Mexico'],,"[['State institutions / political system', 'State institutions / political system']]","[['Political parties', 'Election infrastructure / related systems']]",,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/uk-mexico-election-cyber/cyber-attack-on-mexico-campaign-site-triggers-election-nerves-idUKKBN1J93C0']
1136,Andariel (Subgroup of Lazarus) attacks South Korean think tank,"According to researchers at AlienVault, North Korea-linked hackers planted an ActiveX zero-day vulnerability on the website of a South Korean think tank focused on national security.",2018-06-12,2018-06-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Science']],,"['Andariel/Silent Chollima/G0138 <\xa0Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Andariel/Silent Chollima/G0138 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://cybersecurity.att.com/blogs/labs-research/more-details-on-an-activex-vulnerability-recently-used-to-target-users-in-south-korea'],System / ideology; International power; Secession,System/ideology; International power; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/73456/apt/lazarus-apt-activex-attacks.html', 'https://cybersecurity.att.com/blogs/labs-research/more-details-on-an-activex-vulnerability-recently-used-to-target-users-in-south-korea']"
1084,Saudi-Arabia hacks the phones of its critics,"Omar Abdulaziz is a Canadian permanent resident and vocal critic of the Saudi government. The Saudi Arabian state used the pegasus spyware to gain access to Abdulaziz's phone. Once a phone is infected, the customer has full access to a victim’s personalfiles, such as chats, emails, and photos.They can even surreptitiously use the phone’s microphones and cameras to view and eavesdrop on their targets. The hack was allegedly used to even spy on Jamal Khashoggi in the months before his murder. Ghanem al-Masarir and Yahya Assiri, two Saudi Arabian human rights activists living in exile, were even targeted by the spyware.",2018-06-01,2018-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,"['Canada', 'United Kingdom']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Social groups', 'Social groups'], ['Social groups', 'Social groups']]","[['Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats'], ['Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats']]",['KINGDOM'],['Saudi Arabia'],['State'],,2,2018-01-01; 2018-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Attribution by third-party,,,,KINGDOM; KINGDOM,Saudi Arabia; Saudi Arabia,State; State,,['https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://citizenlab.ca/2018/10/the-kingdom-came-to-canada-how-saudi-linked-digital-espionage-reached-canadian-soil/', 'https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html']"
1138,"DarkHydrus , July 2018","In July 2018, Unit 42 analyzed a targeted attack using a novelfile type against at least one government agency in the Middle East. It was carried out by a previously unpublished threat group they trackas DarkHydrus.",2018-07-01,2018-07-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Middle East (region)'],,[['State institutions / political system']],[['Government / ministries']],['DarkHydrus/LazyMeerkat'],['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DarkHydrus/LazyMeerkat,Unknown,Unknown - not attributed,,['https://unit42.paloaltonetworks.com/threat-brief-iranian-linked-cyber-operations/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://unit42.paloaltonetworks.com/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/', 'https://unit42.paloaltonetworks.com/threat-brief-iranian-linked-cyber-operations/']"
1139,Hamas (probably) hacks mobilephones of isralian soldiers,100 Isralian soldiers became victims to different apps of the google playstore. The apps which seemed to be completely normal were infected by malware spying on all activities on the soldiers smartphones. The Reuter Agency asserted that the terror organisation Hamas started the attack.,2018-07-01,2018-07-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Military']],['Hamas'],['Palestine'],['Non-state-group'],['Terrorist(s)'],1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker,,,,Hamas,Palestine,Non-state-group,Terrorist(s),['https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX'],Resources; Secession,Resources; Secession,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.heise.de/newsticker/meldung/Israelische-Soldaten-ueber-WM-Apps-aus-dem-Play-Store-gehackt-4100548.html', 'https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX']"
1140,Ehud Barak Hack,The cellphone of Ehud Barak was hacked-apparently without negligence on the part of the former israelian prime minister,2018-07-01,2018-01-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Political parties']],,['Unknown'],['Unknown - not attributed'],,1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,Unknown,Unknown - not attributed,,['https://cyware.com/news/attackers-hacked-israeli-officials-devices-stolen-information-sold-to-iran-e5faac0d'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.timesofisrael.com/report-baraks-phone-breached-info-apparently-sold-to-iran-by-foreign-hackers/', 'https://cyware.com/news/attackers-hacked-israeli-officials-devices-stolen-information-sold-to-iran-e5faac0d']"
1141,Chinese hackers defaced the official website of the Taiwanese DDP,"The Democratic Progressive Party's (DPP) official website is defaced by Chinese hackers and the website is replaced with pictures and words reading ""Chinese netizens are supporting TsaiIng-went or un for re-election"" in simplified Chinese characters.",2018-07-03,2018-07-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Taiwan'],"[['ASIA', 'SCS']]",[['State institutions / political system']],[['Political parties']],,['China'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,China,Non-state-group,Hacktivist(s),[],System / ideology; Secession,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.taiwannews.com.tw/en/news/3473203']
1142,"Operation ""RomanHoliday""","Security researchers from the Z-LabatCSE Cybersec reveal the details of Operation""Roman Holiday""an operation carried on by APT28 (AKA Fancy Bear)and targeting the Italian Military.",2018-07-12,2018-07-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Military']],"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,['https://vx-underground.org/archive/APTs/2018/2018.07.13/Operation%20Roman%20Holiday.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theregister.co.uk/2018/07/16/apt28_italian_job/', 'https://vx-underground.org/archive/APTs/2018/2018.07.13/Operation%20Roman%20Holiday.pdf']"
1137,TEMP. Periscope aka APT 40 aka Leviathan targeted UK-based engineering company,"Researchers from RecordedFuture rereveal the details of a spearphishing campaign carried out by the Chinese TEMP.Periscope group against a UK-based engineering company, leveraging Russian APT  Techniques. The Group is normally tied to the Chinese state, by Fireeye and IntrusionTruth.",2018-07-01,2018-07-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company)']",['China'],"['Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Attribution by third-party,,,,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company); APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.fireeye.com/blog/threat-research/2019/03/APT 40-examining-a-china-nexus-espionage-actor.html', 'https://intrusiontruth.wordpress.com/2020/01/16/APT 40-is-run-by-the-hainan-department-of-the-chinese-ministry-of-state-security/#more-587']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.recordedfuture.com/chinese-threat-actor-tempperiscope/', 'https://www.fireeye.com/blog/threat-research/2019/03/APT 40-examining-a-china-nexus-espionage-actor.html', 'https://intrusiontruth.wordpress.com/2020/01/16/APT 40-is-run-by-the-hainan-department-of-the-chinese-ministry-of-state-security/#more-587']"
1144,Cosmos Bank Hack,State-sponsored PRK hackers stole US$13.5 million from India's Cosmos Bank. ,2018-08-10,2018-08-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['Critical infrastructure']],[['Finance']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,2,2018-01-01; 2018-01-01,"Statement in media report and political statement/technical report; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://us-cert.cisa.gov/ncas/alerts/TA18-275A', 'https://www.securonix.com/securonix-threat-research-cosmos-bank-swift-atm-us13-5-million-cyber-attack-detection-using-security-analytics/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.tatacommunications.com/blog/2018/09/stay-secure-stay-safe-lessons-from-the-cosmos-bank-attack/', 'https://www.forbes.com/sites/leemathews/2019/03/11/north-korean-hackers-have-raked-in-670-million-via-cyberattacks/#39a86b2c7018', 'https://us-cert.cisa.gov/ncas/alerts/TA18-275A', 'https://www.securonix.com/securonix-threat-research-cosmos-bank-swift-atm-us13-5-million-cyber-attack-detection-using-security-analytics/']"
1145,Anonymous Catalonia takes down the website of the Bank of Spain,"The hacktivists of Anonymous Catalonia claims to have taken down the website of the Banco de España (the Spanish central bank) through a targeted DDoS attack.
It is part of #OpCatalonia, a protest against the arrest of leading Catalan politicians in connection with the region's fight for independence last year.",2018-08-26,2018-08-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,[['Central Bank (Spain)']],['Spain'],"[['EUROPE', 'NATO', 'EU']]","[['State institutions / political system', 'Critical infrastructure']]","[['Other (e.g., embassies)', 'Finance']]",['Anonymous'],['Spain'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous,Spain,Non-state-group,Hacktivist(s),[],System / ideology; Autonomy; Secession,Autonomy; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.bleepingcomputer.com/news/security/anonymous-catalonia-claims-ddos-attack-on-bank-of-spain-website/']
1146,Iranian APT Chafer focuses on diplomatic entities in the Middle East,Throughout the autumn of 2018 Kaspersky analyzed a long-standing cyber-espionage campaign that was primarily targeting foreign diplomatic entities based in Iran. The attackers were using an improved version of Remexi in what the victimology suggests might be a domestic cyber-espionage operation. This malware has previously been associated with an Iranian APT actor that is widely called Chafer.,2018-09-01,2019-01-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Middle East (region)'],,[['State institutions / political system']],[['Government / ministries']],['APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company)'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/chafer-used-remexi-malware/89538/', 'https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html']"
1147,Seedworm,"The iranian actor Seedworm hacked various firms, primarily related to telecommunication with the goal of datatheft. The exact origin of this group remains unknown",2018-09-01,2018-11-30,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Pakistan', 'Turkey', 'Russia', 'Saudi Arabia']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'NATO', 'MEA'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Telecommunications', ''], ['Government / ministries', 'Telecommunications', ''], ['Government / ministries', 'Telecommunications', ''], ['Government / ministries', 'Telecommunications', '']]",['MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://symantec-blogs.broadcom.com/blogs/threat-intelligence/seedworm-espionage-group', 'https://www.darkreading.com/threat-intelligence/highly-active-seedworm-group-hits-it-services-governments/d/d-id/1333451']"
1148,US State Department breached by unknown hacker(s),"The State Department suffers a breach of its unclassified emailsystem, and the compromise exposes the personal information of a small number of employees.",2018-09-07,2018-09-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.politico.com/story/2018/09/17/state-department-email-personal-information-792665', 'https://www.jpost.com/international/article-735585']"
1149,Turkish hacking group attacked Egypt's state-run newsagency,A Turkish hacking group have taken over the website of Egypt's state-run newsagency to condemn deathsentences against leaders of the blacklisted Muslim Brotherhood movement.,2018-09-11,2018-09-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Egypt'],"[['MENA', 'MEA', 'AFRICA', 'NAF']]",[['Media']],,"['Akincilar', 'Muslim Brotherhood']","['Turkey', 'Turkey']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",2,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Receiver attributes attacker; Attacker confirms; Attacker confirms,,,,Akincilar; Muslim Brotherhood; Akincilar; Muslim Brotherhood,Turkey; Turkey; Turkey; Turkey,Non-state-group; Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s),[],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.alaraby.co.uk/english/news/2018/9/11/suspected-turkish-hackers-take-over-egypt-state-media-website']
1150,DDoS-attack on Bryan Caforrio's website,A DDoS attack takes down California Democratic Bryan Caforio’s website just hours before he steps onto the debate stage to face fellow Democrats.,2018-09-21,2018-09-21,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Political parties', 'Election infrastructure / related systems']]",,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.scmagazine.com/home/security-news/ddos-attacks-took-down-calif-democratic-hopefuls-website-during-primaries/']
1151,Hack of Facebook,An unknown hackergroup attacked Facebook and stole data of 50 Million of its users. The attackers gained access by using three different weaknesses of the company`s system.,2018-09-27,2018-09-27,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,,['Unknown'],['Unknown - not attributed'],,1,2018-01-01 00:00:00,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html', 'https://www.heise.de/newsticker/meldung/DSGVO-Facebook-droht-nach-massivem-Hack-Milliardenstrafe-4179341.html']"
1152,"Fancy Bear attacks European and US targets (""Cannon""Malware)","Researchers from PaloAlto Networks reveal the details of a new campaign carried out by the infamous APT28, AKA Fancy Bear, AKA Sofacy, via the Cannon malware.",2018-10-01,2018-11-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Europe (region)']","[['NATO', 'NORTHAM'], []]","[['State institutions / political system'], ['State institutions / political system']]",,"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Unknown'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Unknown; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ",['https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/'],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/russian-hackers-are-trying-out-new-malware-against-us-and-european-targets/', 'https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/']"
1153,Watering Hole Attacks - OceanLotus,Researchers from ESET discover a new watering hole campaign targeting 21 distinct websites in Southeast Asia carried out by OceanLotus.,2018-10-01,2018-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking with Misuse,,"['Vietnam', 'Cambodia']","[['ASIA', 'SCS', 'SEA'], ['ASIA', 'SEA']]","[['State institutions / political system', 'End user(s) / specially protected groups', 'Media'], ['State institutions / political system', 'End user(s) / specially protected groups', 'Media']]","[['Government / ministries', '', ''], ['Government / ministries', '', '']]",['APT32/Ocean Lotus/Sea Lotus'],['Unknown'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT32/Ocean Lotus/Sea Lotus,Unknown,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.welivesecurity.com/2018/11/20/oceanlotus-new-watering-hole-attack-southeast-asia/%C2%A0']
1154,Cyberattack on the Pentagon,"Roughly 30,000 DOD military and civilian personnel are believed to be affected by a cyberattack. A third-party contractor is compromised, granting the attackers access to the Pentagon network to steal travel data for DOD personnel.",2018-10-04,2018-10-04,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.boston.com/news/politics/2018/10/12/pentagon-reveals-cyber-breach-of-travel-records']
1155,Rep. PeterKing Website Defacement,The website of Peter King was hacked and defaced by Turkish Hacktivists,2018-10-05,2018-10-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Legislative']],['Ayyıldız Tim Cyber Army'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Ayyıldız Tim Cyber Army,Turkey,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.washingtontimes.com/news/2018/oct/9/rep-peter-kings-congressional-campaign-site-hacked/']
1156,Defacement of the website of the Bhartiya Janata Party’s Goawing,"The website of the Bhartiya Janata Party’s Goawing was defaced on Monday, 15 October during the day.",2018-10-15,2018-10-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Political parties']],['Team PCE'],['Pakistan'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team PCE,Pakistan,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.thequint.com/news/india/bjp-goa-website-hacked']
1157,"DDoS-attack on""Davos in theDesert""","The website of the Saudi Arabian investment conference, referred to as“Davos in the Desert”, is defaced with anti-Saudi messages, to protest against the death of journalist Jamal Khashoggi.",2018-10-22,2018-10-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Saudi Arabia'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['State institutions / political system']],,,['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.scmagazine.com/home/security-news/saudi-investment-conference-website-hacked-defaced/']
1158,Carbanak  vs. Ukraine during Kerch Crisis,Russian state-sponsored actors phished access to various ukrainian and eastern European government institutions,2018-10-25,2018-11-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Ukraine', 'Eastern Europe']","[['EUROPE', 'EASTEU'], []]","[['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military'], ['Government / ministries', 'Military']]",['Carbanak/Anunak'],['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Carbanak/Anunak,Russia,"Non-state actor, state-affiliation suggested",,[],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
1159,Anonymous took down several Gabon websites,The hacktivist group Anonymous takes down 70 Gabon government websites as part of its “anti-dictatorships” campaign.,2018-10-27,2018-10-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Gabon'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),['https://www.news24.com/news24/Africa/News/gabon-official-websites-hacked-anonymous-group-20181029'],System / ideology; National power,National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.scmagazine.com/home/security-news/anonymous-knocks-out-gabon-government-sites-with-dos-attack/', 'https://www.news24.com/news24/Africa/News/gabon-official-websites-hacked-anonymous-group-20181029']"
1160,Anonymous Italy hacks several universities,"In name of #AntiSecITA, hackers from the Anonymous collective`s wing in Italy hacked several university sites.",2018-10-30,2018-01-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['Science']],,['Anonymous Italy'],['Italy'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous Italy,Italy,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.binarydefense.com/threat_watch/anonymous-targeting-italian-universities/']
1161,MuddyWater vs. Turkey (2018),"Security researchers at Trend Micro discover a PowerShell-based backdoor, active in Turkey, which resembles a malware used by Muddy Water threat actor.",2018-11-01,2018-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Turkey', 'Oman', 'Lebanon']","[['ASIA', 'NATO', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries']]",['MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069'],"['Iran, Islamic Republic of']",['Unknown - not attributed'],,2,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; Media-based attribution,,,,MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069; MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069,"Iran, Islamic Republic of; Iran, Islamic Republic of","Unknown - not attributed; Non-state actor, state-affiliation suggested","; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://yoroi.company/research/dissecting-the-muddywater-infection-chain/\xa0\xa0https://www.cyberscoop.com/muddywaters-trend-micro-middle-east/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/78586/apt/muddywater-powershell-backdoor.html', 'https://yoroi.company/research/dissecting-the-muddywater-infection-chain/\xa0\xa0https://www.cyberscoop.com/muddywaters-trend-micro-middle-east/']"
1162,US Attack on Internet Reseach Internet Agency,"The US Cyber command managed to shut down the infamous Russian influence agency ""Internet research Agency""",2018-11-01,2018-11-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['US CYCOM'],['United States'],['State'],,1,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,US CYCOM,United States,State,,[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html']
1163,APT29s first attack after one year of silence - 2018,Multiple security companies including Crowdstrike and FireEye reveal a new spear phishing campaign carried out by APT29 (after one year of silence) targeting multiple sectors in the U.S.,2018-11-14,2018-11-14,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Transportation', '', '', '', 'Health', 'Defence industry']]",['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)'],['Russia'],['State'],,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,State,,['https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/russian-apt-comes-back-to-life-with-new-us-spear-phishing-campaign/', 'https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html']"
1164,The Digital Revolution group hacks the Kvant Scientific Research Institute,"The Russian Digital Revolution group claims to have hacked the servers of Moscow-based Kvant Scientific Research Institute, and gathered evidence of a neural networks tool used to analyze activities on social networks.",2018-11-30,2018-12-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'Science']]","[['Intelligence agencies', '']]",['The Digital Revolution'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,The Digital Revolution,Russia,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://openmedia.io/news/xakery-vzlomali-servera-nii-kvant-on-prinadlezhit-fsb/', 'https://globalvoices.org/2018/12/22/report-says-hackers-detected-online-protest-sniffing-software-in-kazakhstan/', 'https://www.d1g1r3v.net/']"
1165,2018 Citrix Hack by APT Iridium,"The servers of the remote access tool Citrix were hacked, and important data (highly likely passwords) were stolen. The perpetrator is at this point still unclear, but might have been an Iranian state hacker group.",2018-12-01,2019-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Defence industry']],"['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']","['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,2,2019-01-01; 2019-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)","Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.nbcnews.com/politics/national-security/iranian-backed-hackers-stole-data-major-u-s-government-contractor-n980986'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.forbes.com/sites/kateoflahertyuk/2019/03/10/citrix-data-breach-heres-what-to-do-next/#65aeed341476', 'https://www.forbes.com/sites/kateoflahertyuk/2019/03/15/who-is-resecurity-the-mysterious-firm-that-blamed-iran-for-the-citrix-hack/#40c7ff7280e9', 'https://www.nbcnews.com/politics/national-security/iranian-backed-hackers-stole-data-major-u-s-government-contractor-n980986']"
1166,Mikroceen,Mikroceen was used by a Chinese actor (likely ViciousPanda) against central asian government agencies,2018-12-01,2020-05-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Kazakhstan', 'Uzbekistan', 'Turkmenistan', 'Tajikistan', 'Kyrgyzstan']","[['ASIA', 'CSTO', 'SCO'], ['ASIA', 'CENTAS', 'CSTO', 'SCO'], ['ASIA'], ['ASIA', 'CENTAS', 'CSTO', 'SCO'], ['ASIA', 'CENTAS', 'CSTO', 'SCS']]","[['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure']]",,['Vicious Panda'],"['China', 'Czech Republic']",['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Vicious Panda; Vicious Panda,China; Czech Republic,Unknown - not attributed; Unknown - not attributed,,['https://decoded.avast.io/luigicamastra/APT -group-planted-backdoors-targeting-high-profile-networks-in-central-asia/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia/', 'https://decoded.avast.io/luigicamastra/APT -group-planted-backdoors-targeting-high-profile-networks-in-central-asia/']"
1167,Fancy Bear vs. US Energy Sector,"Fancy Bear started a long term espionage campaign against the US energy sector and political targets, accessing data and secure networks",2018-12-01,2020-05-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Energy']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],['State'],,3,2020-01-01; 2020-01-01; 2020-01-01,"Political statement / report (e.g., on government / state agency websites); Media report (e.g., Reuters makes an attribution statement, without naming further sources); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Media-based attribution; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia; Russia,"State; State; Non-state actor, state-affiliation suggested",,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.wired.com/story/russia-fancy-bear-us-hacking-campaign-government-energy/']
1168,Shamoon 3.0,"Oil companies in Europe and the Gulfare hit by a new version of the Shamoon malware. The attacks started in India and hit the servers in Saudi Arabia, the United Arab Emirates and Kuwait. Fingers are pointed to Iran.",2018-12-10,2018-12-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Disruption; Hijacking with Misuse,,"['Europe (region)', 'Middle East (region)', 'Italy']","[[], [], ['EUROPE', 'NATO', 'EU']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Energy', ''], ['Energy', ''], ['Energy', '']]",['APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2018-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html', 'https://gulfnews.com/technology/companies/iran-hackers-behind-attacks-on-oil-and-gas-companies-in-gulf-and-europe-1.61007070', 'https://www.zdnet.com/article/shamoon-malware-destroys-data-at-italian-oil-and-gas-company/', 'https://www.zdnet.com/article/shamoons-data-wiping-malware-believed-to-be-the-work-of-iranian-hackers/', 'https://cyberscoop.com/pro-iranian-abraham-ax-saudi-israel-moses-staff/', 'https://twitter.com/780thC/status/1618571785276100609']"
1169,Charming Kitten vs. US and Arab Officials,Hackers believed to be associated with Charming Kitten (Iran-based APT) has ramped up their activities with a phishing campaign against American officials charged with enforcing economic sanctions imposed on Iran by President Trump.,2018-12-13,2018-12-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Other']]","[['Government / ministries', '']]","['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059', 'Islamic Revolutionary Guard Corps (IRGC)']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2018-01-01; 2018-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059; Islamic Revolutionary Guard Corps (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://blog.certfa.com/posts/the-return-of-the-charming-kitten/'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.scmagazine.com/home/security-news/charming-kitty-targets-u-s-arab-officials-in-wake-of-iran-sanctions/', 'https://blog.certfa.com/posts/the-return-of-the-charming-kitten/']"
1170,Chinese PLA attacks EU - organisations,"A report by Area 1 Security reveals that a successful phishing attack on the Ministry of Foreign Affairs of Cyprus, an EU member nation, compromised the diplomatic communication network for the European Union (COREU).",2018-12-19,2018-12-19,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,,"['EU (region)', 'Cyprus']","[['EU'], ['EUROPE', 'EU', 'MEA']]","[['State institutions / political system', 'International / supranational organization'], ['State institutions / political system', 'International / supranational organization']]","[['Government / ministries', ''], ['Government / ministries', '']]",['PLA'],['China'],['State'],,1,2018-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,PLA,China,State,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.prnewswire.com/news-releases/area-1-security-uncovers-cybersecurity-breach-of-european-diplomatic-network-initiated-by-chinese-government-300768487.html']
1143,Tinder profile of RAF airwoman got hacked,An RAF airwoman hasher Tinder profile hacked.The attackers use the hacked profile to steal secrets of Britain’s new F-35 Lightning II stealthfighter.,2018-08-04,2018-08-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Military']],,"['China', 'Russia']","['Non-state actor, state-affiliation suggested']",,1,2018-01-01; 2018-01-01,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution; Media-based attribution,,,,,China; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.dailymail.co.uk/news/article-6027207/Honeytrap-spy-stole-secrets-new-RAF-stealth-jet-hacking-Tinder-profile.html']
1172,Philippine media under DDoS-attack,"The news sites of Bulatlat, Kodao and Pinoy Weekly are taken down by a DDoS attack, after stories on the Communist Party of the Philippines’ 50th anniversary were posted.",2018-12-26,2018-12-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Disruption,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]",[['Media']],,,['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,,Media-based attribution,,,,,Unknown,Non-state-group,Hacktivist(s),[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.philstar.com/headlines/2018/12/28/1880570/altermidya-slams-cyberattacks-vs-members-sites']
1173,Italian Trade Union of State Police Officers Hacked & Defaced by The Anonymous Anarchist Agency,"Hackers from the Anonymous collective release the contact information of over 200 Italian police officers, including their full names and personal emailaddresses. Hackers also post the user loginname and password of 26 website administrators.",2018-12-30,2018-12-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Police']],['Anonymous Anarchist Agency'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Anonymous Anarchist Agency,Unknown,Non-state-group,Hacktivist(s),['https://web.archive.org/web/20190104233230/https://www.cyberguerrilla.org/blog/black-december-italian-trade-union-of-state-police-workers-hacked/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.databreaches.net/italian-trade-union-of-state-police-officers-hacked-defaced-by-the-anonymous-anarchist-agency/', 'https://web.archive.org/web/20190104233230/https://www.cyberguerrilla.org/blog/black-december-italian-trade-union-of-state-police-workers-hacked/']"
1174,NSO-campaign focusing on Amnesty International in Saudi-Arabia,"In June 2018, an Amnesty International staff member received a malicious WhatsApp message with Saudi Arabia-related bait content and carrying links Amnesty International believes are used to distribute and deploy sophisticated mobile spyware.",2018-06-01,2018-07-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,['Unknown'],,[['Social groups']],[['Other social groups']],['KINGDOM'],['Saudi Arabia'],['State'],,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,KINGDOM,Saudi Arabia,State,,['https://citizenlab.ca/2018/10/the-kingdom-came-to-canada-how-saudi-linked-digital-espionage-reached-canadian-soil/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://citizenlab.ca/2018/10/the-kingdom-came-to-canada-how-saudi-linked-digital-espionage-reached-canadian-soil/', 'https://www.amnesty.org/en/latest/research/2018/08/amnesty-international-among-targets-of-nso-powered-campaign/']"
1175,Greek & Turkish hackers target each other’s mediaoutlets,"As a retaliation for the attacks of the Turkish collective Akincilar, Greekhackers from Anonymous paralyze the 24TV Livewebsite for several hours. They also claim to have hacked 12,987 routers of TurkTelekom.",2018-05-01,2018-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]","[['Critical infrastructure', 'Media', 'Other']]","[['Telecommunications', '', '']]",['Anonymous Greece'],['Greece'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous Greece,Greece,Non-state-group,Hacktivist(s),[],Territory; Resources; Other,Territory; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,[]
1176,Chinese Ministry of State Security campaign,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2018-01-01,2020-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['United States', 'Belgium']","[['NATO', 'NORTHAM'], ['EUROPE', 'EU', 'NATO', 'WESTEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,"['Li Xiaoyu/Oro01xy', 'MSS']","['China', 'China']","['State', 'State']",,1,2020-01-01; 2020-01-01,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Li Xiaoyu/Oro01xy; MSS,China; China,State; State,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a']
1177,Breach and data theft from South Korea's Defense Ministry,Hackers breach 30 computers of South Koreas Defense Ministry and steal data from 10 of them.,2018-10-04,2019-01-16,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Military']],,['Unknown'],['Unknown - not attributed'],,1,,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/hackers-breach-and-steal-data-from-south-koreas-defense-ministry/', 'https://securityaffairs.co/wordpress/79993/cyber-warfare-2/south-korea-defense-hack.html']"
1178,Turkish DNS hack,Alleged state-sponsored turkish hackers breached into computer systems of at least 30 organizations across Europe and the Middle East in an extensive DNS hack campaign.,2018-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,,"['Cyprus', 'Greece', 'Iraq', 'Albania', 'Turkey']","[['EUROPE', 'EU', 'MEA'], ['EUROPE', 'NATO', 'EU', 'BALKANS'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'BALKANS', 'NATO', 'WBALKANS'], ['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Civil service / administration', 'Intelligence agencies', 'Religious', ''], ['Government / ministries', 'Civil service / administration', 'Intelligence agencies', 'Religious', ''], ['Government / ministries', 'Civil service / administration', 'Intelligence agencies', 'Religious', ''], ['Government / ministries', 'Civil service / administration', 'Intelligence agencies', 'Religious', ''], ['Government / ministries', 'Civil service / administration', 'Intelligence agencies', 'Religious', '']]",,['Turkey'],"['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party,,,,,Turkey,"Non-state actor, state-affiliation suggested",,[],National power; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-cyber-attack-hijack-exclusive/exclusive-hackers-acting-in-turkeys-interests-believed-to-be-behind-recent-cyberattacks-sources-idUSKBN1ZQ10X']
1179,Operation Skeleton Key,"China-based hacking group ""Chimera"" compromised the networks systems of seven semiconductor companies in Taiwan.",2018-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Taiwan'],"[['ASIA', 'SCS']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Chimera', 'Winnti Umbrella/G0044 (MSS, Xicheng District, Beijing)']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2020-01-01; 2020-01-01,Statement in media report and political statement/technical report; Statement in media report and political statement/technical report,IT-security community attributes attacker; IT-security community attributes attacker,,,,"Chimera; Winnti Umbrella/G0044 (MSS, Xicheng District, Beijing)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://cycraft.com/download/%5BTLP-White%5D20200415%20Chimera_V4.1.pdf'],International power,System/ideology; Secession,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/', 'https://cycraft.com/download/%5BTLP-White%5D20200415%20Chimera_V4.1.pdf']"
1180,Stealth Mango,"Lookout Security Intelligence discovered an espionage campaign of a Pakistani hacking group, probably members of the military, on government officials and civilians in Pakistan, Afghanistan, India, Iraq, Iran, and the United Arab Emirates.",2018-01-01,2018-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Pakistan', 'Afghanistan', 'India', 'Iraq', 'Iran, Islamic Republic of', 'United Arab Emirates']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'End user(s) / specially protected groups', 'State institutions / political system'], ['State institutions / political system', 'End user(s) / specially protected groups', 'State institutions / political system'], ['State institutions / political system', 'End user(s) / specially protected groups', 'State institutions / political system'], ['State institutions / political system', 'End user(s) / specially protected groups', 'State institutions / political system'], ['State institutions / political system', 'End user(s) / specially protected groups', 'State institutions / political system'], ['State institutions / political system', 'End user(s) / specially protected groups', 'State institutions / political system']]","[['Government / ministries', '', 'Military'], ['Government / ministries', '', 'Military'], ['Government / ministries', '', 'Military'], ['Government / ministries', '', 'Military'], ['Government / ministries', '', 'Military'], ['Government / ministries', '', 'Military']]",['APT36/Transparent Tribe/Mythic Leopard/C-Major'],['Pakistan'],['State'],,1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Lookout,,United States,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,State,,['https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,['https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf']
1181,BITTER ArtraDownloader,The hacking group BITTER gained access into governemental and commercial entities in Pakistan and Saudi Arabia.,2018-09-01,2019-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Pakistan', 'Saudi Arabia']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Energy', ''], ['Government / ministries', 'Energy', '']]",['BITTER'],"['India', 'South Asia (region)']",['Unknown - not attributed'],,1,,"Attribution given, type unclear; Attribution given, type unclear",Media-based attribution; Media-based attribution,,,,BITTER; BITTER,India; South Asia (region),Unknown - not attributed; Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://unit42.paloaltonetworks.com/multiple-artradownloader-variants-used-by-bitter-to-target-pakistan/']
1182,Ocean Lotus Espionage,"The state-sponsored Vietnamese hacking group ""OceanLotus"" conducted an espionage campaign on the vietnamese activist Bui Thanh Hieu in Germany, the organization Vietnamese Overseas Intitative for Conscience Empowerment (VOICE) in the Phillipines and an unnamed activist in Vietnam.",2018-02-01,2020-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Vietnam'],"[['ASIA', 'SCS', 'SEA']]",[['Social groups']],[['Advocacy / activists (e.g. human rights organizations)']],"['Ocean Lotus/APT 32/Cobalt Kitty', 'CyberOne Group']","['Vietnam', 'Vietnam']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,,,Ocean Lotus/APT 32/Cobalt Kitty; CyberOne Group,Vietnam; Vietnam,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.amnesty.org/en/latest/research/2021/02/click-and-bait-vietnamese-human-rights-defenders-targeted-with-spyware-attacks/'],System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.amnesty.org/en/latest/news/2021/02/viet-nam-hacking-group-targets-activist/', 'https://www.heise.de/news/Ocean-Lotus-Cyberangriffe-auf-Aktivisten-aus-Vietnam-in-Deutschland-5063674.html', 'https://www.amnesty.org/en/latest/research/2021/02/click-and-bait-vietnamese-human-rights-defenders-targeted-with-spyware-attacks/']"
1183,North African Fox Espionage campaign,"The algerian hacking group ""North African Fox"" targets military entities in Arab countries.",2018-10-01,2020-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Jordan', 'Algeria']","[['ASIA', 'MENA', 'MEA'], ['AFRICA', 'NAF', 'MENA']]","[['State institutions / political system', 'End user(s) / specially protected groups'], ['State institutions / political system', 'End user(s) / specially protected groups']]","[['Military', ''], ['Military', '']]",['APT-C-44/North African Fox'],['Algeria'],['State'],,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT-C-44/North African Fox,Algeria,State,,"['https://blogs.360.cn/post/APT-C-44.html', 'https://twitter.com/campuscodi/status/1324562652815790083']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://blogs.360.cn/post/APT-C-44.html', 'https://twitter.com/campuscodi/status/1324562652815790083']"
1184,Rancor Phishing,The Chinese threatactor Rancor accessed cambodian government networks via an spearphishing campaign,2018-03-01,2018-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking with Misuse,,['Southeast Asia (region)'],,[['State institutions / political system']],[['Government / ministries']],['Rancor'],['China'],['Unknown - not attributed'],,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Rancor,China,Unknown - not attributed,,['https://research.checkpoint.com/2019/rancor-the-year-of-the-phish/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cyberscoop.com/rancor-group-check-point-phishing-emails/', 'https://research.checkpoint.com/2019/rancor-the-year-of-the-phish/']"
1185,"Pharmaceutical Company ""Bayer"" hack","Chinese state-sponsored hacker group ""Winnti"" breached into computer systems of German pharmaceutical company Bayer, according to the company no data was stolen.",2018-01-01,2019-03-31,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Hijacking without Misuse,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Critical infrastructure']],[['Health']],['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']",,2,2019-01-01; 2019-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker; IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044; APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://web.br.de/interaktiv/winnti/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://web.br.de/interaktiv/winnti/']
1186,FunnyDream,Chinese hacking group gained access into more than 200 network systems of government entities in Southeast Asia.,2018-11-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Southeast Asia (region)', 'Malaysia', 'Taiwan', 'Philippines', 'Vietnam']","[[], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries']]",['Funny Dream'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,Statement in media report and political statement/technical report,IT-security community attributes attacker,,,,Funny Dream,China,"Non-state actor, state-affiliation suggested",,['https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT .pdf'],International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/more-than-200-systems-infected-by-new-chinese-APT%20-funnydream/', 'https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT .pdf']"
1187,Chafer vs. Kuwait,Iran-linked hacking group APT39/Chafer targeted the computer systems of kuwaiti government and air transportation.,2018-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Kuwait'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Transportation']]",['APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company)'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company),"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.bitdefender.com/files/News/CaseStudies/study/332/Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/103556/apt/chafer-apt-kuwait-saudi-arabia.html', 'https://www.bitdefender.com/files/News/CaseStudies/study/332/Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive.pdf']"
1188,NavRAT,"North Korean state-sponsored hackers compromised the network systems of south Korean targets with a remote access trojan called ""NavRAT"" in order to steal information.",2018-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['End user(s) / specially protected groups']],,['APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2018-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://blog.talosintelligence.com/2018/05/navrat.html?m=1', 'https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html']",International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://blog.talosintelligence.com/2018/05/navrat.html?m=1', 'https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html']"
1189,Chilean Redbanc,"The North Korean state-sponsored hacking group ""Lazarus Group"" gained access to the network systems of the Chilean company Redbanc, which interconnects the ATM infrastructure of all Chilean banks.",2018-12-01,2018-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Chile'],[['SOUTHAM']],[['Critical infrastructure']],[['Finance']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/north-korean-hackers-infiltrate-chiles-atm-network-after-skype-job-interview/', 'https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/']"
1190,Dark Hotel exploitation,Korean hacking group Dark Hotel utilized an Internet Explorer vulnerability to target companies in South Korea and Japan.,2018-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Korea, Republic of', 'Japan']","[['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'NEA']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['DarkHotel'],"['Korea, Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DarkHotel,"Korea, Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://blog.confiant.com/internet-explorer-cve-2019-1367-in-the-wild-exploitation-prelude-ef546f19cd30'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://blog.confiant.com/internet-explorer-cve-2019-1367-in-the-wild-exploitation-prelude-ef546f19cd30']
1191,"Hacking-for-Hire group Bahamut aka ""The White Company"" continued its cyber-espionage campaigns against various targets in the Persian Gulf and South Asia in 2020","The hacking-for-hire group Bahamut aka ""The White Company"" is behind a variety of campaigns, including malicious applications, fake news and phishing campaigns in order to access network systems and steal data with targets in South Asia and the Persian Gulf, according to Blackberry in October 2020. In contrast to previous phishing campaigns, the group focused for South Asia only on individuals ""of greater importance in private industry"". For the Persian Gulf, the group still targeted actors involved/relevant for governance-related topics with phishing. Blackberry also assigned the following industry group designations directly to Bahamut, attributing them as one and the same hacking group: The White Company, Windshift, Kaspersky’s unnamed “InPage” threat actor and Urpage. 
(This incident refers to the section ""Present Day Targeting"" in Blackberry`s report). ",2020-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Sikhs for Justice (India)'], ['Not available'], ['Jamaat-ul-Islami'], ['Jaish-e-Mohammad']]","['Saudi Arabia', 'Qatar', 'Bahrain', 'Kuwait', 'United Arab Emirates', 'Not available', 'South Asia (region)', 'Pakistan', 'Pakistan']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC'], [], [], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Social groups', 'Social groups'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Social groups'], ['State institutions / political system']]","[['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Religious', 'Terrorist'], [''], ['Terrorist'], ['Political parties']]",['Bahamut/The White Company/Windshift'],['Unknown'],"['Non-state actor, state-affiliation suggested', 'Non-state-group']","['', 'Private technology companies / hacking for hire groups without state affiliation / research entities']",1,2020-10-07; 2020-10-07; 2020-10-07; 2020-10-07,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team,,United States; United States; United States; United States,Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift; Bahamut/The White Company/Windshift,Unknown; Unknown; Unknown; Unknown,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state-group; Non-state-group",; Private technology companies / hacking for hire groups without state affiliation / research entities; ; Private technology companies / hacking for hire groups without state affiliation / research entities,['https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Cyber espionage,,,,"['https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf', 'https://www.reuters.com/article/blackberry-cyber-mercenary-hackers-int/mercenary-hacker-group-runs-rampant-in-middle-east-cybersecurity-research-shows-idUSKBN26S1Y3']"
1192,SEA vs. Al Swarm,"Via watering hole techniques the SEA managed to disrupt the service of the IS news-website ""Al Swarm""",2018-09-01,2019-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['ISIS'],,[['Social groups']],[['Terrorist']],"['APT-C-37', 'Syrian Electronic Army']","['Syria', 'Syria']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2019-01-01; 2019-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,APT-C-37; Syrian Electronic Army,Syria; Syria,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],System / ideology; Resources; International power,System/ideology; Resources; International power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://blogs.360.cn/post/SEA_role_influence_cyberattacks.html#2018']
1193,Norway government hack,Chinese state-sponsored group APT 31/Zirconium gained access into the IT network systems of the norwegian government and stole data.,2018-01-01,2018-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Norway'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],['APT31/ZIRCONIUM/BRONZE VINEWOOD/G0128'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,Statement in media report and political statement/technical report,Attribution by receiver government / state entity,,,,APT31/ZIRCONIUM/BRONZE VINEWOOD/G0128,China,"Non-state actor, state-affiliation suggested",,"['https://www-nrk-no.translate.goog/norge/pst_-har-etterretning-om-at-kinesisk-gruppe-stod-bak-dataangrep-mot-statsforvaltere-1.15540601?_x_tr_sl=auto&_x_tr_tl=de&_x_tr_hl=de&_x_tr_pto=nui', 'https://pst.no/alle-artikler/pressemeldinger/etterforskningen-av-datanettverksoperasjonen-mot-fylkesmannsembetene-er-avsluttet/']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://therecord.media/norway-says-chinese-group-APT%2031-is-behind-catastrophic-2018-government-hack/', 'https://www-nrk-no.translate.goog/norge/pst_-har-etterretning-om-at-kinesisk-gruppe-stod-bak-dataangrep-mot-statsforvaltere-1.15540601?_x_tr_sl=auto&_x_tr_tl=de&_x_tr_hl=de&_x_tr_pto=nui', 'https://pst.no/alle-artikler/pressemeldinger/etterforskningen-av-datanettverksoperasjonen-mot-fylkesmannsembetene-er-avsluttet/']"
1194,Visma hack,"Chinese state-sponsored group APT 31/Zirconium gained access into the IT network systems of the norwegian software firm Visma and stole data. In 2019, Recorded Future attributed the same operation to Chinese APT  10.",2018-01-01,2018-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Norway'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['APT31/ZIRCONIUM/BRONZE VINEWOOD/G0128', 'APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,3,2019-01-01; 2019-01-01; 2019-01-01; 2019-01-01; 2019-01-01; 2019-01-01,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Not available; Not available",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Contested attribution; Contested attribution,,,,"APT31/ZIRCONIUM/BRONZE VINEWOOD/G0128; APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT31/ZIRCONIUM/BRONZE VINEWOOD/G0128; APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT31/ZIRCONIUM/BRONZE VINEWOOD/G0128; APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China; China; China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://pst-no.translate.goog/alle-artikler/pressemeldinger/etterforskningen-av-datanettverksoperasjonen-mot-fylkesmannsembetene-er-avsluttet/?_x_tr_sl=auto&_x_tr_tl=de&_x_tr_hl=de&_x_tr_pto=nui', 'https://www.recordedfuture.com/APT 10-cyberespionage-campaign/?__hstc=156209188.4e66ab3a14d12726bc06ec44a878904e.1634634784306.1634634784306.1634634784306.1&__hssc=156209188.1.1634634784306&__hsfp=1513977555']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.recordedfuture.com/APT%2010-cyberespionage-campaign/', 'https://therecord.media/norway-says-chinese-group-APT%2031-is-behind-catastrophic-2018-government-hack/', 'https://pst-no.translate.goog/alle-artikler/pressemeldinger/etterforskningen-av-datanettverksoperasjonen-mot-fylkesmannsembetene-er-avsluttet/?_x_tr_sl=auto&_x_tr_tl=de&_x_tr_hl=de&_x_tr_pto=nui', 'https://www.recordedfuture.com/APT 10-cyberespionage-campaign/?__hstc=156209188.4e66ab3a14d12726bc06ec44a878904e.1634634784306.1634634784306.1634634784306.1&__hssc=156209188.1.1634634784306&__hsfp=1513977555', 'https://securityaffairs.com/142452/apt/chinese-apts-targets-eu.html', 'https://twitter.com/RecordedFuture/status/1626633928327954434', 'https://securityaffairs.com/142698/breaking-news/security-affairs-newsletter-round-408-by-pierluigi-paganini.html']"
1195,BITTER vs. China,"The hacking group ""BITTER"" targeted Chinese military industry personel with the malware called SlideRat.",2019-01-01,2019-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['China'],"[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Defence industry']]","['Man Linghua/ APT-C-08', 'BITTER']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,2,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Media report (e.g., Reuters makes an attribution statement, without naming further sources); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",IT-security community attributes attacker; IT-security community attributes attacker; Media-based attribution; Media-based attribution,,,,Man Linghua/ APT-C-08; BITTER; Man Linghua/ APT-C-08; BITTER,Unknown; Unknown; India; India,Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed,,"['https://blogs.360.cn/post/analysis_of_APT_C_08.html', 'https://www.anomali.com/blog/suspected-bitter-apt-continues-targeting-government-of-china-and-chinese-organizations#When:19:24:00Z']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://blogs.360.cn/post/analysis_of_APT_C_08.html', 'https://www.anomali.com/blog/suspected-bitter-apt-continues-targeting-government-of-china-and-chinese-organizations#When:19:24:00Z']"
1196,DDOS-Attacks on Ukrainian Electoral commission,"Russian Hackers, attributed by the ukrainian government to be part of the Russian state, took down the infrastructure of the ukrainian electoral commission.",2019-02-24,2019-02-25,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Election infrastructure / related systems']],,['Russia'],['State'],,1,2019-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Russia,State,,[],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://en.interfax.com.ua/news/general/568710.html']
1197,Iran hacks on Bahrain,Over the course of the summer of 2019 hackers alleged to be Iranian government supported accessed various important parts of the Bahrainian state networks,2019-07-25,2019-08-05,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,,['Bahrain'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Intelligence agencies', 'Energy']]",,"['Iran, Islamic Republic of']",['State'],,1,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party,,,,,"Iran, Islamic Republic of",State,,[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.jpost.com/Middle-East/Wall-Street-Journal-reports-Bahrain-targeted-by-Iranian-cyber-attacks-598190']
1198,USA cyberattack against Iranian military,"The American military managed to shut down a database of Iran, which was used to target oil tankers",2019-07-01,2019-07-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Military']],['US CYCOM'],['United States'],['State'],,1,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,US CYCOM,United States,State,,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2019/08/28/us/politics/us-iran-cyber-attack.html', 'https://www.timesofisrael.com/us-cyber-attack-said-to-have-disabled-irans-ability-to-target-oil-tankers/']"
1199,OPIsrael 2019 Preperatory Stage,"Hamas-affiliated Hacktivists created backdoors in the networks of israelian companies, to use them in the OpIsrael 2019 event",2019-04-02,2019-04-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Giant-PS', 'Hamas affiliated']","['Palestine', 'Palestine']","['Non-state-group', 'Non-state-group']","['Terrorist(s)', 'Terrorist(s)']",1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Giant-PS; Hamas affiliated,Palestine; Palestine,Non-state-group; Non-state-group,Terrorist(s); Terrorist(s),[],System / ideology,System/ideology; Resources; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.haaretz.com/israel-news/.premium-pro-palestinian-hackers-breach-120-israeli-websites-1.7084034']
1200,APT32 vs. Global car manufacturers,The vietnamese state-sponsored group Ocean Lotus/APT32 managed to hack 5-10 car manufacturers globally via freely available tools,2019-02-01,2019-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Global (region)'],,[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['APT 32/Ocean Lotus'],['Vietnam'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT 32/Ocean Lotus,Vietnam,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cyberscoop.com/apt32-ocean-lotus-vietnam-car-companies-hacked/', 'https://www.br.de/nachrichten/wirtschaft/fr-autoindustrie-im-visier-von-hackern-bmw-ausgespaeht,RjnLkD4']"
1201,Baltimore hack,Unknown actors took down almost the complete network of the US-American city of Baltimore. Links to the NSA software EternalBlue that was leaked on the internet remain inconclusive,2019-05-06,2019-05-21,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Civil service / administration']]",['Robin Hood'],['Unknown'],['Individual hacker(s)'],,1,,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker,,,,Robin Hood,Unknown,Individual hacker(s),,"['https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html', 'https://krebsonsecurity.com/2019/06/report-no-eternal-blue-exploit-found-in-baltimore-city-ransomware/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html', 'https://krebsonsecurity.com/2019/06/report-no-eternal-blue-exploit-found-in-baltimore-city-ransomware/', 'https://www.facebook.com/CharmTVBaltimore/videos/1092989207540670/']"
1202,FSB data breach,The unidentified group 0v1ru$ managed to access important data of the Russian FSB,2019-07-13,2019-07-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Intelligence agencies']],"['0v1ru$', 'Digital Revolution']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,0v1ru$; Digital Revolution,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),['https://www.bbc.com/russian/features-49050982'],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.forbes.com/sites/zakdoffman/2019/07/20/russian-intelligence-has-been-hacked-with-social-media-and-tor-projects-exposed/#515475926b11', 'https://www.bbc.com/russian/features-49050982']"
1203,Anti-Propaganda Operation by the US,The United States attacked the Iran after the physical attacks of Iran on the Saudi oil facilities. The strike was focused on reducing the propaganda capabilities of the Iran,2019-09-01,2019-09-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],,,['United States'],['State'],,1,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,,United States,State,,[],System / ideology; International power,System/ideology; International power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-usa-iran-military-cyber-exclusive/exclusive-u-s-carried-out-secret-cyber-strike-on-iran-in-wake-of-saudi-oil-attack-officials-idUSKBN1WV0EK']
1204,NSO tools vs. Whatsapp users,"A spyware designed by the Israeli firm NSO group was used against various high-ranking government and military officials in countries allied to the US. Detailed attribution is unclear, but NSO says it only sells its software to governments.
In January 2023 the petition made by NSO Group to claim immunity was dismissed by the Supreme Court of the United States. The petition was made in response to a legal challenge brought in 2019 by the messaging company WhatsApp over the use of the Pegasus hacking tool to target its infrastructure and approximately 1,400 users.",2019-01-01,2019-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,,"['United States', 'United Arab Emirates', 'Pakistan', 'Mexico', 'Bahrain', 'India', 'Global (region)']","[['NATO', 'NORTHAM'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'SASIA', 'SCO'], [], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'SASIA', 'SCO'], []]","[['State institutions / political system', 'Social groups', 'Media', 'State institutions / political system'], ['State institutions / political system', 'Social groups', 'Media', 'State institutions / political system'], ['State institutions / political system', 'Social groups', 'Media', 'State institutions / political system'], ['State institutions / political system', 'Social groups', 'Media', 'State institutions / political system'], ['State institutions / political system', 'Social groups', 'Media', 'State institutions / political system'], ['State institutions / political system', 'Social groups', 'Media', 'State institutions / political system'], ['State institutions / political system', 'Social groups', 'Media', 'State institutions / political system']]","[['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', 'Military'], ['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', 'Military'], ['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', 'Military'], ['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', 'Military'], ['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', 'Military'], ['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', 'Military'], ['Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', 'Military']]",,['Unknown'],['State'],,2,2019-01-01; 2019-01-01,"Domestic legal action; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Attribution by third-party,,,,,Unknown; Unknown,State; State,,['https://www.theguardian.com/world/2019/dec/19/israeli-spyware-allegedly-used-to-target-pakistani-officials-phones'],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.zdnet.de/88359987/whatsapp-schwachstelle-erlaubt-installation-von-spyware/', 'https://www.reuters.com/article/us-facebook-cyber-whatsapp-nsogroup-excl/exclusive-government-officials-around-the-globe-targeted-for-hacking-through-whatsapp-sources-idUSKBN1XA27H', 'https://www.theguardian.com/world/2019/dec/19/israeli-spyware-allegedly-used-to-target-pakistani-officials-phones', 'https://www.cyberscoop.com/meta-surveillance-for-hire-government-action/', 'https://therecord.media/supreme-court-dismisses-spyware-company-nso-groups-claim-of-immunity/', 'https://www.cyberscoop.com/supreme-court-whatsapp-nso-group-spyware/', 'https://twitter.com/jsrailton/status/1612467553988640768']"
1205,Ransomware Ryuk deployed against US cities,The networks of various US cities were temporarily taken down by ransomware of Russian origin.,2019-01-01,2019-01-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],"['Wizard Spider', 'Temp.Mixmaster']","['Russia', 'Russia']","['Non-state-group', 'Non-state-group']","['Criminal(s)', 'Criminal(s)']",1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Wizard Spider; Temp.Mixmaster,Russia; Russia,Non-state-group; Non-state-group,Criminal(s); Criminal(s),['https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://statescoop.com/recent-ransomware-surge-russian-criminal-group/', 'https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/', 'https://statescoop.com/state-local-government-urged-ransomware-defense/', 'https://www.bleepingcomputer.com/news/security/russian-man-pleads-guilty-to-laundering-ryuk-ransomware-money/']"
1206,APT33 vs. Saudi targets 2019,"The Iranian state-sponsored APT33 primarily hacked Saudi targets, but also targets in India and other countries, using a changed infrastructure since Recorded Future last published its activities in March 2019.",2019-05-02,2019-06-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Saudi Arabia', 'India', 'United Arab Emirates', 'Egypt', 'Turkey', 'Croatia']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'NATO', 'MEA'], ['EUROPE', 'BALKANS', 'NATO', 'EU']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Critical infrastructure', 'Critical infrastructure']]","[['Energy', '', '', 'Water', 'Finance'], ['Energy', '', '', 'Water', 'Finance'], ['Energy', '', '', 'Water', 'Finance'], ['Energy', '', '', 'Water', 'Finance'], ['Energy', '', '', 'Water', 'Finance'], ['Energy', '', '', 'Water', 'Finance']]",['APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://go.recordedfuture.com/hubfs/reports/cta-2019-0626.pdf']
1207,Gamaredon,"The Russian state-sponsored APT Gamaredon started with attacks on various targets in the Ukraine, partly with the goal of data theft, partly with the goal of increasing its offensive capabilities.",2019-09-01,2020-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups', 'Media']]","[['Civil service / administration', 'Military', 'Police', 'Advocacy / activists (e.g. human rights organizations)', '']]","['Gamaredon Group/Shuckworm/BlueAlpha/ACTINIUM/Primitive Bear/Armageddon/DEV-0157, Group G0047 (FSB, 18th Center, Crimea)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Gamaredon Group/Shuckworm/BlueAlpha/ACTINIUM/Primitive Bear/Armageddon/DEV-0157, Group G0047 (FSB, 18th Center, Crimea)",Russia,"Non-state actor, state-affiliation suggested",,[],Territory; Resources; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.anomali.com/files/white-papers/Anomali_Threat_Research-Gamaredon_TTPs_Target_Ukraine-WP.pdf', 'https://labs.sentinelone.com/pro-russian-cyberspy-gamaredon-intensifies-ukrainian-security-targeting/', 'https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf', 'https://www.cyberscoop.com/ukraine-russian-hackers-armageddon-videos-gamaredon/']"
1208,Ryuk usage against US coast guard,The networks of an US-American port authority was taken down by cybercriminals via the ryuk malware,2019-12-01,2019-12-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],"['Wizard Spider', 'Temp.Mixmaster']","['Russia', 'Russia']","['Non-state-group', 'Non-state-group']","['Criminal(s)', 'Criminal(s)']",1,2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Wizard Spider; Temp.Mixmaster,Russia; Russia,Non-state-group; Non-state-group,Criminal(s); Criminal(s),"['https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/', 'https://www.hhs.gov/sites/default/files/ryuk-update.pdf']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/', 'https://www.bbc.com/news/technology-50972890', 'https://www.hhs.gov/sites/default/files/ryuk-update.pdf', 'https://www.bleepingcomputer.com/news/security/russian-man-pleads-guilty-to-laundering-ryuk-ransomware-money/']"
1209,Burisma Hack,The ukrainian gas company Burisman was attacked by Fancy Bear. Supposedly to find information about Joe Biden.,2019-11-01,2019-11-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)', 'GRU']","['Russia', 'Russia']","['State', 'State']",,1,2020-01-01; 2020-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,State; State,,['https://www.wired.com/story/russia-burisma-hack-leaks/'],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2020/01/13/us/politics/russian-hackers-burisma-ukraine.html', 'https://www.wired.com/story/russia-burisma-hack-leaks/']"
1210,Australia Parliament hack,"Unkown actors, attributed by unknown officials allegedly Chinese, hacked into the systems of the Australian Parliament three months ahead of elections, raised fears of election interference, but no leaked data became public.",2019-02-01,2019-02-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft,,['Australia'],[['OC']],"[['State institutions / political system', 'State institutions / political system']]","[['Legislative', 'Political parties']]",,['China'],['State'],,1,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,,China,State,,['https://www.reuters.com/article/us-australia-china-cyber-exclusive/exclusive-australia-concluded-china-was-behind-hack-on-parliament-political-parties-sources-idUSKBN1W00VF'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.abc.net.au/news/2019-02-08/china-government-cyber-security-breach-parliament-hackers/10792938', 'https://www.reuters.com/article/us-australia-china-cyber-exclusive/exclusive-australia-concluded-china-was-behind-hack-on-parliament-political-parties-sources-idUSKBN1W00VF']"
1211,Lazarus turns against Russia,The north-Korean APT attacked Russian companies with previously used tools,2019-01-01,2019-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://research.checkpoint.com/2019/north-korea-turns-against-russian-targets/']
1212,Fancy Bear Summer Campaign,In Summer 2019 the Russian APT Fancy Bear attacked various embassies of Eastern European and Central Asian countries.,2019-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Eastern Europe', 'Central Asia (region)']",,"[['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', ''], ['Government / ministries', '']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/']
1213,Amnesty Hongkong Hack,The hongkong part of amnesty international was the target of an attack by a Chinese APT .,2019-03-15,2019-03-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft,,['Hong Kong'],[['ASIA']],[['Social groups']],[['Advocacy / activists (e.g. human rights organizations)']],,['China'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker,,,,,China,"Non-state actor, state-affiliation suggested",,[],System / ideology; Autonomy,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.amnesty.org/en/latest/news/2019/04/state-sponsored-cyber-attack-hong-kong/']
1214,Chinese Attack against telecommunication providers,The Chinese government accessed the networks of telecommunication providers in various countries to get data about the travel routes of Uighurs.,2019-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['Turkey', 'Kazakhstan', 'India', 'Thailand', 'Malaysia']","[['ASIA', 'NATO', 'MEA'], ['ASIA', 'CSTO', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SEA'], ['ASIA', 'SCS', 'SEA']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Transportation'], ['Transportation'], ['Transportation'], ['Transportation'], ['Transportation']]",,['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2019-01-01; 2019-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attribution by third-party,,,,,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ",[],System / ideology; Secession,System/ideology; Secession; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-china-cyber-uighurs/china-hacked-asian-telcos-to-spy-on-uighur-travelers-sources-idUSKCN1VQ1A5']
1215,Telegram DDOS,An attack on the messenger service telegram took down the service for a couple of hours. The attack was linked to a Chinese state hacker group.,2019-06-12,2019-06-12,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Disruption,,['Hong Kong'],[['ASIA']],"[['Social groups', 'End user(s) / specially protected groups']]","[['Advocacy / activists (e.g. human rights organizations)', '']]",,['China'],['State'],,1,2019-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,,,,,China,State,,[],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.nytimes.com/2019/06/13/world/asia/hong-kong-telegram-protests.html']
1216,APT  40 vs. US-Universities,APT  40 attacked American universities via spearphishing. The apparent goal was the theft of crucial information about naval research.,2019-01-01,2019-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Science']],,"['APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company)']",['China'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,"APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (MSS, Hainan State Security Department/Hainan Xiandun Technology Company)",China,"Non-state actor, state-affiliation suggested",,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.theverge.com/2019/3/5/18251836/chinese-hackers-us-servers-universities-military-secrets-cybersecurity']
1217,Thrip attacks continue,The threat actor Thrip continues its attacks around South East Asia. The targets are mostly military entities and satellite providers,2019-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Hong Kong', 'Indonesia', 'Malaysia', 'Philippines', 'Vietnam']","[['ASIA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Military', ''], ['Military', ''], ['Military', ''], ['Military', ''], ['Military', '']]","['Thrip', 'Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2019-01-01; 2019-01-01,Statement in media report and political statement/technical report; Statement in media report and political statement/technical report,IT-security community attributes attacker; IT-security community attributes attacker,,,,Thrip; Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.bankinfosecurity.com/chinese-APT -group-thrip-powers-ahead-a-13077'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://symantec-blogs.broadcom.com/blogs/threat-intelligence/thrip-APT%20-south-east-asia', 'https://www.bankinfosecurity.com/chinese-APT -group-thrip-powers-ahead-a-13077']"
1218,Benny Gantz phone hack,"The phone of Netanyahus Challenger Benny Gantz was hacked, the stolen data was allegedly sold to Iranian state actors.",2019-01-01,2019-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Political parties']],['Ministry of Intelligence and Security (MOIS; Iran)'],"['Iran, Islamic Republic of']",['State'],,1,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,,,,Ministry of Intelligence and Security (MOIS; Iran),"Iran, Islamic Republic of",State,,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.jta.org/quick-reads/iran-hacked-benny-gantzs-phone-israeli-authorities-reportedly-believe', 'https://www.nytimes.com/2019/03/15/world/middleeast/gantz-netanyahus-challenger-faces-lurid-questions-after-iran-hacked-his-phone.html', 'https://www.spiegel.de/politik/ausland/israel-hacker-skandal-um-benjamin-netanyahus-gegner-benny-gantz-a-1258271.html']"
1219,Cloud Atlas 2018/19,"The APT Cloud Atlas continued its campaigns against government institutions and companies across Russia, Eastern Europe and Central Asia in 2019.",2019-01-01,2019-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Russia', 'Portugal', 'Ukraine', 'Romania', 'Turkey', 'Turkmenistan', 'Afghanistan']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'EASTEU'], ['EUROPE', 'BALKANS', 'NATO', 'EU'], ['ASIA', 'NATO', 'MEA'], ['ASIA'], ['ASIA', 'SASIA']]","[['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'International / supranational organization', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '', 'Defence industry', 'Religious', ''], ['Government / ministries', '', 'Defence industry', 'Religious', ''], ['Government / ministries', '', 'Defence industry', 'Religious', ''], ['Government / ministries', '', 'Defence industry', 'Religious', ''], ['Government / ministries', '', 'Defence industry', 'Religious', ''], ['Government / ministries', '', 'Defence industry', 'Religious', ''], ['Government / ministries', '', 'Defence industry', 'Religious', '']]","['Inception Framework/Cloud Atlas/Blue Odin/G0100', 'Red October']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Inception Framework/Cloud Atlas/Blue Odin/G0100; Red October,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://securelist.com/recent-cloud-atlas-activity/92016/']
1220,Charming Kitten Election Interference,The Iranian State APT Charming Kitten restarted attack campaigns against Iranian dissidents and started to influence elections,2019-07-01,2019-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,"['United States', 'Mena Region (region)', 'France', 'Iran, Islamic Republic of']","[['NATO', 'NORTHAM'], [], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'MENA', 'MEA']]","[['Social groups', 'Science'], ['Social groups', 'Science'], ['Social groups', 'Science'], ['Social groups', 'Science']]","[['Political opposition / dissidents / expats', ''], ['Political opposition / dissidents / expats', ''], ['Political opposition / dissidents / expats', ''], ['Political opposition / dissidents / expats', '']]","['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059', 'Ministry of Intelligence and Security (MOIS; Iran)']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2019-01-01; 2019-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059; Ministry of Intelligence and Security (MOIS; Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.clearskysec.com/wp-content/uploads/2019/10/The-Kittens-Are-Back-in-Town-2-1.pdf', 'https://www.darkreading.com/threat-intelligence/disinformation-attacks-threaten-us-midterm-elections']"
1221,National Association of Manufacturers vs. Chinese Hackers,Hackers of Chinese origin attacked the networks of the American National association of Manufacturers during the talks about trade between the US and China,2019-06-01,2019-08-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Other social groups']],,['China'],['State'],,1,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker,,,,,China,State,,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-usa-trade-china-cyber-exclusive/exclusive-u-s-manufacturing-group-hacked-by-china-as-trade-talks-intensified-sources-idUSKBN1XN1AY?il=0']
1222,Golden Falcon Surveillance in Kazakhstan,"Many sectors in Kazakhstan were surveilled and hacked by the threat actor Golden Falcon, which may be linked to the Kazakh government.",2019-01-01,2019-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Kazakhstan'],"[['ASIA', 'CSTO', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science', 'Other']]","[['Government / ministries', 'Military', 'Election infrastructure / related systems', 'Religious', 'Political opposition / dissidents / expats', '', '', '', '']]",['APT-C-34/Golden Falcon'],['Kazakhstan'],['State'],,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT-C-34/Golden Falcon,Kazakhstan,State,,['https://www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/'],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/', 'https://cyware.com/news/pan-country-cyberattack-operation-unidentified-actors-worries-kazakhstan-5436b277']"
1223,Sandworm vs. Georgia - 2019,On the 28th October 2019 many websites in Georgia were taken down by an coordinated attack. The US and many of its allies attributed this to Sandworm,2019-10-28,2019-10-28,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,['Georgia'],"[['ASIA', 'CENTAS']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Election infrastructure / related systems', '', '']]","['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)', 'GRU Unit 74455']","['Russia', 'Russia']","['State', 'State']",,2,2019-01-01; 2019-01-01; 2019-01-01; 2019-01-01,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by third-party; Attribution by third-party,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU Unit 74455; Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU Unit 74455",Russia; Russia; Russia; Russia,State; State; State; State,,"['https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and', 'https://www.nytimes.com/2020/02/20/world/europe/georgia-cyberattack-russia.html', 'https://www.gov.pl/web/diplomacy/statement-of-the-polish-mfa-on-cyberattacks-against-georgia']",International power,International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.bbc.com/news/technology-50207192', 'https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and', 'https://www.nytimes.com/2020/02/20/world/europe/georgia-cyberattack-russia.html', 'https://www.gov.pl/web/diplomacy/statement-of-the-polish-mfa-on-cyberattacks-against-georgia', 'https://www.consilium.europa.eu/en/press/press-releases/2020/02/21/declaration-by-the-high-representative-on-behalf-of-the-european-union-call-to-promote-and-conduct-responsible-behaviour-in-cyberspace/']"
1224,Attack on Czech MFA,Czech Authorities blame the GRU`s Fancy bear for a DDoS-Attack against the Czech Ministry of Foreign Affairs.,2019-06-01,2019-06-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft,,['Czech Republic'],"[['EUROPE', 'NATO', 'EU', 'EASTEU']]",[['State institutions / political system']],[['Government / ministries']],"['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)', 'GRU']","['Russia', 'Russia']","['State', 'State']",,1,2019-01-01; 2019-01-01,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,State; State,,['https://www.prosyscom.tech/cyber-security/the-czech-republic-again-accused-russia-of-hacker-attacks/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/us-czech-security-cyber/foreign-power-was-behind-cyber-attack-on-czech-ministry-senate-idUSKCN1V31DS?il=0', 'https://www.prosyscom.tech/cyber-security/the-czech-republic-again-accused-russia-of-hacker-attacks/']"
1225,Totok App Surveillance,A private company directly connected to the ARE government developed and distributed a messenger app designed to conduct surveillance against ARE citizens.,2019-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft,,"['United Arab Emirates', 'Global (region)']","[['ASIA', 'MENA', 'MEA', 'GULFC'], []]","[['End user(s) / specially protected groups'], ['End user(s) / specially protected groups']]",,"['Breej Holding', 'DarkMatter']","['United Arab Emirates', 'United Arab Emirates']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2019-01-01; 2019-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party; Attribution by third-party,,,,Breej Holding; DarkMatter,United Arab Emirates; United Arab Emirates,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html']
1226,Great Cannon strikes on Hongkong,"The Chinese government DDOSed the Hongkong-Website LIHKG via a man-in-the-middle-attack, injecting malicious webcode in javascript-scripts on certain webpages.",2019-08-31,2019-11-27,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,['Hong Kong'],[['ASIA']],"[['Social groups', 'Social groups', 'End user(s) / specially protected groups']]","[['Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', '']]",,['Unknown'],['Unknown - not attributed'],,2,2019-01-01; 2019-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Media-based attribution,,,,,Unknown; China,Unknown - not attributed; State,,['https://citizenlab.ca/2015/04/chinas-great-cannon/'],System / ideology; Autonomy,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/china-resurrects-great-cannon-for-ddos-attacks-on-hong-kong-forum/', 'https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again', 'https://citizenlab.ca/2015/04/chinas-great-cannon/']"
1227,Dtrack vs. Indian nuclear power plant,"Dtrack-Malware, associated with North Korean Lazarus group, was inserted into an Indian nuclear power plant.",2019-09-01,2019-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking without Misuse,,['India'],"[['ASIA', 'SASIA', 'SCO']]",[['Critical infrastructure']],[['Energy']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,2,2019-01-01; 2019-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attribution by third-party,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.washingtonpost.com/politics/2019/11/04/an-indian-nuclear-power-plant-suffered-cyberattack-heres-what-you-need-know/', 'https://www.thenewsminute.com/article/kudankulam-nuclear-power-plant-denies-cyber-attack-north-korean-hackers-111366']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://dragos.com/blog/industry-news/assessment-of-reported-malware-infection-at-nuclear-facility/', 'https://www.reuters.com/article/india-npcil-malware/nuclear-power-corp-of-india-says-detected-malware-in-its-systems-idUSL3N27F356', 'https://www.washingtonpost.com/politics/2019/11/04/an-indian-nuclear-power-plant-suffered-cyberattack-heres-what-you-need-know/', 'https://www.thenewsminute.com/article/kudankulam-nuclear-power-plant-denies-cyber-attack-north-korean-hackers-111366', 'https://therecord.media/hackers-linked-to-north-korea-targeted-indian-medical-org-energy-sector/', 'https://twitter.com/RecordedFuture/status/1621646796219883520']"
1228,Iran vs. Bapco,"Iranian state-backed hackers attacked the Bahrainian Oil-Company Bapco with a data-wiping malware.

For a detailed analysis of this incident, please see here: http://bit.ly/3YwNryo.",2019-01-01,2019-12-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,,['Bahrain'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['Critical infrastructure']],[['Energy']],,"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party,,,,,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,[],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/new-iranian-data-wiper-malware-hits-bapco-bahrains-national-oil-company/', 'https://de.scribd.com/document/442225568/Saudi-Arabia-CNA-report']"
1171,IranRev. Guard vs. UKGovernment,Iranish actors hacked various UK companies and the UK postoffice,2018-12-23,2018-12-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Civil service / administration', '']]",['Iran Revolutionary Guard Corps'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker,,,,Iran Revolutionary Guard Corps,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.infosecurity-magazine.com/news/iranian-hackers-target-uk-1/', 'https://www.mirror.co.uk/news/uk-news/major-cyber-attack-uk-infrastructure-14226055']"
1230,Fractured Statue,North Korean attackers accessed the networks of an unidentified American government agency,2019-07-01,2019-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['Konni Group'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Konni Group,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/#Attribution']
1229,Operation Applejeus Reloaded,Lazarus continued its attacks against unnamed actors in the cryptocurrency sector,2019-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,"['United Kingdom', 'Russia', 'China', 'Poland']","[['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['EUROPE', 'NATO', 'EU', 'EASTEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/operation-applejeus-sequel/95596/', 'https://www.cfr.org/blog/new-entries-cfr-cyber-operations-tracker-q1-2020']"
1232,Winnti vs. Hongkong Universities,The APT  Winnti installed Keyloggers on the computers of universities in Hongkong,2019-03-01,2019-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft,,['Hong Kong'],[['ASIA']],[['Science']],,['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/'],System / ideology; Autonomy,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/winnti-group-infected-hong-kong-universities-with-malware/', 'https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/']"
1233,Turlas New Waterhole,"Turla created a watering hole, with which they managed to compromise various Armenian web pages",2019-01-01,2019-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Armenia'],"[['ASIA', 'CENTAS', 'CSTO']]",[['State institutions / political system']],[['Government / ministries']],"['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/']
1234,DarkHotel vs. PRK,The state-attributed APT DarkHotel used 5 Zero-Days over the course of 2019 to spy on North Korea,2019-01-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"[""Korea, Democratic People's Republic of""]","[['ASIA', 'NEA']]","[['End user(s) / specially protected groups', 'Other']]",,['DarkHotel'],"['Korea, Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,DarkHotel,"Korea, Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],System / ideology; International power; Other,System/ideology; International power; Other,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.wired.com/story/north-korea-hacking-zero-days-google/']
1235,Naikon Reloaded,The threat actor Naikon reemerged in 2019 and 2020 with a new attack wave on governments in SEA and Australia.,2019-01-01,2020-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Disruption; Hijacking with Misuse,,"['Australia', 'Indonesia', 'Philippines', 'Thailand', 'Vietnam', 'Brunei']","[['OC'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', '']]","['APT30/Naikon/G0013 (PLA, Unit 78020)', 'PLA Unit 78020']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"APT30/Naikon/G0013 (PLA, Unit 78020); PLA Unit 78020",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nytimes.com/2020/05/07/world/asia/china-hacking-military-aria.html', 'https://research.checkpoint.com/2020/naikon-APT%20-cyber-espionage-reloaded/']"
1236,ZeroCleare,APT34 attacked middle-eastern oil companies with its new file-deleting malware ZeroCleare,2019-01-01,2019-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,,['Middle East (region)'],,[['Critical infrastructure']],[['Energy']],"['ITG13 ', 'OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,ITG13 ; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/']
1237,Operation In(ter)ception,"A group (likely the north-Korean APT Lazarus) attacked two central European defense companies via LinkedIn with the goal of espionage. In one case, the attackers tried to monetize access to a victim’s email account through a business email compromise (BEC) attack as the final stage of the operation.",2019-09-01,2019-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Europe (region)', 'Middle East (region)']",,"[['Critical infrastructure'], ['Critical infrastructure']]","[['Defence industry'], ['Defence industry']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf', 'https://www.reuters.com/article/us-cyber-linkedin-hacks/cyber-spies-use-linkedin-to-hack-european-defence-firms-idUSKBN23O2L7?utm_campaign=wp_the_cybersecurity_202&utm_medium=email&utm_source=newsletter&wpisrc=nl_cybersecurity202']"
1238,NSO Tools vs. Moroccan Journalist,Spyware of the NSO group was used against a Morrocan journalist by the Morrocan government.,2019-01-27,2020-01-29,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Morocco'],"[['AFRICA', 'NAF', 'MENA']]",[['Media']],,,['Morocco'],['State'],,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Morocco,State,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.amnesty.org/en/latest/news/2020/06/nso-spyware-used-against-moroccan-journalist/']
1239,OilRig Read my Lips,The unidentified group Shadow Brokers leaked hackingtools of the Iranian group OilRig online,2019-01-01,2019-04-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Intelligence agencies']],['Read My Lips/Lab Dookhtegan'],['Unknown'],['Unknown - not attributed'],,1,2019-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Read My Lips/Lab Dookhtegan,Unknown,Unknown - not attributed,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/', 'https://www.wired.com/story/iran-hackers-oilrig-read-my-lips/']"
1240,Togo NSO tools vs. Religious opposition,The government of Togo used spyware tools of the NSO group against the religious opposition in the country,2019-01-01,2019-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Togo'],"[['AFRICA', 'SSA']]","[['Social groups', 'Social groups']]","[['Religious', 'Political opposition / dissidents / expats']]",,['Togo'],['State'],,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,,Togo,State,,[],National power,National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/technology/2020/aug/03/senior-clergymen-among-activists-targeted-by-spyware', 'https://www.cyberscoop.com/religious-politicians-togo-surveillance-nso-group/']"
1241,Attack on two US municipalities,"Since June 2019, unidentified cyber actors have used a SharePoint vulnerability, CVE-2019-0604, to exploit notable US entities. Following a widespread scanning for CVE-2019-0604 in May, June, and October 2019, respectively, cyber actors compromised the network of two identified US municipalities using CVE-2019-0604.",2019-07-01,2019-08-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['State'],,1,2020-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Unknown,State,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/', 'https://www.aha.org/fbi-tlp-alert/2020-03-18-fbi-alert-ac-000113-tt-unidentified-cyber-actors-exploit-sharepoint']"
1242,Emissary Panda attack on Iranian and other Middle Eastern Governments,"Chinese cyber-espionage group Emissary Panda has been targeting government organizations in two different countries in the Middle East, Palo Alto Networks security researchers say. Iran later claimed to be one of the victims and attributed the operation to Chinese APT 27.",2019-04-01,2019-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of', 'Middle East (region)']","[['ASIA', 'MENA', 'MEA'], []]","[['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries']]",['Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2019-01-01; 2019-01-01,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027; Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/', 'https://team-cymru.com/blog/2020/03/25/how-the-iranian-cyber-security-agency-detects-emissary-panda-malware/']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/chinese-cyber-spies-target-government-organizations-middle-east', 'https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/', 'https://team-cymru.com/blog/2020/03/25/how-the-iranian-cyber-security-agency-detects-emissary-panda-malware/', 'https://twitter.com/azarijahromi/status/1206071513222467585']"
1243,Pulwama retaliation hack,"An Indian hacker group named ""I Team Crew"" disrupted many pakistani websites after an suicide attack of pakistan-based group Jaish-e-Mohammad in Kashmir, which killed 40 police officers.",2019-02-14,2019-02-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",['Team I Crew'],['India'],['Non-state-group'],['Hacktivist(s)'],1,,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Team I Crew,India,Non-state-group,Hacktivist(s),[],Autonomy; Secession,Autonomy; Secession,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://timesofindia.indiatimes.com/gadgets-news/pulwama-attack-pakistani-websites-hacked-heres-the-list/articleshow/68042727.cms']
1244,US hack on IRGC,US Cyber Command disrupts iranian missile control systems and spy network to retaliate the downing of a US Global Hawk Drone and the attack on two oil tankers in June 2019.,2019-06-20,2019-06-20,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Military']],['US CYCOM'],['United States'],['State'],,1,2019-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attacker confirms,,,,US CYCOM,United States,State,,['https://apnews.com/article/f01492c3dbd14856bce41d776248921f'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/world/2019/jun/23/us-launched-cyber-attack-on-iranian-rockets-and-missiles-reports', 'https://www.dw.com/en/us-hits-iran-with-cyberattack-reports/a-49316935', 'https://apnews.com/article/f01492c3dbd14856bce41d776248921f', 'https://www.businessinsider.com/iran-us-cyberattacks-after-drone-shot-down-did-not-work-2019-6']"
1245,Mitsubishi hack,"China-linked hacking group ""Tick"" breached into computer systems of Mitsubishi Electric Corporation and stole sensitive data.",2019-03-18,2019-06-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft; Hijacking with Misuse,,['Japan'],"[['ASIA', 'SCS', 'NEA']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Defence industry', '']]","['Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit\xa061419)']",['China'],"['Non-state actor, state-affiliation suggested']",,2,2020-01-01; 2020-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Receiver attributes attacker; Attribution by third-party,,,,"Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419); Tick/BRONZE BUTLER/REBALDKNIGHT/G0060 (PLA, Unit 61419)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/', 'https://www.asahi.com/articles/ASN1M6VDSN1MULFA009.html']",Other,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://apnews.com/article/2e85904379adc4fa30ebc6aba3eb4d55', 'https://www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/', 'https://www.japantimes.co.jp/news/2020/02/13/business/corporate-business/cyberattack-mitsubishi-china/', 'https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/', 'https://www.asahi.com/articles/ASN1M6VDSN1MULFA009.html']"
1246,UN hack,"A probably state-linked hacking group compromised the computer systems of the UN offices in Geneva and Vienna, which the UN tried to cover up.",2019-07-01,2019-01-01,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['United Nations Organization'],,[['International / supranational organization']],,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.thenewhumanitarian.org/investigation/2020/01/29/united-nations-cyber-attack', 'https://apnews.com/article/0d958e15d7f5081dd612f07482f48b73']"
1247,Telecom Providers hack,"Suspected iranian hacking group ""Greenbug"" targets telecom providers in South Asia.",2019-04-01,2020-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['South Asia (region)'],,[['Critical infrastructure']],[['Telecommunications']],"['Greenbug', 'OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Greenbug; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/greenbug-espionage-telco-south-asia', 'https://www.cyberscoop.com/greenbug-symantec-iran-hacking-pakistan/']"
1248,Russia interference in Britains general election 2019,Russian hacking group stole U.S.-UK trade documents from email account of former trade minister Liam Fox and leaked them ahead of the general election in order to influence it.,2019-07-12,2019-10-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,['United Kingdom'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],,['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by third-party,,,,,Russia,"Non-state actor, state-affiliation suggested",,['https://www.reuters.com/article/us-britain-russia-hack-exclusive/exclusive-papers-leaked-before-uk-election-in-suspected-russian-operation-were-hacked-from-ex-trade-minister-sources-idUKKCN24Z1V4?edition-redirect=uk'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.reuters.com/article/us-britain-russia-hack-exclusive/exclusive-papers-leaked-before-uk-election-in-suspected-russian-operation-were-hacked-from-ex-trade-minister-sources-idUKKCN24Z1V4?edition-redirect=uk']
1249,Seedworm,"Iranian hacking group Seedworm/MuddyWater hacked into government entities and telecommunications operators in Iraq, Kuwait, Turkey, ARE and Georgia as part of a cyber espionage campaign.",2019-12-01,2020-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iraq', 'Turkey', 'Kuwait', 'United Arab Emirates', 'Georgia']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'CENTAS']]","[['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Telecommunications'], ['Government / ministries', 'Telecommunications'], ['Government / ministries', 'Telecommunications'], ['Government / ministries', 'Telecommunications'], ['Government / ministries', 'Telecommunications']]",['MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/seedworm-apt-iran-middle-east'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cyberscoop.com/muddywater-iran-symantec-middle-east/', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/seedworm-apt-iran-middle-east']"
1250,Chinese espionage campaign against japanese organizations,Chinese hacking group Cicada/ APT 10 gained access into network systems and stole credential information from japanese companies in 17 regions and multiple sectors.,2019-10-01,2020-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)']",['China'],"['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested",,['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-APT 10-japan-espionage'],System / ideology; International power,Territory; Resources; International power; Other,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/chinese-hackers-target-japanese-organizations-large-scale-campaign', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-APT 10-japan-espionage']"
1251,Ocean Lotus Fake Websites,"The state-sponsored vietnamese hacking group ""OceanLotus"" created websites for the vietnamese public and Southeast Asia in general to steal information about persons of interest.",2019-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Southeast Asia (region)', 'Vietnam']","[[], ['ASIA', 'SCS', 'SEA']]","[['End user(s) / specially protected groups'], ['End user(s) / specially protected groups']]",,['Ocean Lotus/APT 32'],['Vietnam'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Ocean Lotus/APT 32,Vietnam,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cyberscoop.com/vietnam-hacking-oceanlotus-apt32-fake-news/', 'https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/']"
1252,HpReact,APT-C-43 steals Venezuelan military secrets to provide intelligence support for the coup.,2019-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Venezuela'],[['SOUTHAM']],[['State institutions / political system']],[['Military']],['APT-C-43/El Machete'],['Colombia'],"['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT-C-43/El Machete,Colombia,"Non-state actor, state-affiliation suggested",,['https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/'],National power,System/ideology; National power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/']
1253,MoleRats Espionage 2019,The arabic-speaking hacking group MoleRATs/ Gaza Cybergang conducted an espionage campaign on entities and individuals related to the Palestinian Authority.,2019-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Palestine'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'End user(s) / specially protected groups']]","[['Government / ministries', '']]",['MoleRATs/ Gaza Cybergang'],['Palestine'],['Non-state-group'],['Hacktivist(s)'],1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MoleRATs/ Gaza Cybergang,Palestine,Non-state-group,Hacktivist(s),['https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one']
1286,Exim Mail Transfer Agent - May 2020,"Russian hacking group Sandworm, respectively the Russian intelligence service GRU, exploited a bug in Exim Mail Transfer Agent in order to send emails, which automatically provide root privileges in the receiving computer. Although this bug was patched in June 2019, at least one month before the hack started, unknown receivers who did not patch their computers got hit.",2019-08-01,2020-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Hijacking without Misuse,,"['Unknown', 'United Kingdom']","[[], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Unknown'], ['Unknown']]",,"['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)', 'GRU']","['Russia', 'Russia']","['State', 'State']",,1,2020-01-01; 2020-01-01,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by third-party; Attribution by third-party,,,,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455); GRU",Russia; Russia,State; State,,['https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://arstechnica.com/information-technology/2020/05/russian-hackers-are-exploiting-bug-that-gives-control-of-us-servers/', 'https://techmonitor.ai/techonology/cybersecurity/exim-vulnerability-nsa-sandworm', 'https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf']"
1255,CactusPete vs. Russia and Mongolia,"The Chinese hacking group ""CactusPete"" conducted an espionage campaign against the Russian defense industry and the mongolian government.",2019-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Mongolia', 'Russia']","[['ASIA', 'EASIA', 'NEA'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Election infrastructure / related systems'], ['Government / ministries', 'Election infrastructure / related systems']]","['Tonto Team/CactusPete/BRONZE HUNTLEY/KARMA PANDA/G0131 (PLA, Unit 65017)', 'PLA']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01; 2020-01-01,Statement in media report and political statement/technical report; Statement in media report and political statement/technical report,IT-security community attributes attacker; IT-security community attributes attacker,,,,"Tonto Team/CactusPete/BRONZE HUNTLEY/KARMA PANDA/G0131 (PLA, Unit 65017); PLA",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://securelist.com/cactuspete-APT -groups-updated-bisonal-backdoor/97962/', 'https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/', 'https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/cactuspete-APT%20-groups-updated-bisonal-backdoor/97962/', 'https://securelist.com/cactuspete-APT -groups-updated-bisonal-backdoor/97962/', 'https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/', 'https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403']"
1256,Transparent Tribe hack,The pakistani hacking group Transparent Tribe targets military targets in Afghanistan and India.,2019-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['India', 'Afghanistan']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA']]","[['State institutions / political system'], ['State institutions / political system']]","[['Military'], ['Military']]",['APT36/Transparent Tribe/Mythic Leopard/C-Major'],['Pakistan'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf', 'https://securelist.com/transparent-tribe-part-1/98127/']",System / ideology; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf', 'https://securelist.com/transparent-tribe-part-1/98127/']"
1257,Fishing Elephant hack,"The hacking group Fishing Elephant targets government and diplomatic entities in Turkey, Pakistan, Bangladesh, Ukraine and China.",2019-01-01,2019-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Pakistan', 'Bangladesh', 'Ukraine', 'China']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA'], ['EUROPE', 'EASTEU'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', '']]",['Fishing Elephant'],['Unknown'],['Unknown - not attributed'],,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Fishing Elephant,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securelist.com/apt-trends-report-q1-2020/96826/']
1258,Chinese MSS campaign,Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.,2019-01-01,2020-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['United States', 'Netherlands', 'Korea, Republic of', 'Australia']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SCS', 'NEA'], ['OC']]","[['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Health', 'Defence industry', ''], ['Health', 'Defence industry', ''], ['Health', 'Defence industry', ''], ['Health', 'Defence industry', '']]","['Li Xiaoyu/Oro01xy', 'Dong Jiazhi']","['China', 'China']","['State', 'State']",,1,2020-01-01; 2020-01-01,Political statement/report and indictment / sanctions; Political statement/report and indictment / sanctions,Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Li Xiaoyu/Oro01xy; Dong Jiazhi,China; China,State; State,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://us-cert.cisa.gov/ncas/alerts/aa20-258a']
1254,Russian APT29 targeted entities worldwide during the supply-chain cyber espionage campaign Solarwinds starting in 2019,"The Russian government-linked hacking group ""Cozy Bear"" (aka APT29/The Dukes) and an unknown Hacker/ hacking group used the SolarWinds Supply Chain vulnerability to compromise multiple targets worldwide. Mandiant confirmed attribution statements made by the US government that the activity of the UNC2452 (aka Dark Halo) hacking group in the Solarwinds attack was conducted by the Russian-based espionage group, APT29.

The Russian threat actors behind the SolarWinds attack appear to deploy a Nobelium infrastructure, which the Recorded Future Insikt Group calls SOLARDEFLECTION, and ""encompasses command and control (C2) infrastructure."" The Insikt Group issued a report on Nobelium in May 2022 that notes that they have ""made extensive use of typosquat domains in SSL certificates and will likely continue to use deceptive techniques, including typosquat redirection, when using Cobalt Strike tooling.""",2019-09-01,2021-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim; Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,"[[None], ['United States Department of State (DOS)'], ['United States Department of Justice (DOJ)'], ['United States Department of Energy (DOE)'], ['Cybersecurity and Infrastructure Security Agency (CISA; United States)'], ['United States Department of Treasury (USDT)'], ['United States Department of Homeland Security (DHS)'], ['United States Department of Defense (DOD)'], ['Not available'], ['Not available']]","['Global (region)', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'EU (region)', 'United Kingdom']","[[], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['EU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries', 'Finance', 'Other social groups', '', '', ''], ['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Civil service / administration'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries'], [''], ['']]",['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)'],['Russia'],['State'],,7,2021-04-15; 2021-04-15; 2021-02-23; 2021-02-23; 2021-01-05; 2022-04-27; 2020-12-13; 2021-04-15; 2021-04-15,"Political statement / report (e.g., on government / state agency websites); Domestic legal action; Domestic legal action; Domestic legal action; Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; Attribution by third-party; Attribution by receiver government / state entity,"Joe Biden (President, USA); Joe Biden (President, USA); Mandiant; Microsoft; Cyber Unified Coordination Group (UCG); Mandiant; Mandiant; Government of Canada; UK government",,United States; United States; United States; United States; United States; United States; United States; Canada; United Kingdom,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR; SVR; Not available; Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Not available; Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia; Russia; Russia; Russia; Russia; Russia; Not available; Russia; Russia,"State; State; State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Unknown - not attributed; State; State","; ; ; ; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; ; ; ","['https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/', 'https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html', 'https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF', 'https://www.mandiant.com/resources/blog/unc2452-merged-into-apt29']",System / ideology; International power,Unknown,,Unknown,,7,2020-12-21; 2021-02-23; 2021-04-15; 2021-04-15; 2021-04-15; 2021-04-15; 2021-04-15,State Actors: Preventive measures; State Actors: Legislative reactions; State Actors: Stabilizing measures; EU: Stabilizing measures; International organizations: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures,Awareness raising; Parliamentary investigation committee; Statement by head of state/head of government; Declaration of HR; Statement by secretary-general or similar; Statement by minister of foreign affairs; Statement by head of state/head of government,United States; United States; United States; EU (region); NATO (region); Canada; United Kingdom,"Federal Bureau of Investigation (FBI); US Senate; Joe Biden (President, USA); High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); North Atlantic Treaty Organization (NATO); Government of Canada; UK government",No,,Supply Chain Compromise,Data Exfiltration,None,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,12.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",501-10000,0.0,21-50,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage,,Not available,1,2021-04-15 00:00:00,Peaceful means: Retorsion (International Law),Economic sanctions,United States,US Department of the Treasury,Cyber espionage; Sovereignty,; ,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://cyberscoop.com/white-house-cybersecurity-strategy/', 'https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/', 'https://therecord.media/treasury-department-hits-russian-disinformation-operators-with-sanctions/', 'https://twitter.com/DigitalPeaceNow/status/1630705797964390401', 'https://twitter.com/DigitalPeaceNow/status/1630705797964390401', 'https://krebsonsecurity.com/2023/03/highlights-from-the-new-u-s-cybersecurity-strategy/', 'https://www.lawfareblog.com/biden-harris-administration-releases-new-national-cybersecurity-strategy', 'https://cyberscoop.com/easterly-cisa-budget-china-biden/', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack', 'https://cyberscoop.com/3cx-hack-supply-chain-north-korea/', 'https://www.darkreading.com/endpoint/automatic-officlal-updates-malicious-3cx-enterprises', 'https://socradar.io/learnworlds-users-at-risk-numerous-vulnerabilities-uncovered/', 'https://www.microsoft.com/en-us/security/blog/2023/04/06/devops-threat-matrix/', 'https://thehackernews.com/2023/04/russia-linked-hackers-launches.html', 'https://www.darkreading.com/operations/marlinspike-adds-charles-carmakal-to-its-advisory-board', 'https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html', 'https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/', 'https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html', 'https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF', 'https://www.businessinsider.com/biden-statement-solarwinds-cyberattack-trump-russia-2020-12#:~:text=President-elect%20Joe%20Biden%20released%20a%20strongly-worded%20statement%20Thursday%2C,still%20have%20not%20commented%20publicly%20on%20the%20attack.', 'https://www.govinfosecurity.com/feds-warn-healthcare-over-cobalt-strike-infections-a-20242', 'https://www.mandiant.com/resources/blog/unc2452-merged-into-apt29', 'https://www.recordedfuture.com/solardeflection-c2-infrastructure-used-by-nobelium-in-company-brand-misuse', 'https://www.businessinsider.com/cloud-software-firms-takeover-targets-acquisitions-rbc-analysts-2022-10', 'https://www.c-span.org/video/?509234-1/senate-intelligence-hearing-solarwinds-hacking', 'https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure', 'https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/', 'https://www.ic3.gov/Media/News/2020/201229.pdf', 'https://www.bleepingcomputer.com/news/security/nsa-shares-supply-chain-security-tips-for-software-suppliers/', 'https://www.bbc.com/news/technology-55318815', 'https://therecord.media/solarwinds-hack-affected-six-eu-agencies/', 'https://www.consilium.europa.eu/en/press/press-releases/2021/04/15/declaration-by-the-high-representative-on-behalf-of-the-european-union-expressing-solidarity-with-the-united-states-on-the-impact-of-the-solarwinds-cyber-operation/', 'https://www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise', 'https://www.canada.ca/en/global-affairs/news/2021/04/statement-on-solarwinds-cyber-compromise.html', 'https://www.nato.int/cps/en/natohq/official_texts_183168.htm', 'https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/', 'https://www.darkreading.com/threat-intelligence/advanced-cyberattackers-disruptive-hits-new-technologies', 'https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis/', 'https://portswigger.net/daily-swig/security-done-right-infosec-wins-of-2022', 'https://twitter.com/780thC/status/1620378980758196226', 'https://www.malwarebytes.com/blog/news/2023/02/how-to-protect-your-business-from-supply-chain-attacks']"
1260,SectorE02 vs. Pakistani government,The hacking group SectorE02 targets the Pakistani government.,2019-03-01,2019-07-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Intelligence agencies']]",['Sector E02 Group'],['South Asia (region)'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Sector E02 Group,South Asia (region),Unknown - not attributed,,['https://redalert.nshc.net/2019/08/02/sectore02-updates-yty-framework-in-new-targeted-campaign-against-pakistan-government/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://redalert.nshc.net/2019/08/02/sectore02-updates-yty-framework-in-new-targeted-campaign-against-pakistan-government/']
1261,National Revenue Agency hack,"A Hacker steals data of millions of Bulgarians from the National Revenue Agency, a department of the Bulgarian Ministry of Finance.",2019-01-01,2019-07-15,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Bulgaria'],"[['EUROPE', 'BALKANS', 'NATO', 'EU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,2019-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/hacker-steals-data-of-millions-of-bulgarians-emails-it-to-local-media/', 'https://www.dnevnik.bg/bulgaria/2019/07/15/3938760_demokratichna_bulgariia_iska_ostavkata_na_goranov/']"
1262,LAPD hack,The Los Angeles Personnel Deparment was hacked and thousands of personal information of police officers were stolen.,2019-07-01,2019-07-25,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.theguardian.com/us-news/2019/jul/29/los-angeles-police-officer-data-breach', 'https://www.nbclosangeles.com/news/lapd-police-officers-personal-information-stolen-data-breach/132477/']"
1263,North Louisiana school districs,"The IT networks of three school districts in North Louisiana - Sabine, Morehouse, and Ouachita - experienced disruptions to varying degress as a result of a ransomware attack. The governor declared a state of emergency in response to the attack.",2019-07-21,2019-07-24,"Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,,['United States'],"[['NATO', 'NORTHAM']]",[['Science']],,,['Unknown'],['Unknown - not attributed'],,1,,"Attribution given, type unclear",Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://www.zdnet.com/article/louisiana-governor-declares-state-emergency-after-local-ransomware-outbreak/']
1264,REvil carried out ransomware attacks targeting 23 local governments in Texas on 16 August 2019,"REvil carried out ransomware attacks targeting 23 local governments in Texas on 16 August 2019, ZDNet first reported two days later based on an anonymous source. 
In a Jan. 24, 2023, interview for IT security firm Cybereason, Rich Murray, the head of the FBI's North Texas cyber unit, described exactly what happened on the afternoon of Aug. 16, 2019. Within the affected local governments in Texas, a water treatment facility and computer-aided dispatch systems for law enforcement, among others, were disrupted. Later that evening, investigating officials learned from a private organization that it was the ransomware group REvil. 
On November 8, 2021, based on the FBI's investigation, the U.S. Department of Justice filed charges against Yevegeniy Polyanin, a Russian national, for carrying out ransomware attacks on the Texas local governments. In addition, investigators seized $6.1 million in kyrptocurrency that Polyanin extorted in the course of ransomware attacks. ",2019-08-16,2019-08-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,"[['Local Texas Governments'], ['Not available']]","['United States', 'United States']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM']]","[['State institutions / political system'], []]","[['Civil service / administration'], []]",['Yevgeniy Polyanin --> REvil/ Sodinokibi'],['Russia'],['Non-state-group'],['Criminal(s)'],3,2021-11-08; 2019-08-18; 2019-08-16,"Domestic legal action; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity; Media-based attribution; Media-based attribution,US Department of Justice (DoJ); Not available; Not available,,United States; Not available; Not available,Yevgeniy Polyanin --> REvil/ Sodinokibi; REvil; REvil,Russia; Not available; Not available,Non-state-group; Non-state-group; Non-state-group,Criminal(s); Criminal(s); Criminal(s),"['https://www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/', 'https://www.cybereason.com/blog/fbi-vs.-revil-ml-bside', 'https://dir.texas.gov/news/us-justice-department-announces-indictment-against-revil-ransomware-suspect-behind-2019']",Unknown,Unknown,,Unknown,,0,,,,,,No,,Supply Chain Compromise,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,1,2019-08-16 00:00:00,Proclamation of public emergency (national level),,United States,Texas Military Department,Other,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/', 'https://www.cybereason.com/blog/fbi-vs.-revil-ml-bside', 'https://dir.texas.gov/news/us-justice-department-announces-indictment-against-revil-ransomware-suspect-behind-2019']"
1265,Fancy Bear hacks US Federal Agency,The Russian state-sponsored hacking group Fancy Bear penetrated the network systems of a yet unknown US Federal Agency and stole data from it.,2019-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Energy']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)', 'GRU']","['Russia', 'Russia']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2020-01-01; 2020-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.wired.com/story/russia-fancy-bear-us-hacking-campaign-government-energy/', 'https://www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/']",International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.wired.com/story/russia-fancy-bear-us-hacking-campaign-government-energy/', 'https://www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/', 'https://us-cert.cisa.gov/ncas/analysis-reports/ar20-268a']"
1266,Double Dragon: Video Game Distributor (Supply-Chain),"Chinese state-sponsored hacking group APT41 injected a backdoor into a Southeast Asian video games distributor infecting the games Path of Exile, League of Legends and Fifa Online 3.",2014-12-01,2014-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,['Southeast Asia (region)'],,[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,FireEye,,United States,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,['https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.ft.com/content/965ceffc-b8ea-11e9-8a88-aa6628ac896c', 'https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf']"
1259,KISMET,Government-linked Saudi and Emirati hacking groups compromised the mobile devices of Al Jazeera journalists in order to steal information.,2019-10-01,2020-08-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,"['United Kingdom', 'Qatar']","[['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['Media'], ['Media']]",,"['MONARCHY', 'SNEAKY KESTREL']","['Saudi Arabia', 'United Arab Emirates']","['State', 'State']",,1,2020-01-01; 2020-01-01; 2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,,,,MONARCHY; MONARCHY; SNEAKY KESTREL; SNEAKY KESTREL,Saudi Arabia; United Arab Emirates; Saudi Arabia; United Arab Emirates,State; State; State; State,,['https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/'],International power,International power,,Yes / HIIK intensity,HIIK 1,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.derstandard.de/story/2000122676179/schwere-iphone-luecke-zur-spionage-gegen-dutzende-journalisten-genutzt', 'https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/']"
1268,Ferocious Kitten Domestic Surveillance,"The  previously unknown APT group Ferocious Kitten got discovered surveying persian-speaking individuals in Iran since 2015. Therefore it used lure content displaying images or videos of resistance or strikes against the Iranian regime, suggesting the surveillance is aimed at potential supporters of such movements.",2015-01-01,2021-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Social groups']],[['Political opposition / dissidents / expats']],['Ferocious Kitten'],['Unknown'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Ferocious Kitten,Unknown,Unknown - not attributed,,['https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/kaspersky-details-iranian-domestic-cyber-surveillance-operation', 'https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/']"
1269,Tetris,"A security researcher calling himself Imp0rtp3 reports on the Chinese spy tool called Tetris used by a suspected Chinese government hacking group. Targets here were 58 websites, one of which is the New York Times site. It is believed that Chinese dissidents are the target.",2016-01-01,2021-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft,,"['China', 'United States']","[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['NATO', 'NORTHAM']]","[['Social groups', 'Media'], ['Social groups', 'Media']]","[['Political opposition / dissidents / expats', ''], ['Political opposition / dissidents / expats', '']]",,['China'],['State'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,China,State,,['https://imp0rtp3.wordpress.com/2021/08/12/tetris/'],System / ideology; National power,System/ideology,,Yes / HIIK intensity,HIIK 1,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://iicybersecurity.wordpress.com/2021/08/20/tetris-chinese-governments-favorite-hacking-spying-tool-how-it-works-and-how-to-get-it/', 'https://therecord.media/chinese-espionage-tool-exploits-vulnerabilities-is-58-widely-used-websites/', 'https://imp0rtp3.wordpress.com/2021/08/12/tetris/']"
1270,Operation Harvest,McAfee's Advanced Threat Research Team discovered a malware attack that turned out to be a long-term espionage campaign. The company considers Chinese groups APT27 and APT41 the most likely actors for the attack.,2016-01-01,2021-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,[['Unknown']],,"['Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027', 'APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027; APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/operation-harvest-a-deep-dive-into-a-long-term-campaign.html'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://cyware.com/news/lets-talk-about-operation-harvest-2d9feff3/?web_view=true', 'https://www.inforisktoday.com/chinese-apt-data-harvesting-campaign-analyzed-a-17581', 'https://www.techtarget.com/searchsecurity/news/252506722/McAfee-discovers-Chinese-APT-campaign-Operation-Harvest', 'https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/operation-harvest-a-deep-dive-into-a-long-term-campaign.html']"
1271,Russian state-sponsored hacked the internal network of Dutch police,Russian state-sponsored hacking groups breached the internal network of Dutch police in September 2017 in the cours of the country’s investigation of the MH-17 crash.,2017-09-01,2017-09-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Hijacking without Misuse,,['Netherlands'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Police']],"['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)', 'Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']","['Russia', 'Russia']","['State', 'State']",,1,2021-01-01; 2021-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Contested attribution; Contested attribution,,,,"Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia; Russia,State; State,,['https://www.volkskrant.nl/nieuws-achtergrond/russen-zaten-ten-tijde-van-mh17-onderzoek-door-hack-diep-in-systemen-politie~b0e044e1/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://therecord.media/russian-hackers-breached-dutch-police-systems-in-2017/', 'https://www.volkskrant.nl/nieuws-achtergrond/russen-zaten-ten-tijde-van-mh17-onderzoek-door-hack-diep-in-systemen-politie~b0e044e1/']"
1272,BackdoorDiplomacy hacked diplomats primarily in Africa and the Middle East,"Hacking group BackdoorDiplomacy attacks diplomats in Africa, the Middle East, Europe and Asia.",2017-01-01,2000-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Europe (region)', 'Middle East (region)', 'Asia (region)', 'Africa']",,"[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Social groups']]","[['Government / ministries', '', 'Telecommunications', 'Other social groups'], ['Government / ministries', '', 'Telecommunications', 'Other social groups'], ['Government / ministries', '', 'Telecommunications', 'Other social groups'], ['Government / ministries', '', 'Telecommunications', 'Other social groups']]",['BackdoorDiplomacy/ CloudComputating'],['Unknown'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,BackdoorDiplomacy/ CloudComputating,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.welivesecurity.com/deutsch/2021/06/11/backdoordiplomacy-von-quarian-zu-turian/', 'https://www.zdnet.com/article/this-new-hacking-group-has-a-nasty-surprise-for-african-middle-east-diplomats/']"
1273,DeadRinger,"The three clusters Soft Cell, Naikon and APT27/Emissary Panda, which Cyberreason calls DeadRinger, joined forces to carry out cyberattacks against Southeast Asian telecommunications companies. The APTs are believed to be sponsored by the Chinese state. All three actors were active between 2017 and 2021 and overlapped in some targets and also in the timing of the attack.",2017-01-01,2021-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Southeast Asia (region)'],,[['Critical infrastructure']],[['Telecommunications']],"['Soft Cell', 'APT30/Naikon/G0013 (PLA, Unit 78020)']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Soft Cell; APT30/Naikon/G0013 (PLA, Unit 78020)",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.cybereason.com/blog/deadringer-exposing-chinese-threat-actors-targeting-major-telcos'],International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/deadringer-three-pronged-attack-chinese-military-actors-against-major-telcos', 'https://www.zdnet.com/article/deadringer-chinese-apts-strike-major-telecommunications-companies/', 'https://www.cybereason.com/blog/deadringer-exposing-chinese-threat-actors-targeting-major-telcos']"
1274,"Operation Ghostwriter: a Belarusian/Russian APT UNC1151 with links to the secret services stole and leaked information of various targets in Germany, Lithuania, Latvia and Poland until 2021","The European Council formally attributed responsibility to the Russian state in late September 2021 for the Ghostwriter campaign that has been ongoing since at least 2017, after Germany accused Russia of involvement in the cyber operation earlier that month. The campaign here primarily targeted government as well as press personnel in Lithuania, Latvia and Poland, and since 2021, Germany.
In Poland, the emails of Polish Chief of Chancellery Michal Dworczyk were published  over many months in starting in June 2021, according to Dworczyk himself and other members of the government.
The emails contained information on questionable government decisions. Michal Dworczyk resigned on 30 September 2022. The European Union already issued a Declaration by the High Representative in September 2021, condemning the Ghostwriter campaign.",2017-03-01,2021-06-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,"[['Michał Dworczyk (Chief of the Chancellery, Poland)'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['Poland', 'Lithuania', 'Poland', 'Germany', 'Latvia']","[['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system'], ['State institutions / political system', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Media']]","[['Government / ministries'], ['Legislative', 'Advocacy / activists (e.g. human rights organizations)', ''], ['Legislative', 'Advocacy / activists (e.g. human rights organizations)', ''], ['Legislative', 'Advocacy / activists (e.g. human rights organizations)', ''], ['Legislative', 'Advocacy / activists (e.g. human rights organizations)', '']]",['UNC1151/ Ghostwriter'],['Russia'],['State'],,5,2021-09-24; 2021-11-16; 2021-09-06; 2021-03-26; 2021-03-26; 2021-03-17,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by EU institution/agency; IT-security community attributes attacker; Attribution by receiver government / state entity; Media-based attribution; Media-based attribution; IT-security community attributes attacker,High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); Mandiant; Federal Government of Germany; Not available; Not available; FireEye,,EU (region); United States; Germany; Germany; Germany; United States,UNC1151/ Ghostwriter; UNC1151/ Ghostwriter; UNC1151/ Ghostwriter; UNC1151/ Ghostwriter; GRU; UNC1151/ Ghostwriter,Russia; Belarus; Russia; Russia; Russia; Not available,"State; State; State; State; State; Non-state actor, state-affiliation suggested",,"['https://www.spiegel.de/politik/deutschland/russischer-hack-erneute-attacke-hack-auf-bundestag-sieben-abgeordnete-betroffen-a-75e1adbe-4462-4e30-bd94-96796aed6b8a', 'https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/unc1151-ghostwriter-update-report.pdf', 'https://www.consilium.europa.eu/en/press/press-releases/2021/09/24/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-respect-for-the-eu-s-democratic-processes/', 'https://www.dw.com/en/germany-warns-russia-over-cyberattacks-ahead-of-election/a-59101191', 'https://www.mandiant.com/resources/blog/unc1151-linked-to-belarus-government', 'https://www.gov.pl/web/premier/oswiadczenie-wiceprezesa-rady-ministrow-przewodniczacego-komitetu-ds-bezpieczenstwa-narodowego-i-spraw-obronnych-jaroslawa-kaczynskiego2']",System / ideology; National power; International power,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,4,2021-06-09; 2021-09-24; 2022-09-30; 2021-09-01,EU member states: Stabilizing measures; EU: Stabilizing measures; EU member states: Executive reactions; State Actors: Cooperative measures,Statement by other ministers/members of parliament; Declaration of HR; Resignation; Diplomatic protest notes,Poland; EU (region); Poland; Germany,"Michał Dworczyk (Chief of Staff, POL); High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); Michał Dworczyk (Chief of Staff, POL); Miguel Berger (State Secretary, DEU)",No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.spiegel.de/politik/deutschland/russischer-hack-erneute-attacke-hack-auf-bundestag-sieben-abgeordnete-betroffen-a-75e1adbe-4462-4e30-bd94-96796aed6b8a', 'https://www.thefirstnews.com/article/parliament-email-accounts-also-hacked-in-recent-cyber-attack-23025', 'https://www.reuters.com/world/europe/cyber-attack-polish-officials-came-russia-kaczynski-says-2021-06-18/', 'https://www.bleepingcomputer.com/news/security/eu-officially-blames-russia-for-ghostwriter-hacking-activities/', 'https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/unc1151-ghostwriter-update-report.pdf', 'https://therecord.media/eu-formally-blames-russia-for-ghostwriter-hack-and-influence-operation/', 'https://www.bleepingcomputer.com/news/security/german-parliament-targeted-again-by-russian-state-hackers/', 'https://www.consilium.europa.eu/en/press/press-releases/2021/09/24/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-respect-for-the-eu-s-democratic-processes/', 'https://www.dw.com/en/germany-warns-russia-over-cyberattacks-ahead-of-election/a-59101191', 'https://www.securityweek.com/poland-target-unprecedented-cyber-attacks-govt', 'https://www.mandiant.com/resources/blog/unc1151-linked-to-belarus-government', 'https://www.cyberscoop.com/unc1151-belarus-russia-influence-ops/', 'https://www.faz.net/aktuell/politik/ausland/hackerangriff-in-polen-mails-vom-falschen-konto-17394731.html', 'https://apnews.com/article/russia-ukraine-putin-poland-government-and-politics-6040a1a99cec0b3b0f76a7acbe52c790', 'https://polishnews.co.uk/michal-dworczyk-a-hacking-attack-on-an-e-mail-inbox-the-minister-issued-another-statement/', 'https://notesfrompoland.com/2021/06/09/polish-pms-chief-of-staff-confirms-his-email-account-hacked-after-documents-appear-on-telegram/', 'https://www.politico.eu/article/leaked-email-scandal-engulfs-poland-political-elite-mails-hacking/', 'https://www.consilium.europa.eu/en/press/press-releases/2021/09/24/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-respect-for-the-eu-s-democratic-processes/', 'https://www.gov.pl/web/premier/oswiadczenie-wiceprezesa-rady-ministrow-przewodniczacego-komitetu-ds-bezpieczenstwa-narodowego-i-spraw-obronnych-jaroslawa-kaczynskiego2', 'https://twitter.com/michaldworczyk/status/1402390155877552129?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1402390155877552129%7Ctwgr%5Eac4caa1372e3a3fd2e40d24b80a600ee5e66602c%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fnotesfrompoland.com%2F2021%2F06%2F09%2Fpolish-pms-chief-of-staff-confirms-his-email-account-hacked-after-documents-appear-on-telegram%2F', 'https://www.gov.pl/web/sluzby-specjalne/findings-regarding-hacker-attacks', 'https://www.statecraft.co.in/article/germany-accuses-russia-of-cyberattacks-and-disinformation-campaigns-ahead-of-election', 'https://www.gov.pl/web/sluzby-specjalne/atak-dezinformacyjny-na-polske', 'https://www.gov.pl/web/sluzby-specjalne/kolejny-atak-informacyjny-na-pl', 'https://www.gov.pl/web/premier/oswiadczenie-wiceprezesa-rady-ministrow-przewodniczacego-komitetu-ds-bezpieczenstwa-narodowego-i-spraw-obronnych-jaroslawa-kaczynskiego2', 'https://www.funkschau.de/sicherheit-datenschutz/generalbundesanwalt-ermittelt-nach-cyberangriffen-auf-abgeordnete.189623.html', 'https://twitter.com/SecBlinken/status/1441433540512690177', 'https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-stands-solidarity-eu-against-malicious-cyber-activity']"
1275,Double Dragon: ShadowPad (Supply Chain),"Chinese state-sponsored hacking group APT41 injected malicious code into a software update of Netsarang. In the end the hacking group compromised one further target in Hong Kong, as the early detection and the following release of a software update free of malicious code prevented the infection of hundreds of companies.",2017-07-01,2017-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,"['Korea, Republic of', 'Hong Kong']","[['ASIA', 'SCS', 'NEA'], ['ASIA']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,"['https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf', 'https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.kaspersky.com/about/press-releases/2017_shadowpad-how-attackers-hide-backdoor-in-software-used-by-hundreds-of-large-companies-around-the-world', 'https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf', 'https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf', 'https://www.bleepingcomputer.com/news/security/hackers-abuse-google-command-and-control-red-team-tool-in-attacks/']"
1276,Hornbill and Sunbird,Indian state-sponsored group hacked several targets during the India-Pakistan conflict.,2018-01-01,2021-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Pakistan', 'United Arab Emirates', 'India']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'End user(s) / specially protected groups'], ['State institutions / political system', 'State institutions / political system', 'End user(s) / specially protected groups'], ['State institutions / political system', 'State institutions / political system', 'End user(s) / specially protected groups']]","[['Military', 'Election infrastructure / related systems', ''], ['Military', 'Election infrastructure / related systems', ''], ['Military', 'Election infrastructure / related systems', '']]",['Confucius'],['India'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Confucius,India,"Non-state actor, state-affiliation suggested",,['https://de.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict'],Territory; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 4,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/pro-india-hackers-use-android-spyware-to-spy-on-pakistani-military/', 'https://de.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict']"
1277,Operation GhostShell,"While investigating Operation GhostShell, which targeted the aerospace and telecommunications sectors in the Middle East, Europe, Russia, and the U.S., Cybereason found a new RAT called ShellClient and the previously unknown threat actor MalKamak. The group is attributed to Iran and also has possible ties to state-sponsored groups.",2018-01-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Russia', 'Europe (region)', 'Middle East (region)']","[['NATO', 'NORTHAM'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], [], []]","[['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure']]","[['Transportation', 'Telecommunications'], ['Transportation', 'Telecommunications'], ['Transportation', 'Telecommunications'], ['Transportation', 'Telecommunications']]",['MalKamak'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MalKamak,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.cybereason.com/blog/research/operation-ghostshell-novel-rat-targets-global-aerospace-and-telecoms-firms'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/hackers-use-stealthy-shellclient-malware-on-aerospace-telco-firms/', 'https://www.securityweek.com/iran-linked-malkamak-hackers-targeting-aerospace-telcos-shellclient-rat', 'https://www.cybereason.com/blog/research/operation-ghostshell-novel-rat-targets-global-aerospace-and-telecoms-firms']"
1278,Out to Sea,"IT-Researchers from ESET combined several previously discovered cyber-operations into the iranian cyber-espionage campaign ""Out to Sea"". The previously discovered cyber-operations were attributed to other groups at the time, namely Lyceum and Siamesekitten. IT-Reaseachers from ESET put these supposedly different groups together and attribute them to the known iranian state-sponsored hacking group OilRig. The last part of the cyber-campaign from September to December 2021 used an improved backdoor called Marlin.",2018-04-01,2021-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Israel', 'Tunisia', 'United Arab Emirates', 'Middle East (region)', 'South Africa', 'Morocco', 'Saudi Arabia']","[['ASIA', 'MENA', 'MEA'], ['AFRICA', 'NAF', 'MENA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], [], ['AFRICA', 'SSA'], ['AFRICA', 'NAF', 'MENA'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['', 'Energy', 'Health', 'Telecommunications', ''], ['', 'Energy', 'Health', 'Telecommunications', ''], ['', 'Energy', 'Health', 'Telecommunications', ''], ['', 'Energy', 'Health', 'Telecommunications', ''], ['', 'Energy', 'Health', 'Telecommunications', ''], ['', 'Energy', 'Health', 'Telecommunications', ''], ['', 'Energy', 'Health', 'Telecommunications', '']]",['OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.welivesecurity.com/wp-content/uploads/2022/02/eset_threat_report_t32021.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://malware.news/t/deep-dive-into-the-lyceum-danbot-malware/36216', 'https://www.databreachtoday.com/threat-actor-adds-new-marlin-backdoor-to-its-arsenal-a-18524', 'https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign', 'https://securelist.com/lyceum-group-reborn/104586/', 'https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns', 'https://www.clearskysec.com/wp-content/uploads/2021/08/Siamesekitten.pdf', 'https://www.welivesecurity.com/wp-content/uploads/2022/02/eset_threat_report_t32021.pdf']"
1279,Double Dragon: Crackshot backdoor (Supply-Chain),Chinese state-sponsored hacking group APT41 injected a backdoor into a Southeast and Eastasian video game developer.,2018-07-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,"['Southeast Asia (region)', 'Eastern Asia (region)']",,"[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,['https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf']
1280,xHunt,New campaign by xHunt targets Kuwaiti government in using two backdoors.,2019-09-01,2020-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,['Kuwait'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['State institutions / political system']],[['Government / ministries']],['xHunt/ Hive0081'],"['Iran, Islamic Republic of']",['Unknown - not attributed'],,1,2019-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,xHunt/ Hive0081,"Iran, Islamic Republic of",Unknown - not attributed,,"['https://securityaffairs.co/wordpress/94724/malware/iran-zerocleare-wiper-attacks.html', 'https://unit42.paloaltonetworks.com/more-xhunt-new-powershell-backdoor-blocked-through-dns-tunnel-detection/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/110644/apt/xhunt-attackers-hit-microsoft-exchange.html', 'https://securityaffairs.co/wordpress/94724/malware/iran-zerocleare-wiper-attacks.html', 'https://unit42.paloaltonetworks.com/more-xhunt-new-powershell-backdoor-blocked-through-dns-tunnel-detection/']"
1281,Dark Caracal II,"Dark Caracal, a Lebanese cyberespionage group, attacks multiple industries in several countries.",2019-01-01,2020-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Hijacking without Misuse,,"['Singapore', 'Cyprus', 'Chile', 'Italy', 'United States', 'Turkey', 'Switzerland', 'India', 'Germany']","[['ASIA'], ['EUROPE', 'EU', 'MEA'], ['SOUTHAM'], ['EUROPE', 'NATO', 'EU'], ['NATO', 'NORTHAM'], ['ASIA', 'NATO', 'MEA'], ['EUROPE', 'WESTEU'], ['ASIA', 'SASIA', 'SCO'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Judiciary', 'Energy', 'Health', 'Food', 'Finance'], ['Government / ministries', 'Judiciary', 'Energy', 'Health', 'Food', 'Finance'], ['Government / ministries', 'Judiciary', 'Energy', 'Health', 'Food', 'Finance'], ['Government / ministries', 'Judiciary', 'Energy', 'Health', 'Food', 'Finance'], ['Government / ministries', 'Judiciary', 'Energy', 'Health', 'Food', 'Finance'], ['Government / ministries', 'Judiciary', 'Energy', 'Health', 'Food', 'Finance'], ['Government / ministries', 'Judiciary', 'Energy', 'Health', 'Food', 'Finance'], ['Government / ministries', 'Judiciary', 'Energy', 'Health', 'Food', 'Finance'], ['Government / ministries', 'Judiciary', 'Energy', 'Health', 'Food', 'Finance']]","['Dark Caracal', 'General Security Directorate']","['Lebanon', 'Lebanon']","['State', 'Non-state-group', 'State', 'Non-state-group']","['', 'Terrorist(s)', '', 'Terrorist(s)']",1,2020-01-01; 2020-01-01; 2020-01-01; 2020-01-01; 2020-01-01; 2020-01-01; 2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,,,,Dark Caracal; Dark Caracal; Dark Caracal; Dark Caracal; General Security Directorate; General Security Directorate; General Security Directorate; General Security Directorate,Lebanon; Lebanon; Lebanon; Lebanon; Lebanon; Lebanon; Lebanon; Lebanon,State; State; Non-state-group; Non-state-group; State; State; Non-state-group; Non-state-group,; Terrorist(s); ; Terrorist(s); ; Terrorist(s); ; Terrorist(s),['https://research.checkpoint.com/2020/bandook-signed-delivered/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/111617/apt/dark-caracal-still-active.html', 'https://www.scmagazine.com/news/security-news/bandook-malware-found-targeting-unusually-wide-variety-of-industries-regions', 'https://research.checkpoint.com/2020/bandook-signed-delivered/']"
1282,Arid Viper: Phenakite,"Arid Viper attackes government officials, student groups, and security forces.",2019-08-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['Palestine'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Social groups']]","[['Government / ministries', 'Military', 'Political parties', 'Advocacy / activists (e.g. human rights organizations)']]","['Arid Viper/ Desert Falcon/ APT-C-23', 'Hamas']","['Palestine', 'Palestine']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,,,Arid Viper/ Desert Falcon/ APT-C-23; Hamas,Palestine; Palestine,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf'],Subnational predominance,Subnational predominance,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/facebook-uncovers-palestinian-government-officials-targeted-with-malware/', 'https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf']"
1283,Belgian interior ministry hack,The Belgian interior ministry was hacked in April 2019 by an unknown hacker group.,2019-04-01,2019-04-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Belgium'],"[['EUROPE', 'EU', 'NATO', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.ibz.be/fr/system/files/attachments/press/press-kit/cp-spf-ibz.pdf', 'https://www.standaard.be/cnt/dmf20210525_96103510', 'https://www.tijd.be/politiek-economie/belgie/federaal/binnenlandse-zaken-twee-jaar-lang-ongemerkt-gehackt/10308489.html', 'https://therecord.media/belgium-government-discovers-old-2019-hack-during-hafnium-investigation/']"
1284,Fancy Bear Global Brute Force,"From 2019 to 2021, Fancy Bear conducted a global brute force campaign targeting the government and private sector.",2019-01-01,2021-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['Global (region)', 'United States', 'Europe (region)']","[[], ['NATO', 'NORTHAM'], []]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science']]","[['Government / ministries', 'Energy', 'Transportation', 'Defence industry', 'Other social groups', '', '', ''], ['Government / ministries', 'Energy', 'Transportation', 'Defence industry', 'Other social groups', '', '', ''], ['Government / ministries', 'Energy', 'Transportation', 'Defence industry', 'Other social groups', '', '', '']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested",,['https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/nsa-russian-gru-hackers-use-kubernetes-to-run-brute-force-attacks/', 'https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF']"
1285,FamousSparrow,"The new cyber espionage group FamousSparrow, active since at least 2019, exploited the already known ProxyLogon vulnerability in early March 2021. The group's main targets are hotels in particular, but also government organizations, engineering firms, as well as law firms worldwide.",2019-08-01,2000-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Brazil', 'Burkina Faso', 'South Africa', 'Canada', 'Israel', 'France', 'Guatemala', 'Lithuania', 'Saudi Arabia', 'Taiwan']","[['SOUTHAM'], ['AFRICA', 'SSA'], ['AFRICA', 'SSA'], ['NATO', 'NORTHAM'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['CENTAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'SCS']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', '']]",['FamousSparrow'],['Unknown'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,FamousSparrow,Unknown,Unknown - not attributed,,['https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://threatpost.com/famoussparrow-spy-hotels-governments/174948/', 'https://www.bleepingcomputer.com/news/security/hacking-group-used-proxylogon-exploits-to-breach-hotels-worldwide/', 'https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/']"
1231,Fake Interview,Charming Kitten tried to gain information about academics and their accounts by impersonating as journalists,2019-11-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'United Kingdom', 'Saudi Arabia', 'Europe (region)']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'MENA', 'MEA', 'GULFC'], []]","[['Media', 'Science'], ['Media', 'Science'], ['Media', 'Science'], ['Media', 'Science']]",,['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,[],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://blog.certfa.com/posts/fake-interview-the-new-activity-of-charming-kitten/']
1287,Pipemon (Supply Chain),Chinese state-sponsored hacking group APT41 injected malicious code into the game executables of video gaming companies based in South Korea and Taiwan.,2019-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,"['Korea, Republic of', 'Taiwan']","[['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.welivesecurity.com/deutsch/2020/05/21/winnti-pipemon/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/103612/malware/winnti-pipemon-backdoor.html', 'https://www.welivesecurity.com/deutsch/2020/05/21/winnti-pipemon/']"
1288,WIRTE Middle East,"Kaspersky attributed a hacking campaign, targeting especially government and diplomatic entities, in the Middle East to WIRTE. Furthermore it assesses with low confidence that WIRTE is associated with the Gaza Cybergang, which is a palestinian non-state hacking group affiliated with Hamas.",2019-12-01,2000-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Armenia', 'Cyprus', 'Egypt', 'Jordan', 'Lebanon', 'Palestine', 'Syria', 'Turkey']","[['ASIA', 'CENTAS', 'CSTO'], ['EUROPE', 'EU', 'MEA'], ['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Military', '', 'Finance', ''], ['Government / ministries', 'Military', '', 'Finance', ''], ['Government / ministries', 'Military', '', 'Finance', ''], ['Government / ministries', 'Military', '', 'Finance', ''], ['Government / ministries', 'Military', '', 'Finance', ''], ['Government / ministries', 'Military', '', 'Finance', ''], ['Government / ministries', 'Military', '', 'Finance', ''], ['Government / ministries', 'Military', '', 'Finance', '']]","['Wirte', 'Gaza Cybergang']","['Unknown', 'Unknown']","['Unknown - not attributed', 'Unknown - not attributed']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Wirte; Gaza Cybergang,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,['https://securelist.com/wirtes-campaign-in-the-middle-east-living-off-the-land-since-at-least-2019/105044/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/stealthy-wirte-hackers-target-governments-in-the-middle-east/', 'https://securelist.com/wirtes-campaign-in-the-middle-east-living-off-the-land-since-at-least-2019/105044/']"
1289,GCHQ disrupts russian anti-vaccine propaganda,UK answers Russian anti-vaccine propaganda through an offensive cyb-eroperation.,2020-01-01,2020-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],,['GCHQ'],['United Kingdom'],['State'],,1,2020-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,GCHQ,United Kingdom,State,,['https://www.theregister.com/2020/11/09/gchq_hacks_russia_vaccine_disinfo/'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.thetimes.co.uk/article/gchq-in-cyberwar-on-anti-vaccine-propaganda-mcjgjhmb2', 'https://www.theregister.com/2020/11/09/gchq_hacks_russia_vaccine_disinfo/']"
1290,Anonymous takes down website of the Police Uganda,Uganda Police has been attacked by Anonymous hacktivists in the cours of protests after the arrest of pop star Robert Kyagulanyi Ssentamu alias Bobi Wine.,2020-11-20,2020-11-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,,['Uganda'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Police']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2020-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),['https://www.infosecurity-magazine.com/news/anonymous-hacks-uganda-police/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://redpepper.co.ug/2020/11/cyber-attacks-anonymous-hack-uganda-police-website-in-wake-of-bobi-wine-city-riots/', 'https://www.infosecurity-magazine.com/news/anonymous-hacks-uganda-police/']"
1291,Russian state-sponsored threat actors exploit VMware vulnerability,Russian state-sponsored actors use vulnerabilities to steal sensitive information.,2020-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ","Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state; Incident disclosed by authorities of victim state",Data theft; Hijacking with Misuse,,['Unknown'],,[['Unknown']],,,['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Russia,"Non-state actor, state-affiliation suggested",,['https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://arstechnica.com/information-technology/2020/12/nsa-says-russian-state-hackers-are-using-a-vmware-flaw-to-ransack-networks/', 'https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF']"
1292,SignSight,"Private companies and government agencies in Vietnam and Philippines attacked during ""Operation SignSight"".",2020-07-23,2020-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Hijacking without Misuse,,"['Vietnam', 'Philippines']","[['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', ''], ['Government / ministries', '']]",,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-attack-southeast-asia/', 'https://www.zdnet.com/article/vietnam-targeted-in-complex-supply-chain-attack/']"
1293,Israel vs. Iran: Aerospace industries,"Iranian ransomware group Pay2Key claims to have hacked the biggest Israeli airpower defense corporation, named Israel Aerospace Industries.",2020-12-01,2020-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Defence industry']],"['Fox Kitten/Parasite/PIONEER KITTEN/UNC757/G0117', 'Fox Kitten/Parasite/PIONEER KITTEN/UNC757/G0117']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Fox Kitten/Parasite/PIONEER KITTEN/UNC757/G0117; Fox Kitten/Parasite/PIONEER KITTEN/UNC757/G0117,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.clearskysec.com/pay2kitten/'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.jpost.com/breaking-news/suspected-iranian-cyberattack-targets-israel-aerospace-industries-652731', 'https://www.timesofisrael.com/iran-linked-group-claims-to-hack-israeli-defense-firm-releases-employee-data/', 'https://www.haaretz.com/israel-news/tech-news/.premium-iranian-hackers-hit-israel-aerospace-industries-leak-data-as-cyberattack-continues-1.9387283', 'https://www.clearskysec.com/pay2kitten/']"
1294,Turkish group attacks European Court of Human Rights,"The European Court of Human Rights has been attacked by Turkish hacktivists after publishing a ruling about the situation of Selahattin Demirtaş, who belongs to the Turkish opposition and has been inprisoned in 2016.",2020-12-23,2020-12-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim; Incident disclosed by attacker,Disruption,,['Unknown'],,[['State institutions / political system']],[['Judiciary']],['Anka Neferler Timi '],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,2020-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anka Neferler Timi ,Turkey,Non-state-group,Hacktivist(s),['https://www.bloomberg.com/news/articles/2020-12-23/europe-s-human-rights-court-hit-by-cyberattack-after-turkey-case?utm_campaign=socialflow-organic&utm_medium=social&utm_source=twitter&cmpid=socialflow-twitter-business&utm_content=business'],System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.promoteukraine.org/europes-human-rights-court-hit-by-cyberattack-after-turkey-case/', 'https://hudoc.echr.coe.int/fre-press#{%22itemid%22:[%22003-6894460-9254005%22]}', 'https://www.infosecurity-magazine.com/news/cyberattack-on-european-court-of/', 'https://www.bloomberg.com/news/articles/2020-12-23/europe-s-human-rights-court-hit-by-cyberattack-after-turkey-case?utm_campaign=socialflow-organic&utm_medium=social&utm_source=twitter&cmpid=socialflow-twitter-business&utm_content=business']"
1295,Israel vs. Iran: Portnox,Iranian ransomware group Pay2Key claims to have stolen data from the Israeli cyber security company Portnox.,2020-12-01,2020-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Fox Kitten/Parasite/PIONEER KITTEN/UNC757/G0117', 'Fox Kitten/Parasite/PIONEER KITTEN/UNC757/G0117']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2020-01-01; 2020-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,,,,Fox Kitten/Parasite/PIONEER KITTEN/UNC757/G0117; Fox Kitten/Parasite/PIONEER KITTEN/UNC757/G0117,"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.clearskysec.com/pay2kitten/'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://english.alaraby.co.uk/news/iran-linked-hacking-group-infiltrates-israeli-cyber-security-firm', 'https://old.iranintl.com/en/iran-in-brief/iran-linked-group-says-it-hacked-israeli-cyber-security-company', 'https://www.timesofisrael.com/iran-linked-hackers-say-they-breached-israeli-cyber-security-firm-portnox/', 'https://www.clearskysec.com/pay2kitten/']"
1296,Lazarus COVID-19-Campaign: Pharmaceutical Company,North Korean actor Lazarus Group targeted a pharmaceutical company in the course of a COVID-19-themed campaign.,2020-09-25,2020-09-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,['Unknown'],,[['Critical infrastructure']],[['Health']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-breach-covid-19-research-entities/', 'https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/']"
1297,Lazarus COVID-19-Campaign: Health Ministry,North Korean actor Lazarus Group targeted a pharmaceutical company in the course of a COVID-19-themed campaign.,2020-10-27,2020-10-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,['Unknown'],,[['State institutions / political system']],[['Government / ministries']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2020-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/']
1298,Hack against Hezbollah's Al-Qard Al-Hassan financial organization,"Hezbollah's Al-Qard Al-Hassan financial organization was hacked by SpiderZ, of whom the country of origin is unknown.",2020-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,['Lebanon'],"[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Finance']],['SpiderZ'],['Unknown'],['Unknown - not attributed'],,1,2020-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,SpiderZ,Unknown,Unknown - not attributed,,['https://www.youtube.com/watch?v=sE_qW-z73D8'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.jpost.com/breaking-news/hezbollah-affiliated-financial-org-hacked-information-leaked-653690', 'https://www.the961.com/hezbollah-al-qard-al-hassan-hack/', 'https://daraj.com/en/66163/', 'https://www.youtube.com/watch?v=sE_qW-z73D8']"
1299,ThreatNeedle: Defense Industries,Since early 2020 Lazarus has attacked defense industries using a custom backdoor named ThreatNeedle.,2020-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,[['Critical infrastructure']],[['Defence industry']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,"['https://usa.kaspersky.com/about/press-releases/2021_kaspersky-finds-lazarus-apt-targeting-the-defense-industry', 'https://ics-cert.kaspersky.com/publications/reports/2021/02/25/lazarus-targets-defense-industry-with-threatneedle/']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-defense-industry-with-custom-malware/', 'https://usa.kaspersky.com/about/press-releases/2021_kaspersky-finds-lazarus-apt-targeting-the-defense-industry', 'https://ics-cert.kaspersky.com/publications/reports/2021/02/25/lazarus-targets-defense-industry-with-threatneedle/']"
1300,Pulse Secure VPN: UNC2630,"Chinese state-sponsored groups UNC2630 and APT5 attacked targets in the US and Europe, focused on US Defense Industrial base (DIB) networks.",2020-08-01,2021-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Europe (region)']","[['NATO', 'NORTHAM'], []]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Finance', 'Defence industry'], ['Government / ministries', 'Finance', 'Defence industry']]","['UNC2630', 'APT5']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,UNC2630; APT5,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day', 'https://therecord.media/chinese-hackers-use-new-pulse-secure-vpn-zero-day-to-breach-us-defense-contractors/']",International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day', 'https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/', 'https://therecord.media/chinese-hackers-use-new-pulse-secure-vpn-zero-day-to-breach-us-defense-contractors/', 'https://www.darkreading.com/attacks-breaches/citrix-adc-gateway-users-race-against-hackers-patch-critical-flaw']"
1301,Pulse Secure VPN: UNC2717,"UNC2717 attacked targets in the US and Europe, focused on US Defense Industrial base (DIB) networks.",2020-10-01,2021-03-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Europe (region)']","[['NATO', 'NORTHAM'], []]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Finance', 'Defence industry'], ['Government / ministries', 'Finance', 'Defence industry']]",['UNC2717'],['Unknown'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,UNC2717,Unknown,Unknown - not attributed,,"['https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day', 'https://therecord.media/chinese-hackers-use-new-pulse-secure-vpn-zero-day-to-breach-us-defense-contractors/']",Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day', 'https://therecord.media/chinese-hackers-use-new-pulse-secure-vpn-zero-day-to-breach-us-defense-contractors/']"
1302,Foreign hack on Russian federal executive,Russian government reveals attacks against government bodies by foreign hackers in 2020,2020-01-01,2020-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['State'],,2,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,,Unknown; Unknown,State; State,,"['https://rt-solar.ru/upload/iblock/53e/Otchet-Solar-JSOC-ob-issledovanii-serii-kiberatak-na-organy-gosudarstvennoy-vlasti-RF-_-web.pdf', 'https://www.reuters.com/technology/russias-fsb-reports-unprecedented-hacking-campaign-aimed-government-agencies-2021-05-26/']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://therecord.media/fsb-nktski-foreign-cyber-mercenaries-breached-russian-federal-agencies/', 'https://rt-solar.ru/upload/iblock/53e/Otchet-Solar-JSOC-ob-issledovanii-serii-kiberatak-na-organy-gosudarstvennoy-vlasti-RF-_-web.pdf', 'https://www.reuters.com/technology/russias-fsb-reports-unprecedented-hacking-campaign-aimed-government-agencies-2021-05-26/']"
1303,SideCopy's new custom trojans vs. Indian government personnel and military,SideCopy is using four new custom RAT families and two additional commodity RATs to target government personnel and military in India.,2020-01-01,2021-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",['SideCopy'],['Pakistan'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,SideCopy,Pakistan,Unknown - not attributed,,[],International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/sidecopy-cybercriminals-use-custom-trojans-in-india-attacks/', 'https://cyware.com/news/operation-sidecopy-targets-defense-forces-in-india-211170f6', 'https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf?1625657388']"
1304,LuminousMoth,"Kaspersky published a report on an ongoing cyber campaign against Southeast Asian countries that began in October 2020, with Myanmar and later the Philippines as the main targets of the attacks. Kaspersky names the initiators as LuminousMoth, which the IT firm links to the Chinese hacking group HoneyMyte.",2020-10-01,2000-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Southeast Asia (region)', 'Myanmar', 'Philippines']","[[], ['ASIA', 'SEA'], ['ASIA', 'SCS', 'SEA']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries']]",['LuminousMoth'],['China'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,LuminousMoth,China,Unknown - not attributed,,['https://securelist.com/apt-luminousmoth/103332/'],International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/chinese-cyberspies-wide-scale-apt-campaign-hits-asian-govt-entities/', 'https://securityaffairs.co/wordpress/120105/hacking/china-luminousmoth-apt-campaign.html', 'https://securelist.com/apt-luminousmoth/103332/']"
1305,"TA456's persona ""Marcella Flores""","Since at least 2019, the Iranian state-backed hacking group TA456 has been sending malware on social media by using a fake persona called ""Marcella Flores."" The campaign particularly targeted U.S. aerospace defense contractors in order to obtain sensitive data from victims.",2020-01-01,2021-07-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Defence industry']],['Tortoiseshell/Imperial Kitten'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Tortoiseshell/Imperial Kitten,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://wired.me/technology/security/iranian-hackers-invent-flirty-persona-to-target-us-defense-contractors/', 'https://www.zdnet.com/article/these-hackers-posed-as-an-aerobics-instructor-online-to-trick-their-targets-into-downloading-malware/', 'https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media']"
1306,Hacked Pulse Secure devises,"CISA issued a report warning about malware found on Pulse Secure devises. The threat actor is still unknown, but has been active since at least June 2020 and targets U.S. government agencies, critical infrastructure entities, and other private sector organizations.",2020-06-01,2021-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,,['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '', '']]",,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cisa.gov/uscert/ncas/alerts/aa21-110a', 'https://www.bleepingcomputer.com/news/security/cisa-warns-of-stealthy-malware-found-on-hacked-pulse-secure-devices/', 'https://www.securityweek.com/cisa-details-malware-used-attacks-targeting-pulse-secure-devices']"
1307,Wellmess/WellMail - 2020,"The Russian hacking group APT29 continues to use a malware called WellMess to attack research facilities for COVID-19 vaccines, although in 2020 the malware was already attributed to APT by the U.S., U.K. and Canada.",2020-01-01,2021-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['Canada', 'United States', 'United Kingdom']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Critical infrastructure', 'Science'], ['Critical infrastructure', 'Science'], ['Critical infrastructure', 'Science']]","[['Health', ''], ['Health', ''], ['Health', '']]","['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)', 'SVR']","['Russia', 'Russia']","['State', 'State']",,1,2020-01-01; 2020-01-01,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia,State; State,,['https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.securityweek.com/russias-apt29-still-actively-delivering-malware-used-covid-19-vaccine-spying', 'https://www.riskiq.com/blog/external-threat-management/apt29-bear-tracks/', 'https://www.ncsc.gov.uk/files/Advisory%20Further%20TTPs%20associated%20with%20SVR%20cyber%20actors.pdf', 'https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf']"
1308,Praying Mantis,"In July 2021, Sygnia publishes a report on APT Praying Mantis/TG1021 attacking organizations in the US. By tactics and targets, the company assumes the group is affiliated with a state-sponsored group, but makes no formal attribution. Only the similarity of this group's TTPs to attacks on the Australian government and businesses in 2020 highlights the security firm.",2020-01-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Unknown']],,['Praying Mantis/TG1021'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Praying Mantis/TG1021,Unknown,"Non-state actor, state-affiliation suggested",,['https://f.hubspotusercontent30.net/hubfs/8776530/TG1021%20-%20Praying%20Mantis%20Threat%20Actor.pdf'],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/praying-mantis-threat-actor-targeting-windows-internet-facing-servers-with-malware/', 'https://www.sygnia.co/praying-mantis-detecting-and-hunting', 'https://therecord.media/praying-mantis-apt-targets-iis-servers-with-asp-net-exploits/', 'https://blog.sygnia.co/praying-mantis-an-advanced-memory-resident-attack?hsLang=en', 'https://f.hubspotusercontent30.net/hubfs/8776530/TG1021%20-%20Praying%20Mantis%20Threat%20Actor.pdf']"
1309,Chinese Malware against Russian Goverment - 2020,Group-IB presents evidence that the 2020 malware attack on Russian government agencies was carried out by the two state-sponsored hacker groups TA428 and TaskMasters.,2020-01-01,2020-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],"['TA428/ Temp.Hex/ Vicious Panda', 'TaskMasters']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2021-09-01; 2021-09-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Group-IB; Group-IB,,,TA428/ Temp.Hex/ Vicious Panda; TaskMasters,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://blog.group-ib.com/task'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://hackercombat.com/researchers-perform-an-analysis-on-chinese-malware-used-against-russian-government/', 'https://www.securityweek.com/researchers-analyze-chinese-malware-used-against-russian-government', 'https://rt-solar.ru/upload/iblock/53e/Otchet-Solar-JSOC-ob-issledovanii-serii-kiberatak-na-organy-gosudarstvennoy-vlasti-RF-_-web.pdf', 'https://blog.group-ib.com/task']"
1310,LittleLooter,"An IBM report tells of the Iranian APT ITG18, whose TTPs overlap with those of Charming Kitten. The group used a new Android backdoor called LittleLooter to target members of the Iranian reform movement between August 2020 and May 2021.",2020-08-01,2021-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Social groups']],[['Political opposition / dissidents / expats']],['ITG18'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,ITG18,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://securityintelligence.com/posts/itg18-operational-security-errors-plague-iranian-threat-group/'],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/iran-linked-hackers-expand-arsenal-new-android-backdoor', 'https://cyware.com/news/iranian-apt-itg18-targets-reformists-within-the-country-cc149c88', 'https://securityintelligence.com/posts/itg18-operational-security-errors-plague-iranian-threat-group/']"
1311,Emails from Lithuanian Ministry for sale,"In a data trading forum, 1.6 million emails from the Lithuanian Foreign Ministry were offered for sale. The Lithuanian president also announces that there are indications that sensitive and secret data were stolen in a cyberattack in November 2020.",2020-11-01,2020-11-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,,['Lithuania'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.secureblink.com/cyber-security-news/emails-from-lithuanian-foreign-ministry-worth-300gb-put-up-for-sale-on-trading-forum', 'https://www.bleepingcomputer.com/news/security/emails-from-lithuanian-ministry-of-foreign-affairs-for-sale-on-data-trading-forum/', 'https://www.lrt.lt/en/news-in-english/19/1467832/hackers-steal-classified-documents-lithuanian-official-say-riots-may-be-connected']"
1312,SparklingGoblin,"While investigating a Winnti Group campaign, ESET finds a group, SparklingGoblin, that is affiliated with the Winnti Group but has a different modus operandi. The APT has a wide range of targets in North America, but also in Asia.",2020-05-01,2021-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,"['United States', 'Korea, Republic of', 'Singapore', 'Georgia', 'India', 'Bahrain', 'Canada', 'Taiwan', 'Macao', 'Hong Kong']","[['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'NEA'], ['ASIA'], ['ASIA', 'CENTAS'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['NATO', 'NORTHAM'], ['ASIA', 'SCS'], ['ASIA'], ['ASIA']]","[['State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'State institutions / political system', 'Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science']]","[['Government / ministries', 'Civil service / administration', 'Religious', '', '', ''], ['Government / ministries', 'Civil service / administration', 'Religious', '', '', ''], ['Government / ministries', 'Civil service / administration', 'Religious', '', '', ''], ['Government / ministries', 'Civil service / administration', 'Religious', '', '', ''], ['Government / ministries', 'Civil service / administration', 'Religious', '', '', ''], ['Government / ministries', 'Civil service / administration', 'Religious', '', '', ''], ['Government / ministries', 'Civil service / administration', 'Religious', '', '', ''], ['Government / ministries', 'Civil service / administration', 'Religious', '', '', ''], ['Government / ministries', 'Civil service / administration', 'Religious', '', '', ''], ['Government / ministries', 'Civil service / administration', 'Religious', '', '', '']]",['SparklingGoblin / Earth Baku'],,['Unknown - not attributed'],,2,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; Contested attribution,,,,SparklingGoblin / Earth Baku; SparklingGoblin / Earth Baku,nan; Unknown,Unknown - not attributed; Unknown - not attributed,,"['https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayfly-china-sidewalk-malware']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://threatpost.com/sparklinggoblin-apt/168928/', 'https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayfly-china-sidewalk-malware']"
1313,Phishing campaign against EMEA and APAC governments,"In a large-scale campaign, various government departments in APAC and EMEA countries, such as Ukraine, Turkey, Russia or Pakistan, became victims of phishing. IT company Cyjax sees similarities in the campaign to an operation against Ukraine at the beginning of the COVID-19 pandemic, attributed to the groups UNC1151 and Hades.",2020-01-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Uzbekistan', 'Azerbaijan', 'Belarus', 'China', 'Georgia', 'Kyrgyzstan', 'Pakistan', 'Russia', 'Turkey', 'Ukraine']","[['ASIA', 'CENTAS', 'CSTO', 'SCO'], ['ASIA', 'CENTAS'], ['EUROPE', 'EASTEU', 'CSTO'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['ASIA', 'CENTAS'], ['ASIA', 'CENTAS', 'CSTO', 'SCS'], ['ASIA', 'SASIA', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['ASIA', 'NATO', 'MEA'], ['EUROPE', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Science']]","[['Government / ministries', 'Judiciary', 'Military', 'Intelligence agencies', 'Water', 'Transportation', 'Telecommunications', ''], ['Government / ministries', 'Judiciary', 'Military', 'Intelligence agencies', 'Water', 'Transportation', 'Telecommunications', ''], ['Government / ministries', 'Judiciary', 'Military', 'Intelligence agencies', 'Water', 'Transportation', 'Telecommunications', ''], ['Government / ministries', 'Judiciary', 'Military', 'Intelligence agencies', 'Water', 'Transportation', 'Telecommunications', ''], ['Government / ministries', 'Judiciary', 'Military', 'Intelligence agencies', 'Water', 'Transportation', 'Telecommunications', ''], ['Government / ministries', 'Judiciary', 'Military', 'Intelligence agencies', 'Water', 'Transportation', 'Telecommunications', ''], ['Government / ministries', 'Judiciary', 'Military', 'Intelligence agencies', 'Water', 'Transportation', 'Telecommunications', ''], ['Government / ministries', 'Judiciary', 'Military', 'Intelligence agencies', 'Water', 'Transportation', 'Telecommunications', ''], ['Government / ministries', 'Judiciary', 'Military', 'Intelligence agencies', 'Water', 'Transportation', 'Telecommunications', ''], ['Government / ministries', 'Judiciary', 'Military', 'Intelligence agencies', 'Water', 'Transportation', 'Telecommunications', '']]",,['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,"Non-state actor, state-affiliation suggested",,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/122401/hacking/phishing-emea-apac-governments.html', 'https://www.cyjax.com/2021/09/16/emea-and-apac-governments-targeted-in-widespread-credential-harvesting-campaign/', 'https://www.securityweek.com/ongoing-phishing-campaign-targets-apac-emea-governments']"
1314,TinyTurla,"Cisco Talos reports on a backdoor called TinyTurla, which is used by the state-sponsored Russian Turla APT and primarily targeted systems in the U.S., Germany, and Afghanistan. The company expects the backdoor to be used as an additional safeguard in case the primary malware is removed.",2020-01-01,2021-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,"['United States', 'Germany', 'Afghanistan']","[['NATO', 'NORTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['ASIA', 'SASIA']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries']]","['Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Krypton/G0010 (FSB, 16th / 18th Center)",Russia,"Non-state actor, state-affiliation suggested",,['https://blog.talosintelligence.com/2021/09/tinyturla.html'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/', 'https://www.bankinfosecurity.com/russian-linked-group-using-secondary-backdoor-against-targets-a-17592', 'https://thehackernews.com/2021/09/russian-turla-apt-group-deploying-new.html', 'https://blog.talosintelligence.com/2021/09/tinyturla.html']"
1315,Operation Armor Piercer,"Operation Armor Piercer used NetwireRAT and WarzoneRAT (aka Ave Maria) to launch a campaign against Indian government and military personnel. According to Cisco Talos, the strategy is very similar to that of the APTs Transparent Tribe and SideCopy.",2020-12-01,2000-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",,['Unknown'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/threat-actor-targets-indian-government-commercial-rats', 'https://government.economictimes.indiatimes.com/news/governance/operation-armor-piercer-targets-cyber-attacks-to-gain-access-to-govt-and-defence-info-steps-to-ensure-end-to-end-security/86477780', 'https://blog.talosintelligence.com/2021/09/operation-armor-piercer.html']"
1316,Roshan attack,"Afghan telecommunications company Roshan was attacked by four different Chinese state-sponsored APT groups between July 2020 and September 2021. These are the RedFoxtrot and Calypso groups, as well as two other groups that have not yet been assigned to any existing group, but which used the Winnti and PlugX backdoors for their attacks.",2020-07-01,2021-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Afghanistan'],"[['ASIA', 'SASIA']]",[['Critical infrastructure']],[['Telecommunications']],"['RedFoxtrot (PLA, Unit 69010)', 'Calypso']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"RedFoxtrot (PLA, Unit 69010); Calypso",China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.recordedfuture.com/chinese-APT-groups-target-afghan-telecommunications-firm/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://therecord.media/suspected-chinese-state-linked-threat-actors-infiltrated-major-afghan-telecom-provider/', 'https://www.redpacketsecurity.com/threat-actors-from-china-infiltrated-a-major-afghan-telecom-provider/', 'https://www.recordedfuture.com/chinese-APT-groups-target-afghan-telecommunications-firm/']"
1317,Lazarus vs. security researchers,"Since 2020, APT Lazarus has been targeting security researchers using a Trojanized version of the IDA Pro application. In its tweet, IT company ESET links the campaign to reports from Microsoft and Google of attacks on security researchers.",2020-01-01,2021-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,['Unknown'],,[['Science']],,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://twitter.com/ESETresearch/status/1458438155149922312'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/124630/apt/lazarus-trojanized-ida-pro.html', 'https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-researchers-with-trojanized-ida-pro/', 'https://twitter.com/cherepanov74/status/1458438939027591168', 'https://twitter.com/ESETresearch/status/1458438155149922312']"
1318,Pegasus Spyware used to hack journalists and civil society in El Salvador by the Salvadorian government from July 2020,"Project Torogoz: Citizenlab determines that the smartphones of 35 journalists and members of civil society from El Salvador have been hacked with a version of the Pegasus spyware by the Salvadorian government from July 2020 until November 2021. On November 30th 2022, 15 members of El Faro filed suit against the Israel-based surveillance company NSO Group in U.S. federal court for allegedly designing and deploying the spyware Pegasus to infiltrate the phones of 22 members of the news organization. ",2020-07-01,2021-11-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,['El Salvador'],[['CENTAM']],"[['Social groups', 'Media', 'Social groups']]","[['Advocacy / activists (e.g. human rights organizations)', '', 'Other social groups']]",['Government of El Salvador'],['El Salvador'],['State'],,2,2022-11-30; 2022-01-01,"Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Receiver attributes attacker; Attribution by third-party,"Members of ""El Faro""; nan",,El Salvador; nan,Government of El Salvador; None,El Salvador; El Salvador,State; State,,"['https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/', 'https://www.darkreading.com/application-security/newsroom-sues-nso-group-for-pegasus-spyware']",System / ideology; National power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Other,,,,"['https://therecord.media/el-salvador-journalists-hacked-with-nsos-pegasus-spyware/', 'https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/', 'https://www.darkreading.com/application-security/newsroom-sues-nso-group-for-pegasus-spyware']"
1319,Iranian telecom disruption,Iran's Internet was shut down for hpurs on the 8th of February 2020. The head of the civil defense Gholam-Reza Jalali accused Washington of retaliation for the downing of an U.S. unmanned drone an missile attacks on Iraq's Ain al-Assad US military base by Iran.,2020-02-08,2020-02-08,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Telecommunications']],,['United States'],['State'],,1,2020-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Contested attribution,,,,,United States,State,,['https://www.cpomagazine.com/cyber-security/massive-ddos-attack-shuts-down-irans-internet-tehran-blames-washington/'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://netblocks.org/reports/internet-shutdown-in-iran-following-reported-cyber-attack-18lJVDBa', 'https://www.forbes.com/sites/daveywinder/2020/02/09/powerful-iran-cyber-attack-takes-down-25-of-national-internet/?sh=77ae48d620dc', 'https://www.cpomagazine.com/cyber-security/massive-ddos-attack-shuts-down-irans-internet-tehran-blames-washington/']"
1320,Shahid Rajaee port,The israeli state disrupted the computer systems of the Shahid Rajaee port in Iran causing traffic jams and ship delayments for a short time until it switched to manual managment. Israeli defense minister Naftali Bennett pushed for the cyberattack after Iran tried to disrupt an israeli water facility on 24th of April.,2020-05-09,2020-05-09,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by media (without further information on source),Disruption,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Transportation']],,['Israel'],['State'],,1,2020-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,,Israel,State,,['https://www.nytimes.com/2020/05/19/world/middleeast/israel-iran-cyberattacks.html'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.washingtonpost.com/national-security/officials-israel-linked-to-a-disruptive-cyberattack-on-iranian-port-facility/2020/05/18/9d1da866-9942-11ea-89fd-28fb313d1886_story.html', 'https://www.aljazeera.com/news/2020/5/19/israel-cyberattack-caused-total-disarray-at-iran-port-report', 'https://www.nytimes.com/2020/05/19/world/middleeast/israel-iran-cyberattacks.html', 'https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/']"
1321,Chinese cyber-campaign on Australia,"China is blamed to conduct a large-scale cyber-campaign against australian state entities and private organizations.  Australian prime minister Scott Morrison said that a state-based actor is responsible for the attack. The Australian Strategic Policy Institute, to be precise the executive director Peter Jennings, added that China is behind the cyber attack as it is the only country with the capabilities and interest to attack Australia.",2020-01-01,2020-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Australia'],[['OC']],"[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Social groups', 'Science']]","[['Government / ministries', 'Civil service / administration', 'Water', 'Health', 'Other social groups', '']]",,['Unknown'],['State'],,2,2020-01-01; 2020-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; IT-security community attributes attacker,,,,,Unknown; China,State; State,,['https://edition.cnn.com/2020/06/18/tech/australia-cyber-attack-intl-hnk/index.html'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.cyber.gov.au/sites/default/files/2020-12/ACSC-Advisory-2020-008-Copy-Paste-Compromises.pdf', 'https://edition.cnn.com/2020/06/18/tech/australia-cyber-attack-intl-hnk/index.html', 'https://www.abc.net.au/news/2020-06-19/foreign-cyber-hack-targets-australian-government-and-business/12372470']"
1322,MoonBounce,Chinese state-sponsored hacking group APT41 injected a backdoor into the Unified Extensible Firmware Interface (UEFI) which links the firmware of computer with the operationg system. The aim of the chinese proxies was to establish a foothold in the unknown targeted entities.,2020-03-14,2021-12-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,"[['Unknown', 'Critical infrastructure']]","[['', 'Transportation']]",['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/126998/apt/moonbounce-uefi-implant-apt41.html', 'https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/']"
1323,Antlion xPack,Chinese state-backed hacking group Antlion compromised and stole data from taiwanese financial institutions and manufacturers. The attackers managed to stay in the networks for 255 days without getting detected.,2020-12-01,2021-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Taiwan'],"[['ASIA', 'SCS']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Finance', '']]",['Antlion'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Antlion,China,"Non-state actor, state-affiliation suggested",,['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/127592/breaking-news/antlion-backdoor-undetected-for-months.html', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks']"
1325,Anti-facist Israeli group hacks website of Ku Klux Klan (KKK),"Israeli hacktivists have attacked a website of the Patriotic Brigade Knights, which is a allied group of the white-supremacist Ku Klux Klan (KKK).",2021-02-01,2021-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Other social groups']],['Hayalim Almonim '],['Israel'],['Non-state-group'],['Hacktivist(s)'],1,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Hayalim Almonim ,Israel,Non-state-group,Hacktivist(s),['https://www.jpost.com/diaspora/antisemitism/israeli-jewish-antifa-hacks-kkk-website-doxxes-members-657546'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bbc.com/news/technology-55937133', 'https://www.jpost.com/diaspora/antisemitism/israeli-jewish-antifa-hacks-kkk-website-doxxes-members-657546']"
1326,Myanmar hacktivists disrupt government websites,"Myanmar Hackers hacked against several government websites such as the Central Bank, Myanmar Military’s propaganda page, state-run broadcaster MRTV, the Port Authority, Food and Drug Administration.",2021-02-18,2021-02-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,,['Myanmar'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'Critical infrastructure', 'Media', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['Military', 'Finance', '', 'Civil service / administration', 'Other (e.g., embassies)', 'Transportation']]",['Myanmar Hackers'],['Myanmar'],['Non-state-group'],['Hacktivist(s)'],1,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Myanmar Hackers,Myanmar,Non-state-group,Hacktivist(s),['https://www.thehindu.com/news/international/anti-coup-hackers-target-myanmar-government-sites/article33873582.ece'],System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.securityweek.com/hackers-target-myanmar-government-websites-coup-protest', 'https://www.thehindu.com/news/international/anti-coup-hackers-target-myanmar-government-sites/article33873582.ece']"
1327,Russian threat actors attack Ukrainian government websites,Russian threat actors have been accused by the National Security and Defense Council (NSDC) of Ukraine of attacking multiple Ukrainian government websites.,2021-02-18,2021-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,['Ukraine'],"[['EUROPE', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['Civil service / administration', 'Intelligence agencies', 'Defence industry']]",,['Russia'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Russia,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/ukraine-ddos-attacks-on-govt-sites-originated-from-russia/', 'https://www.rnbo.gov.ua/en/Diialnist/4820.html', 'https://ssu.gov.ua/novyny/sbu-zablokuvala-diialnist-transnatsionalnoho-khakerskoho-uhrupovannia']"
1328,Cyber attack against Angolan ministry,Cyber-attack against Angolan Ministry of Finance.,2021-02-17,2021-02-17,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption,,['Angola'],"[['AFRICA', 'SSA']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://guardiao-ao.com/2021/02/23/ministerio-das-financas-sofre-ataque-cibernetico/', 'https://www.verangola.net/va/en/032021/Politics/24353/UNITA-formalizes-request-for-hearing-on-cyber-attack-to-the-Ministry-of-Finance.htm']"
1329,FriarFox,Chinese state-backed hacking group attacked Tibetan organizations.,2021-01-01,2021-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,[['Social groups']],[['Political opposition / dissidents / expats']],['TA413'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TA413,China,"Non-state actor, state-affiliation suggested",,['https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global'],System / ideology; National power,System/ideology; Autonomy; Resources,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/malicious-firefox-extension-allowed-hackers-to-hijack-gmail-accounts/', 'https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global']"
1330,Far-Right Platform Gab,Attack against the Far-Right Platform Gab including leak of a collection of over 70 gigabytes of data representing more than 40 million posts.,2021-01-01,2021-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Political opposition / dissidents / expats']],,['Unknown'],['Individual hacker(s)'],,2,2021-01-01; 2021-01-01,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Media-based attribution,,,,,Unknown; Unknown,Individual hacker(s); Individual hacker(s),,[],System / ideology,System/ideology,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.wired.com/story/gab-hack-data-breach-ddosecrets/', 'https://ddosecrets.substack.com/p/release-gableaks-70gb', 'https://www.nbcnews.com/tech/security/gab-social-platform-favored-far-right-says-it-was-hacked-n1259156', 'https://www.theguardian.com/world/2021/mar/11/gab-hack-neo-nazis-qanon-conspiracy-theories']"
1871,Unknown attackers disrupted the network of the British Redcar and Cleveland Borough in a ransomware attack on 8 February 2020,"Unknown attackers disrupted the network of the local administration in Redcar and Cleveland, a borough in nothern England in a ransomware attack on 8 February 2020, according to the associated council. 
The leader of the Redcar and Cleveland Borough Council Mary Lanigan was invited to a hearing by the British Parliament's National Security Strategy Committee on 30 January 2023, about the ransomware attack at the time. There, she reported that the instructions of the central government and its competent authorities to refrain from openly addressing the attack caused complications for the incident response.",2020-02-08,2023-02-08,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,[['Redcar and Cleveland Borough']],['United Kingdom'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['State institutions / political system']],[['Civil service / administration']],['Not available'],['Not available'],['Unknown - not attributed'],,1,,,,,,,,,Unknown - not attributed,,[],Unknown,Not available,,Not available,,1,2023-01-30 00:00:00,State Actors: Legislative reactions,Parliamentary investigation committee,United Kingdom,Joint Committee on the National Security Strategy (British Parliament),No,,Phishing,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,13.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,11650000.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/AlexMartin/status/1620108100387897344', 'https://twitter.com/AlexMartin/status/1620099954256797698', 'https://www.bbc.com/news/uk-england-tees-53662187', 'https://www.theguardian.com/technology/2020/feb/27/redcar-and-cleveland-council-hit-by-cyber-attack', 'https://parliamentlive.tv/event/index/1d2be5c5-a7ee-41c0-9033-6cec717e80d1', 'https://twitter.com/Dennis_Kipker/status/1620840628417626113', 'https://committees.parliament.uk/oralevidence/12620/default/', 'https://twitter.com/DrAndrewDwyer/status/1622615153861591041']"
1332,Microsoft Exchange Hack: European Banking Authority (EBA),Microsoft Exchange Servers of The European Banking Authority (EBA) were hacked in the course of an ongoing attacks targeting organizations worldwide.,2021-03-01,2021-03-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Hijacking without Misuse,,['EU (region)'],[['EU']],[['International / supranational organization']],,,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/european-banking-authority-discloses-exchange-server-hack/', 'https://www.eba.europa.eu/cyber-attack-european-banking-authority', 'https://www.eba.europa.eu/cyber-attack-european-banking-authority-update-2', 'https://www.bbc.com/news/technology-56321567', 'https://www.reuters.com/article/us-microsoft-hack-eba-idUSKBN2B01RP']"
1333,Microsoft Exchange Hack: Norwegian Parliament,Norway's parliament hacked using data stolen through the recently disclosed Microsoft Exchange vulnerabilities.,2021-03-10,2021-03-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by victim,Data theft; Hijacking with Misuse,,['Norway'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['State institutions / political system']],[['Legislative']],['Hafnium'],['China'],"['Non-state actor, state-affiliation suggested']",,2,2021-01-01; 2021-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by third-party,,,,Hafnium; Hafnium,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.reuters.com/world/china/norway-says-march-cyber-attack-parliament-carried-out-china-2021-07-19/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/115503/cyber-warfare-2/norway-parliament-hack.html', 'https://www.bleepingcomputer.com/news/security/norway-parliament-data-stolen-in-microsoft-exchange-attack/', 'https://www.reuters.com/world/china/norway-says-march-cyber-attack-parliament-carried-out-china-2021-07-19/']"
1334,Microsoft Exchange Hack: Germany,According to the German Federal Office for Information Security (BSI) two German federal authorities have been hacked exploiting the Microsoft vulnerability.,2021-01-01,2021-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system', 'Critical infrastructure']]","[['Civil service / administration', '']]",,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.limburger-zeitung.de/60-000-computersysteme-in-deutschland-wegen-microsoft-fehlers-psi-ausgesetzt/', 'https://www.reuters.com/technology/up-60000-computer-systems-exposed-germany-microsoft-flaw-bsi-2021-03-10/', 'https://www.wiwo.de/technologie/digitale-welt/cybersicherheit-die-bedrohung-reicht-weit-ueber-microsoft-exchange-hinaus/26996784.html']"
1335,Iran group Black Shadow attacks Israeli K.L.S Capital Ltd.,Black Shadow reveals to have hacked K.L.S. Capital Ltd.,2021-10-01,2021-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Black Shadow'],"['Iran, Islamic Republic of']",['Non-state-group'],['Hacktivist(s)'],2,2021-01-01; 2021-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Attacker confirms,,,,Black Shadow; Black Shadow,"Iran, Islamic Republic of; Iran, Islamic Republic of",Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),['https://www.jpost.com/jpost-tech/israeli-car-financing-company-hacked-private-information-held-for-ransom-661865'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.jpost.com/jpost-tech/israeli-car-financing-company-hacked-private-information-held-for-ransom-661865']
1336,Russian disinformation: Nuclear Waste Spill,Russian hacking group attacked two Polish government websites and used them to spread disinformation about a putative radioactive threat.,2021-03-17,2021-03-17,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,['Poland'],"[['EUROPE', 'NATO', 'EU', 'EASTEU']]","[['State institutions / political system', 'State institutions / political system', 'Media']]","[['Government / ministries', 'Civil service / administration', '']]",,['Russia'],['State'],,1,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,,,,,Russia,State,,"['https://securingdemocracy.gmfus.org/incident/polish-officials-allege-potential-russian-hack-of-polish-government-websites/', 'https://www.securityweek.com/polish-state-websites-hacked-and-used-spread-false-info']",System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://newseu.cgtn.com/news/2021-03-19/Hacked-Polish-state-websites-spread-false-info-of-radioactive-threat-YJBHWLeKJy/index.html', 'https://securingdemocracy.gmfus.org/incident/polish-officials-allege-potential-russian-hack-of-polish-government-websites/', 'https://www.securityweek.com/polish-state-websites-hacked-and-used-spread-false-info']"
1337,Pro-Trump retaliation: Liker.com leak,Hacktivists hacked the anti-Trump social Network Liker.com and around 400 records are leaked.,2021-03-09,2021-03-09,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim; Incident disclosed by attacker,Data theft; Disruption,,['Unknown'],,[['Social groups']],[['Political opposition / dissidents / expats']],,['Unknown'],['Non-state-group'],['Hacktivist(s)'],2,2021-01-01; 2021-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Attacker confirms,,,,,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),"['https://www.zataz.com/liker-com-lanti-trump-pirate/', 'https://thecount.com/2021/03/16/was-liker-hacked/']",System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zataz.com/liker-com-lanti-trump-pirate/', 'https://thecount.com/2021/03/16/was-liker-hacked/']"
1338,Israeli Elector app hack,The Israeli Elector app has been hacked and the personal details of 6.5 million Israeli voters has been published online the day before election day.,2021-03-01,2021-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'State institutions / political system', 'End user(s) / specially protected groups']]","[['Political parties', 'Election infrastructure / related systems', '']]",,['Unknown'],['Unknown - not attributed'],,2,2021-01-01; 2021-01-01,"Political statement / report (e.g., on government / state agency websites); Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by receiver government / state entity; Media-based attribution,,,,,Unknown; Unknown,Unknown - not attributed; Unknown - not attributed,,"['https://www.calcalist.co.il/internet/articles/0,7340,L-3791595,00.html', 'https://www.calcalistech.com/ctech/articles/0,7340,L-3900876,00.html']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/115918/hacking/israeli-voters-leak.html', 'https://www.nytimes.com/2020/02/10/world/middleeast/israeli-voters-leak.html', 'https://www.timesofisrael.com/personal-details-of-all-israeli-voters-again-leaked-online-day-before-election/', 'https://www.calcalist.co.il/internet/articles/0,7340,L-3791595,00.html', 'https://www.calcalistech.com/ctech/articles/0,7340,L-3900876,00.html']"
1339,Hacktivists target end users in Sri Lanka,Hacktivist group attacked multiple of Sri Lankans (.klm) websites.,2021-02-06,2021-02-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim; Incident disclosed by attacker,Disruption,,['Sri Lanka'],"[['ASIA', 'SASIA']]","[['Unknown', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]",,,['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,,Unknown,Non-state-group,Hacktivist(s),['https://www.zdnet.com/article/hacktivists-deface-multiple-sri-lankan-domains-including-google-lk/'],System / ideology,System/ideology; Autonomy,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.zdnet.com/article/hacktivists-deface-multiple-sri-lankan-domains-including-google-lk/']
1340,Update Pulse Secure VPN Chinese Espionage,UNC2630 und UNC2717 installed new malware strains on the compromised network of several US and EU government organizations,2021-01-01,2021-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['United States', 'Europe (region)']","[['NATO', 'NORTHAM'], []]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Transportation', 'Finance', 'Defence industry', ''], ['Government / ministries', 'Transportation', 'Finance', 'Defence industry', '']]","['UNC2630', 'UNC2717']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,UNC2630; UNC2717,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.mandiant.com/resources/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/chinese-cyberspies-are-targeting-us-eu-orgs-with-new-malware/', 'https://cyware.com/news/chinese-cyberspies-unc2630-targeting-us-and-eu-organizations-d94ac724', 'https://www.mandiant.com/resources/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices']"
1341,Pulse Secure VPN: New York Metropolitan Transportation Authority (MTA),Chinese state-sponsored group hacked New York City's Metropolitan Transportation Authority (MTA) by using a Pulse Secure zero-day.,2021-04-01,2021-04-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source),Hijacking without Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Transportation']],"['UNC2630', 'UNC2717']","['China', 'China']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,2,2021-01-01; 2021-01-01; 2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; IT-security community attributes attacker; Media-based attribution; Media-based attribution,,,,UNC2630; UNC2717; UNC2630; UNC2717,China; China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day', 'https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html']",International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.mandiant.com/resources/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day', 'https://www.bleepingcomputer.com/news/security/chinese-threat-actors-hacked-nyc-mta-using-pulse-secure-zero-day/', 'https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html']"
1342,Mustang Panda hacked Myanmar president’s office,Chinese state-sponsored group Mustang Panda hacked Myanmar president’s office in June 2021.,2021-01-01,2021-06-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,['Myanmar'],"[['ASIA', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],['Mustang Panda/RedEcho/Bronze President/Earth Preta'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Mustang Panda/RedEcho/Bronze President/Earth Preta,China,"Non-state actor, state-affiliation suggested",,['https://twitter.com/ESETresearch/status/1400165767488970764'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://decoded.avast.io/threatresearch/avast-q4-2022-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q4-2022-threat-report', 'https://therecord.media/backdoor-malware-found-on-the-myanmar-presidents-website-again/', 'https://cyberintelmag.com/malware-viruses/backdoor-planted-on-the-myanmar-presidents-website/', 'https://twitter.com/ESETresearch/status/1400165767488970764', 'https://twitter.com/780thC/status/1621464181152141312', 'https://twitter.com/Cyber_O51NT/status/1621313406367309825']"
1343,Russian spear-phishing campaign against Ukraine,"Russian intelligence services target Ukrainian government and private sector via spear-phishing campaign. The Computer Emergency Response Team for Ukraine has reported a spearphishing campaign against Ukrainian government and private email addresses in March 2022 to steal documents and credentials, as well as to obtain access to infected devices.",2021-06-01,2021-06-06,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]",,['Russia'],['State'],,1,2021-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,,Russia,State,,"['https://therecord.media/ukraine-warns-of-massive-russian-spear-phishing-campaign/', 'https://ssu.gov.ua/novyny/sbu-zablokuvala-masovu-kiberataku-spetssluzhb-rf-na-kompiuterni-merezhi-ukrainskykh-orhaniv-vlady', 'https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/']",International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://therecord.media/ukraine-warns-of-massive-russian-spear-phishing-campaign/', 'https://ssu.gov.ua/novyny/sbu-zablokuvala-masovu-kiberataku-spetssluzhb-rf-na-kompiuterni-merezhi-ukrainskykh-orhaniv-vlady', 'https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/']"
1344,New York City's Law Department disruption,Unknown hacker hacked New York City's Law Department in June.,2021-06-01,2021-06-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.usnews.com/news/best-states/new-york/articles/2021-06-08/nycs-1-000-lawyer-law-department-targeted-by-cyberattack', 'https://www.nytimes.com/2021/06/18/nyregion/nyc-law-department-hack.html']"
1345,IndigoZebra vs. Afghan government,"In 2021, the Chinese hacking group IndigoZebra impersonated the Afghan president in spear-phishing emails to infiltrate the National Security Council. This cyber attack is part of a larger campaign across Central Asia since 2014, particularly against Kyrgyzstan and Uzbekistan.",2021-04-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Afghanistan'],"[['ASIA', 'SASIA']]",[['State institutions / political system']],[['Government / ministries']],['IndigoZebra'],['China'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,IndigoZebra,China,Unknown - not attributed,,"['https://blog.checkpoint.com/2021/07/01/cyber-espionage-on-afghanistan-kyrgyzstan-and-uzbekistan-by-chinese-speaking-hacker-group/', 'https://www.voanews.com/a/east-asia-pacific_voa-news-china_chinese-hackers-attacked-afghan-council-network-cybersecurity/6207719.html']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securelist.com/apt-trends-report-q2-2017/79332/', 'https://www.zdnet.com/article/chinese-hacking-group-impersonates-afghan-president-to-infiltrate-government-agencies/', 'https://blog.checkpoint.com/2021/07/01/cyber-espionage-on-afghanistan-kyrgyzstan-and-uzbekistan-by-chinese-speaking-hacker-group/', 'https://www.voanews.com/a/east-asia-pacific_voa-news-china_chinese-hackers-attacked-afghan-council-network-cybersecurity/6207719.html']"
1346,State DDoS attacks on Philippine media outlets and human rights group,NGO Qurium Media Foundation links DDoS attacks on the alternative media outlets Bulatlat and Altermidya and the human rights group Karapatan with the Department of Science and Technology (DOST) and the Philippine Army.,2021-05-17,2021-06-23,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption,,['Philippines'],"[['ASIA', 'SCS', 'SEA']]","[['Social groups', 'Media']]","[['Advocacy / activists (e.g. human rights organizations)', '']]","['Department of Science and Technology (DOST)', 'Philippine Army']","['Philippines', 'Philippines']","['State', 'State']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party,,,,Department of Science and Technology (DOST); Philippine Army,Philippines; Philippines,State; State,,['https://www.qurium.org/alerts/philippines/attacks-against-media-in-the-philippines-continue/'],National power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.qurium.org/press-releases/investigation-of-ddos-attacks-against-independent-media-shows-links-to-philippine-government-and-army/', 'https://www.theregister.com/2021/07/02/ddos_attack_philippines_dost/', 'https://www.qurium.org/alerts/philippines/attacks-against-media-in-the-philippines-continue/', 'https://therecord.media/investigation-links-ddos-attack-on-filipino-media-outlets-to-government-agencies/']"
1347,Cozy Bear breached  Republican National Committee,"Cozy Bear should have breached the computer systems of the Republican National Committee (RNC), according to two people familiar with the matter. The attack took place at the same time as a ransomware attack. The RNC denies being a victim of the attack and points out that Synnex Corp. was attacked, whose accounts the RNC uses.",2021-06-28,2021-07-04,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Hijacking without Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Political parties']],['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)'],['Russia'],['State'],,1,2021-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR),Russia,State,,['https://www.infosecurity-magazine.com/news/kremlin-breached-republican/'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee', 'https://fortune.com/2021/07/06/russia-cozy-bear-rnc-ransomware/', 'https://www.securitymagazine.com/articles/95614-gop-allegedly-hacked-by-apt29-known-as-cozy-bear', 'https://www.infosecurity-magazine.com/news/kremlin-breached-republican/']"
1348,Indian Cyber Troops vs. Sindh High Court,"The hacker group ""Indian Cyber Troops"" hacked the official website of the Sindh High Court and shared several pictures on the website.",2021-07-04,2021-07-04,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Judiciary']],['Indian Cyber Troops'],['India'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,,,,Indian Cyber Troops,India,Unknown - not attributed,,['https://arynews.tv/indian-hackers-sindh-high-court-website/'],System / ideology,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.techjuice.pk/sindh-high-court-website-hacked-by-indian-hackers/', 'https://arynews.tv/indian-hackers-sindh-high-court-website/']"
1349,Georgia's vaccine registration page disrupted,The vaccine registration page of Georgia's Ministry of Health was disrupted for a day.,2021-07-03,2021-07-04,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,,['Georgia'],"[['ASIA', 'CENTAS']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.ekhokavkaza.com/a/31339291.html', 'https://tass.ru/obschestvo/11819249?utm_source=databreaches.net&utm_medium=referral&utm_campaign=databreaches.net&utm_referrer=databreaches.net', 'https://agenda.ge/en/news/2021/1832']"
1350,Cyber attack on Iran rail network,"A cyberattack led to delays and cancellations of trains of the Iran rail network. In addition, there were disruptions to the website of the transport and urbanisation ministry and of the national railways and cargo services. The phone number of Iran's supreme leader was displayed on the electronic display boards.",2021-07-09,2021-07-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Transportation']]",,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://old.iranintl.com/en/iran-in-brief/possible-cyberattack-disrupts-irans-rail-network-fars', 'https://www.reuters.com/world/middle-east/hackers-breach-iran-rail-network-disrupt-service-2021-07-09/', 'https://www.theguardian.com/world/2021/jul/11/cyber-attack-hits-irans-transport-ministry-and-railways', 'https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/']"
1493,"Ten Iranians and two Iranian companies - ransomware - engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere, causing damage and losses to the victims since October 2020","Mansour Ahmadi, Ahmad Khatibi and Amir Hossein Nickaein Raviri “engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere, causing damage and losses to the victims."" 
The U.S. government on Wednesday announced wide-ranging punitive actions against ten Iranians and two Iranian companies — including sanctions, indictments and multiple $10 million rewards.",2020-10-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse; Ransomware,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['Israel', 'Australia', 'Canada', 'Iran, Islamic Republic of', 'United Kingdom', 'Middle East (region)', 'United States']","[['ASIA', 'MENA', 'MEA'], ['OC'], ['NATO', 'NORTHAM'], ['ASIA', 'MENA', 'MEA'], ['EUROPE', 'NATO', 'NORTHEU'], [], ['NATO', 'NORTHAM']]","[['Unknown'], ['Unknown'], ['Unknown'], ['Unknown'], ['Unknown'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure']]","[[''], [''], [''], [''], [''], ['Government / ministries', 'Telecommunications', '', '', 'Military', 'Other (e.g., embassies)', 'Energy'], ['Government / ministries', 'Telecommunications', '', '', 'Military', 'Civil service / administration', 'Other (e.g., embassies)', 'Transportation', 'Health', 'Energy']]","['Mansour Ahmadi, aka Mansur Ahamdi (Najee Technology Hooshmand Fater LLC)', 'Ahmad Khatibi Aghda, aka Ahmad Khatibi (Afkar System Yazd Company)', 'Amir Hossein Nickaein Ravari, aka Amir Hossein Nikaeen, aka Amir Hossein Nickaein, aka Amir Nikayin']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', 'Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",4,2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14; 2022-09-14,"Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Domestic legal action; Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of Justice (DoJ); US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; US Department of the Treasury; Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Department of the Treasury’s Office of Foreign Assets Control (OFAC); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA); National Security Agency (NSA);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM);  US Cyber Command (USCC / US CYCOM); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Cyber National Mission Force (CNMF); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Australian Cyber Security Centre (ACSC); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); Canadian Centre for Cyber Security (CCCS); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); Secureworks; Secureworks; Secureworks; Secureworks; Secureworks; Secureworks; Secureworks; Secureworks,,United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; Australia; Australia; Australia; Australia; Australia; Australia; Canada; Canada; Canada; Canada; Canada; Canada; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United Kingdom; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States,"Mansour Ahmadi, aka Mansur Ahamdi (Najee Technology Hooshmand Fater LLC); Ahmad Khatibi Aghda, aka Ahmad Khatibi (Afkar System Yazd Company); Amir Hossein Nickaein Ravari, aka Amir Hossein Nikaeen, aka Amir Hossein Nickaein, aka Amir Nikayin; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Ali Agha-Ahmadi (Ali Ahmadi); Mohammad Agha Ahmadi (Mohammad Ahmadi); Mo’in Mahdavi (Mahdavi); Aliakbar Rashidi-Barjini (Rashidi); Amir Hossein Nikaeen Ravari (Nikaeen); Mostafa Haji Hosseini (Mostafa); Mojtaba Haji Hosseini (Mojtaba); Mohammad Shakeri-Ashtijeh (Shakeri); Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC; Najee Technology Hooshmand Fater LLC; Afkar System Yazd Company; Afkar System Yazd Company; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps; Najee Technology Hooshmand Fater LLC < COBALT MIRAGE; Najee Technology Hooshmand Fater LLC < COBALT MIRAGE; Afkar System Yazd Company < COBALT MIRAGE; Afkar System Yazd Company < COBALT MIRAGE; Secnerd < COBALT MIRAGE; Secnerd < COBALT MIRAGE; Iran Revolutionary Guard Corps; Iran Revolutionary Guard Corps","Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ","['https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/nj-22541-indictmentaugust102022.pdf', 'https://www.state.gov/sanctioning-iranians-for-malicious-cyber-acts/', 'https://www.justice.gov/opa/pr/three-iranian-nationals-charged-engaging-computer-intrusions-and-ransomware-style-extortion', 'https://home.treasury.gov/news/press-releases/jy0948', 'https://www.cisa.gov/uscert/ncas/alerts/aa22-257a']",Other,Unknown,,Unknown,,1,2022-09-14 00:00:00,State Actors: Stabilizing measures,Statement by minister of foreign affairs,United States,U.S. Department of State,No,,Exploit Public-Facing Application,Data Encrypted for Impact,None,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,0,Moderate - high political importance,3.0,Low,6.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",51-200,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,,1,2022-09-14 00:00:00,Peaceful means: Retorsion (International Law),Economic sanctions,United States,US Department of the Treasury,Due diligence,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.securityweek.com/us-indicts-iranians-who-hacked-power-company-womens-shelter', 'https://www.rferl.org/a/us-accuses-iranians-cyberattacks-sanctions/32033983.html', 'https://www.bleepingcomputer.com/news/security/us-govt-sanctions-ten-iranians-linked-to-ransomware-attacks/', 'https://therecord.media/u-s-govt-unveils-sanctions-charges-bounties-on-iranian-ransomware-actors/', 'https://www.cyberscoop.com/sweeping-action-against-iranian-hackers/', 'https://www.databreaches.net/three-iranian-nationals-charged-with-engaging-in-computer-intrusions-and-ransomware-style-extortion-against-u-s-critical-infrastructure-providers/', 'https://www.govinfosecurity.com/us-indicts-sanctions-3-iranian-nationals-for-ransomware-a-20063', 'https://www.jpost.com/breaking-news/article-717171', 'https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/nj-22541-indictmentaugust102022.pdf', 'https://www.state.gov/sanctioning-iranians-for-malicious-cyber-acts/', 'https://www.justice.gov/opa/pr/three-iranian-nationals-charged-engaging-computer-intrusions-and-ransomware-style-extortion', 'https://home.treasury.gov/news/press-releases/jy0948', 'https://www.cisa.gov/uscert/ncas/alerts/aa22-257a', 'https://www.securityweek.com/us-uk-canada-and-australia-link-iranian-government-agency-ransomware-attacks', 'https://thehackernews.com/2022/09/us-charges-3-iranian-hackers-and.html', 'https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-16th-2022-iranian-sanctions/', 'https://www.secureworks.com/blog/opsec-mistakes-reveal-cobalt-mirage-threat-actors', 'https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/']"
1352,Safari zero-day exploited by Russian government-backed actor,"A Russian government-backed actor exploited the CVE-2021-1879 WebKit/Safari flaw by sending western European government officials malicious links. While Google does not mention the name of a specific threat group, Microsoft is certain that the campaign was carried out by the hacking group Nobelium.",2021-01-28,2021-05-25,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Western Europe'],,"[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]","['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)', 'SVR']","['Russia', 'Russia']","['State', 'State']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia,State; State,,"['https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/', 'https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/']",International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/google-russian-svr-hackers-targeted-linkedin-users-with-safari-zero-day/', 'https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/', 'https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/', 'https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-growing-goldmine-your-linkedin-data-abused-for-cybercrime']"
1353,Moldova's Court of Accounts,"Public databases and audits were destroyed in a cyberattack by an unknown attacker on the website of the Moldovan Court of Accounts. The institution shut down the website to ensure an investigation and recovery of the data. The cyberattack coincides with the new Moldova president coming to power, but it's still unclear whether that had anything to do with it.",2021-07-15,2021-07-15,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,"['Moldova, Republic of']","[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.moldpres.md/en/news/2021/07/15/21005099', 'https://cyberintelmag.com/attacks-data-breaches/on-heels-of-elections-cyberattack-on-moldovas-court-of-accounts-destroyed-public-records/', 'https://www.bleepingcomputer.com/news/security/cyberattack-on-moldovas-court-of-accounts-destroyed-public-audits/']"
1354,APT31 targeting French organizations,"In a release, the Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) warns French organizations of an attack campaign by Chinese APT31. The group is converting a network of compromised home routers into operational relay boxes to perform stealth reconnaissance and attacks via them.",2021-01-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Unknown']],,['APT31/ZIRCONIUM/BRONZE VINEWOOD/G0128'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2021-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,APT31/ZIRCONIUM/BRONZE VINEWOOD/G0128,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-003/', 'https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-013.pdf']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.com/142452/apt/chinese-apts-targets-eu.html', 'https://twitter.com/RecordedFuture/status/1626633928327954434', 'https://securityaffairs.com/142698/breaking-news/security-affairs-newsletter-round-408-by-pierluigi-paganini.html', 'https://www.bankinfosecurity.com/chinese-apt-group-attacks-french-organizations-a-17124#:~:text=APT%2031%2C%20a%20China%2Dlinked,Agency%20of%20France%2C%20or%20ANSSI.', 'https://securityaffairs.co/wordpress/120392/apt/anssi-warns-apt31-attacks.html', 'https://www.bleepingcomputer.com/news/security/france-warns-of-apt31-cyberspies-targeting-french-organizations/', 'https://cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-003/', 'https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-013.pdf', 'https://www.cyberscoop.com/china-midterms-elections-influence-nord-hacking/']"
1355,LINE hack,"The Liberty Times news agency reports a hack on the instant messaging platform LINE in which the accounts of more than 100 Taiwanese politicians, military personnel, county mayors and political and opposition parties were attacked. In the process, the encryption function to protect messages was disabled for those affected.",2021-01-01,2021-07-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft; Hijacking with Misuse,,['Taiwan'],"[['ASIA', 'SCS']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Civil service / administration', 'Military', 'Political parties']]",,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://therecord.media/line-accounts-for-more-than-100-taiwanese-politicians-were-hacked/', 'https://taipeitimes.com/News/front/archives/2021/07/29/2003761652', 'https://news.ltn.com.tw/news/politics/paper/1463246', 'https://www.taiwannews.com.tw/en/news/4259770', 'https://linecorp.com/zh-hant/pr/news/zh-hant/2021/3841']"
1356,Russian cyberspies vs. Slovak government - 2021,"Between February and July, members of the Slovak government were victims of spear phishing campaigns. The two Slovak security companies ESET and IstroSec attributed the Russian group Dukes/Nobelium/APT29 as the attackers. After these attacks were made public, other campaigns against officials in 13 other European countries were uncovered.",2021-02-01,2021-07-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,"['Slovakia', 'Czech Republic', 'Europe (region)']","[['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], []]","[['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', ''], ['Government / ministries', ''], ['Government / ministries', '']]","['Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)', 'SVR']","['Russia', 'Russia']","['State', 'State']",,1,2021-01-01; 2021-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR); SVR,Russia; Russia,State; State,,"['https://www.istrosec.com/blog/apt-sk-cobalt/', 'https://twitter.com/ESETresearch/status/1426204524553846785']",International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://therecord.media/russian-cyberspies-targeted-slovak-government-for-months/', 'https://www.secureblink.com/cyber-security-news/cyberspies-linked-to-russian-intelligent-forces-targeted-slovak-government-via-phishing-campaigns', 'https://www.istrosec.com/blog/apt-sk-cobalt/', 'https://twitter.com/ESETresearch/status/1426204524553846785']"
1357,Pakistan FBR,"Unknown hackers attacked the Federal Board of Revenue (FBR) and disrupted websites on Pakistan's Independence Day (August 14). In addition, the hackers sold the FBR's network access for $26,000 via a Russian cybercrime forum.",2021-08-01,2021-08-14,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Police']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.aboutpakistan.com/news/network-access-to-fbr-sold-on-russian-forum/', 'https://tribune.com.pk/story/2315712/fbr-reels-under-a-major-cyberattack', 'https://www.hackread.com/network-access-pakistans-top-fbr-russian-forum/']"
1358,Cybersecurity Atlas project,A copy of the internal database of the European Commission's Cybersecurity Atlas was offered for sale by an unknown seller on a forum.,2021-01-01,2021-08-02,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft; Hijacking with Misuse,,['EU (region)'],[['EU']],[['International / supranational organization']],,,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://cyberthreatintelligence.com/news/eu-authorities-are-investigating-the-hacking-of-their-cybersecurity-atlas-project/', 'https://therecord.media/eu-officials-investigating-breach-of-cybersecurity-atlas-project/']"
1359,Belarusian Cyber Partisans: Data hacked and leaked - 2021,"A Belarusian hacking group called Cyberpartians has hacked the country's passport system and obtained data on millions of Belarusians, including high-profile figures. Also, data was published confirming that the COVID-19 death rate was in reality 14 times higher than reported by the authorities. Within the following weeks, the group publishes large portions of the stolen data, claiming that it is intended to overthrow Lukashenko's regime.",2021-01-01,2021-07-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,,['Belarus'],"[['EUROPE', 'EASTEU', 'CSTO']]",[['State institutions / political system']],[['Police']],['Belarusian Cyber Partians'],['Belarus'],['Non-state-group'],['Hacktivist(s)'],1,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Belarusian Cyber Partians,Belarus,Non-state-group,Hacktivist(s),"['https://www.currenttime.tv/a/smertnost-v-belarusi/31401342.html', 'https://www.currenttime.tv/a/hakery-vzlomali-pasporta/31385554.html']",System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://24.kg/english/202799_Passport_system_of_Belarus_hacked_Kurmanbek_Bakiyevs_data_found/', 'https://www.databreaches.net/lukashenko-hid-the-real-data-of-covid-19-mortality-a-cyber-attack-has-revealed-figures-about-14-times-higher/', 'https://www.currenttime.tv/a/smertnost-v-belarusi/31401342.html', 'https://www.currenttime.tv/a/hakery-vzlomali-pasporta/31385554.html', 'https://therecord.media/how-belarusian-hacktivists-are-using-digital-tools-to-fight-back/']"
1360,Konni RAT malware vs. Russia,"MalewareByte reports about an ongoing spear-phishing campaign with Konni RAT malware, which mainly targets Russia, but also other countries, such as Japan or Vietnam. The malware is mainly used by the North Korean hacker group APT37.",2021-07-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,"['Russia', 'Korea, Republic of', 'Japan', 'Vietnam', 'Nepal', 'Mongolia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SASIA'], ['ASIA', 'EASIA', 'NEA']]","[['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups']]","[['Other social groups'], ['Other social groups'], ['Other social groups'], ['Other social groups'], ['Other social groups'], ['Other social groups']]",['APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/', 'https://www.trendmicro.com/en_us/research/20/l/who-is-the-threat-actor-behind-operation-earth-kitsune-.html']",System / ideology; International power,System/ideology; International power; Other,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/konni-rat-variant-hits-russia-ongoing-attack/', 'https://heimdalsecurity.com/blog/new-konni-rat-campaign-in-full-fling/', 'https://securityaffairs.co/wordpress/121625/apt/konni-rat-target-russia.html', 'https://cyware.com/news/konni-rat-targets-russian-users-a74df9a5', 'https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/', 'https://www.trendmicro.com/en_us/research/20/l/who-is-the-threat-actor-behind-operation-earth-kitsune-.html']"
1361,French government visa website cyberattack,"On August 10, the french government visa website was hit by a cyberattack in which visa applicants' personal information was stolen. Sensitive data, such as financial-related data, was not exposed, according to the French Ministry of the Interior.",2021-08-10,2021-08-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.schengenvisainfo.com/news/frances-visa-application-website-experienced-cyber-attack-personal-data-of-applicants-got-exposed/', 'https://www.interieur.gouv.fr/actualites/communiques/module-de-plate-forme-france-visas-a-ete-lobjet-dune-attaque-informatique', 'https://portswigger.net/daily-swig/french-government-visa-website-hit-by-cyber-attack-that-exposed-applicants-personal-data']"
1362,North Korean defector Kang Mi-Jin,"The hacker group ScarCruft is suspected of breaching accounts belonging to North Korean defector Kang Mi-jin. Through the access, the group allegedly sent malicious documents to Kang's contacts and also tried to gain access to journalists' professional networks by sending messages to them.",2021-01-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Hijacking without Misuse,,"[""Korea, Democratic People's Republic of""]","[['ASIA', 'NEA']]","[['Social groups', 'Media']]","[['Political opposition / dissidents / expats', '']]",['APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://blog.alyac.co.kr/4084'],System / ideology; International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.nknews.org/2021/09/north-korean-hackers-breach-prominent-defectors-accounts-in-targeted-attack/', 'https://blog.alyac.co.kr/4084']"
1363,United Nations Hack,Unknown actors used credentials from a United Nations employee purchased from the dark web to access the UN network in April 2021. This allowed them to enter the network more deeply and obtain data.,2021-04-05,2021-08-07,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim; Incident disclosed by IT-security company,Data theft,,['United Nations'],,[['International / supranational organization']],,,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/', 'https://edition.cnn.com/2021/09/09/politics/junited-nations-cyberattack-april/index.html', 'https://securityaffairs.co/wordpress/122064/data-breach/united-nations-data-breach.html']"
1364,Grayfly campaign,"While ESET recently attributed the Sidewalk backdoor to the SparklingGoblin group, Symantec attributes the backdoor to the chinese Grayfly espionage group. The group attacked several sectors in Taiwan, Vietnam, USA and Mexico. The campaign continued even after five members of the group were indicted by the U.S. in 2020.",2021-01-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Taiwan', 'Vietnam', 'United States', 'Mexico']","[['ASIA', 'SCS'], ['ASIA', 'SCS', 'SEA'], ['NATO', 'NORTHAM'], []]","[['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[['Telecommunications', 'Finance', '', ''], ['Telecommunications', 'Finance', '', ''], ['Telecommunications', 'Finance', '', ''], ['Telecommunications', 'Finance', '', '']]",['Grayfly/GREF/Wicked Panda'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Grayfly/GREF/Wicked Panda,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayfly-china-sidewalk-malware'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://threatpost.com/sidewalk-backdoor-china-espionage-grayfly/169310/', 'https://cyware.com/news/chinese-group-grayfly-uses-sidewalk-backdoor-79b419a0', 'https://securityaffairs.co/wordpress/122069/apt/grayfly-apt-backdoor.html', 'https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayfly-china-sidewalk-malware']"
1365,Mustang Panda vs. Indonesian government agencies,"At least ten Indonesian government ministries and agencies, as well as the intelligence service Badan Intelijen Negara (BIN), were attacked by the Chinese hacking group Mustang Panda, according to the Record. Indonesian authorities, however, denied that the BIN was the victim of an attack in response to the report.",2021-03-01,2021-08-20,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,['Indonesia'],"[['ASIA', 'SCS', 'SEA']]","[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Intelligence agencies']]",['Mustang Panda'],['China'],"['Non-state actor, state-affiliation suggested']",,2,2021-01-01; 2021-01-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Contested attribution,,,,Mustang Panda; Mustang Panda,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://therecord.media/indonesian-intelligence-agency-compromised-in-suspected-chinese-hack/', 'https://apnews.com/article/technology-indonesia-hacking-d82af1aff0153a3d230b85bb0238f60e']",International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.newsweek.com/indonesia-has-no-evidence-china-hacked-intelligence-service-after-warning-us-company-1630798', 'https://www.thefineryreport.com/news/2021/9/15/chinese-hackers-allegedly-breach-system-of-indonesian-ministries', 'https://therecord.media/indonesian-intelligence-agency-compromised-in-suspected-chinese-hack/', 'https://apnews.com/article/technology-indonesia-hacking-d82af1aff0153a3d230b85bb0238f60e']"
1366,Bitcoin Scam,"On September 2, 2021, unknown actors hacked the website of the administration of the Russian city of Ryazan. In a first post, the hackers wrote on the website that users of an application would receive a certain amount of Bitcoins. In the second post, a Bitcoin lottery was advertised on the website.",2021-09-02,2021-09-02,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Civil service / administration']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://coingape.com/bitcoin-scam-hackers-launch-ponzi-btc-scheme-through-russias-government-website/', 'https://m.rzn.info/news/2021/9/2/sajt-ryazanskoj-merii-vtoroj-raz-za-sutki-vzlomali-hakery-239195.html', 'https://bitcoinik.com/hackers-hijack-russian-government-website-prompts-ponzi-bitcoin-scheme/']"
1367,Virginia National Guard attack,"In July 2021, email accounts for the Virginia Defense Force and the Virginia Department of Military Affairs were affected by a cyberattack. A month later, some stolen emails were offered for sale on the Marketo marketplace.",2021-07-01,2021-07-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Military']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/virginia-national-guard-cyberattack-marketo-data-leak/', 'https://www.itsecuritynews.info/virginia-defense-force-email-accounts-hit-by-a-cyber-attack/', 'https://whro.org/news/local-news/21447-for-sale-on-the-dark-web-61-gigabytes-from-the-virginia-defense-force', 'https://www.zdnet.com/article/virginia-national-guard-confirms-cyberattack-hit-virginia-defense-force-email-accounts/']"
1368,Operation EpikFail,"The hacker group Anonymous breached the database of the controversal web hosting provider Epik in February 2021 and published sensitive information of Epik customers. In September, the group also defaced parts of the Epik support portal in response to the provider's denial of an attack.",2021-02-28,2021-02-28,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Political opposition / dissidents / expats']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),"['https://archive.ph/Czuu2', 'https://web.archive.org/web/20210915001823/https://www.epik.com/support/knowledgebase/update-they-claim-we-got-hacked-q-says-theyre-lying/']",System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.dailydot.com/debug/anonymous-new-epik-leak/', 'https://www.bankinfosecurity.com/anonymous-leaks-epik-data-again-a-17655', 'https://therecord.media/anonymous-hacks-and-leaks-data-from-domain-registrar-epik/', 'https://archive.ph/Czuu2', 'https://web.archive.org/web/20210915001823/https://www.epik.com/support/knowledgebase/update-they-claim-we-got-hacked-q-says-theyre-lying/']"
1369,Operation Jane,"After Texas Senate Bill 8, which bans abortion after the sixth week of pregnancy, went into effect on Sept. 1, 2021, Operation Jane was launched by the hacktivist group Anonymous in protest. This involved defacing the Republican Party of Texas website for several hours.",2021-09-11,2021-09-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Political parties']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),['https://web.archive.org/web/20210911101420/https://www.texasgop.org/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.hackread.com/anonymous-hacks-texas-republican-party-website-abortion-law/', 'https://www.tpr.org/technology-entrepreneurship/2021-09-11/texas-gop-website-hacked-by-activists-protesting-abortion-law', 'https://www.newsweek.com/anonymous-hacks-texas-republican-party-website-after-state-enacts-anti-abortion-law-1628252', 'https://portswigger.net/daily-swig/texas-republican-party-website-defaced-in-anonymous-protest-against-abortion-law', 'https://web.archive.org/web/20210911101420/https://www.texasgop.org/', 'https://cyberscoop.com/hacktivist-target-operational-technology/', 'https://www.mandiant.com/resources/blog/hacktivists-targeting-ot-systems']"
1370,Cyber attack hits Jefferson Parish Courts,"Unknown hackers exploited the vulnerabilities after Hurricane Ida to take down Jefferson Parish's key courthouses website, where malware has been used.",2021-08-01,2021-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Judiciary']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.secureworld.io/industry-news/louisiana-court-system-cyberattack', 'https://www.nola.com/news/courts/article_385d0e5e-14b5-11ec-849b-fb8b4964d837.html', 'https://www.securedata.com/blog/malware-attack-follows-hurricane-ida-landfall']"
1371,DDoS attack German election commission,"Shortly before the German federal election in September 2021, the website of the Federal Election Commissioner suffered a short DDoS attack by unknown actors. However, the IT systems important for the election were not affected by the attack.",2021-08-01,2021-08-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Election infrastructure / related systems']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.reuters.com/article/germany-election-cyber-idUSL8N2QH438', 'https://www.businessinsider.de/politik/deutschland/hackerangriff-auf-server-des-bundeswahlleiters/', 'https://www.straitstimes.com/world/europe/german-election-authority-confirms-likely-cyber-attack']"
1372,FocaLeaks vs. El Salvador Police,"The hacktivist group FocaLeaks claims to be responsible for the exfiltration and publication of personal data of more than 30,000 police officers of the Polícia Nacional Civil (PNC) in El Salvador. One of the reasons given for this is the arrest of Salvadoran Bitcoin Law critic Mario Gómez in early September.",2021-09-01,2021-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by media (without further information on source); Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing; Hijacking with Misuse,,['El Salvador'],[['CENTAM']],[['State institutions / political system']],[['Police']],['FocaLeaks'],"['Europe (region)', 'South America']",['Non-state-group'],['Hacktivist(s)'],1,2021-01-01; 2021-01-01,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,,,,FocaLeaks; FocaLeaks,Europe (region); South America,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),['https://www.databreaches.net/focaleaks-claims-to-have-hacked-el-salvador-police-gained-access-to-records-on-civilians-agents-and-criminal-investigations/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://ddosecrets.com/wiki/El_Salvador_Police_Database', 'https://www.coindesk.com/policy/2021/09/01/el-salvador-police-releases-bitcoin-law-critic-arrested-for-alleged-bank-fraud/', 'https://www.laprensagrafica.com/elsalvador/Hackeo-de-web-de-la-PNC-pone-en-peligro-datos-de-policias-20210909-0059.html', 'https://www.databreaches.net/el-salvador-pnc-confirms-investigation-of-focaleaks/', 'https://www.databreaches.net/focaleaks-claims-to-have-hacked-el-salvador-police-gained-access-to-records-on-civilians-agents-and-criminal-investigations/']"
1373,TAG-28 vs. Indian agencies,"The state-sponsored Chinese group TAG-28 used the Winnti malware to target the media conglomerate Bennett Coleman And Co Ltd (BCCL), the Unique Identification Authority of India (UIDAI) and the Madhya Pradesh Police and exfiltrated data. The IT company Recorded Future draws parallels to the border conflicts between India and Pakistan.",2021-02-01,2021-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['India'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'State institutions / political system', 'Media']]","[['Civil service / administration', 'Police', '']]",['TAG-28'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TAG-28,China,"Non-state actor, state-affiliation suggested",,['https://go.recordedfuture.com/hubfs/reports/cta-2021-0921.pdf'],International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://economictimes.indiatimes.com/news/india/report-suspected-chinese-hack-targets-indian-media-government/articleshow/86430553.cms', 'https://therecord.media/report-china-linked-hackers-take-aim-at-times-of-india-and-a-biometric-bonanza/', 'https://cybersecuritynews.com/china-linked-group-tag-28/', 'https://go.recordedfuture.com/hubfs/reports/cta-2021-0921.pdf']"
1374,ChamelGang,"The previously unknown APT ChamelGang targeted institutions, such as the government, aviation and energy sectors, of a total of ten countries in two attacks. The group disguised its malware and network infrastructure as legitimate domains, such as McAffee, Microsoft, or TrendMicro.",2021-03-01,2021-08-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim; Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Russia', 'United States', 'Japan', 'Turkey', 'Taiwan', 'Vietnam', 'India', 'Afghanistan', 'Lithuania', 'Nepal']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['NATO', 'NORTHAM'], ['ASIA', 'SCS', 'NEA'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'SCS'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['ASIA', 'SASIA']]","[['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure', 'Critical infrastructure']]","[['Government / ministries', 'Energy', 'Transportation'], ['Government / ministries', 'Energy', 'Transportation'], ['Government / ministries', 'Energy', 'Transportation'], ['Government / ministries', 'Energy', 'Transportation'], ['Government / ministries', 'Energy', 'Transportation'], ['Government / ministries', 'Energy', 'Transportation'], ['Government / ministries', 'Energy', 'Transportation'], ['Government / ministries', 'Energy', 'Transportation'], ['Government / ministries', 'Energy', 'Transportation'], ['Government / ministries', 'Energy', 'Transportation']]",['ChamelGang'],['Unknown'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,ChamelGang,Unknown,Unknown - not attributed,,['https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/122902/apt/chamelgang-apt-targets-russia.html', 'https://www.securityweek.com/chamelgang-hackers-target-energy-aviation-and-government-sectors', 'https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/']"
1375,DEV-0343,"Iran-linked threat actors attempted password spraying to compromise the Office 365 accounts of more than 250 targets, with fewer than 20 of these attacks being successful. Targets were primarily U.S. and Israeli defense technology companies, Persian Gulf ports of entry, and maritime transportation companies operating in the Middle East.",2021-07-01,2000-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Hijacking without Misuse,,"['United States', 'Israel', 'EU (region)', 'Middle East (region)']","[['NATO', 'NORTHAM'], ['ASIA', 'MENA', 'MEA'], ['EU'], []]","[['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure']]","[['Transportation', 'Defence industry'], ['Transportation', 'Defence industry'], ['Transportation', 'Defence industry'], ['Transportation', 'Defence industry']]",['DEV-0343'],"['Iran, Islamic Republic of']",['State'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DEV-0343,"Iran, Islamic Republic of",State,,['https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://therecord.media/microsoft-iran-linked-hackers-breached-office-365-customer-accounts/', 'https://www.bleepingcomputer.com/news/security/microsoft-iran-linked-hackers-target-us-defense-tech-companies/', 'https://cybernews.com/news/microsoft-iran-linked-hackers-have-targeted-us-and-israeli-defense-companies/', 'https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/']"
1376,MysterySnail,"Kaspersky discovered a zero-day exploit as well as a malware called MysterySnail that was used for an espionage campaign against IT companies, military/defense contractors and diplomatic entities. The attack was attributed by the IT company to the Chinese APT IronHusky, which has been active since 2012.",2021-08-01,2021-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Unknown'],,"[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['', 'Military', 'Defence industry']]",['IronHusky'],['China'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,IronHusky,China,Unknown - not attributed,,['https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/'],Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/123285/hacking/ironhusky-zero-day.html', 'https://www.bleepingcomputer.com/news/security/chinese-hackers-use-windows-zero-day-to-attack-defense-it-firms/', 'https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/']"
1377,RENAPER breach,"An unknown hacker breached Argentina's ID database RENAPER and published ID card photos and personal data of 44 Argentinian celebrities, such as President Alberto Fernández and soccer players like Lionel Messi and Sergio Aguero. The hacker claims to have the data of all 45 million residents of Argentina.",2021-09-01,2021-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,,['Argentina'],[['SOUTHAM']],[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Individual hacker(s)'],,1,,,Media-based attribution,,,,,Unknown,Individual hacker(s),,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/', 'https://www.argentina.gob.ar/noticias/el-renaper-detecto-el-uso-indebido-de-una-clave-otorgada-un-organismo-publico-y-formalizo', 'https://www.hackread.com/hacker-steals-govt-database-entire-argentine-population/']"
1378,Harvester,"A previously unknown hacking group, which Symantec calls Harvester, is conducting espionage campaigns against sectors such as telecommunications, government and information technology, using new tools such as a custom backdoor in conjunction with other downloaders and screenshot tools. Based on the tools used, the custom development and the targets, Symantec assumes a state-sponsored threat actor.",2021-06-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['South Asia (region)', 'Afghanistan']","[[], ['ASIA', 'SASIA']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Telecommunications', ''], ['Government / ministries', 'Telecommunications', '']]",['Harvester'],['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Harvester,Unknown,"Non-state actor, state-affiliation suggested",,['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/harvester-new-apt-attacks-asia'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/123559/apt/harvester-targets-telcos.html', 'https://www.bleepingcomputer.com/news/security/state-backed-hackers-breach-telcos-with-custom-malware/', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/harvester-new-apt-attacks-asia']"
1379,RootAyyildiz,"Former U.S. President Donald Trump's website was defaced by a pro-Turkish hacktivist named RootAyyildiz on October 18, 2021. There was already a defacement on Trump's website on October 9.",2021-10-09,2021-10-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['United States'],"[['NATO', 'NORTHAM']]",[['End user(s) / specially protected groups']],,['RootAyyildiz'],['Turkey'],['Non-state-group'],['Hacktivist(s)'],1,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,RootAyyildiz,Turkey,Non-state-group,Hacktivist(s),"['https://web.archive.org/web/20211009080849/https://action.donaldjtrump.com/', 'https://web.archive.org/web/20211018012151/http://action.donaldjtrump.com/']",System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.vice.com/amp/en/article/4avkkn/hacker-turkey-hacks-defaces-donald-trump-website', 'https://www.forbes.com/sites/joewalsh/2021/10/18/hacker-appears-to-deface-part-of-trumps-website/?sh=5248010a6fb2', 'https://web.archive.org/web/20211009080849/https://action.donaldjtrump.com/', 'https://web.archive.org/web/20211018012151/http://action.donaldjtrump.com/']"
1380,AR Bunse,A single threat actor used the Pakistani front company Bunse Technologies to send malware to targets in Afghanistan and India using RTF documents with political and governmental themes. They also exploited the CVE-2017-11882 vulnerability and targeted mobile devices.,2021-01-01,2021-08-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,"['India', 'Afghanistan']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA']]","[['State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', ''], ['Government / ministries', '']]",['A.R. Bunse'],['Pakistan'],['Individual hacker(s)'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,A.R. Bunse,Pakistan,Individual hacker(s),,['https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/political-themed-actor-using-old-ms-office-flaw-to-drop-multiple-rats/', 'https://threatpost.com/apt-commodity-rats-microsoft-bug/175601/', 'https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html']"
1381,HDP vs. Hezbollah,"A hacking group called HDP hacked the Venezuelan intelligence database to obtain personal data of alleged Hezbollah operators living under the protection of President Nicolas Maduro and leaked information from it. According to the group, this campaign was carried out together with former intelligence officers.",2021-10-01,2021-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,['Venezuela'],[['SOUTHAM']],[['State institutions / political system']],[['Intelligence agencies']],['Team HDP'],['Venezuela'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Team HDP,Venezuela,Unknown - not attributed,,['https://www.israelhayom.co.il/news/world-news/article/5293982'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.israelhayom.com/2021/10/26/hezbollah-operatives-given-refuge-in-venezuela-hackers-reveal/', 'https://www.israelhayom.co.il/news/world-news/article/5293982']"
1382,DeathNote cluster,"In 2021, two attacks were perpetrated by the Lazarus Group using an updated DeathNote cluster. The first attack targeted a think tank in South Korea and the second an IT asset monitoring vendor. Kaspersky therefore assumes that the threat actor wants to build the attack capabilities on supply chains.",2021-05-01,2021-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,"['Korea, Republic of', 'Latvia']","[['ASIA', 'SCS', 'NEA'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Social groups', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Other social groups', ''], ['Other social groups', '']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://usa.kaspersky.com/about/press-releases/2021_apt-actor-lazarus-attacks-defense-industry-develops-supply-chain-attack-capabilities', 'https://securelist.com/apt-trends-report-q3-2021/104708/']",International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/kaspersky-north-korean-hackers-targeting-it-supply-chain', 'https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/', 'https://usa.kaspersky.com/about/press-releases/2021_apt-actor-lazarus-attacks-defense-industry-develops-supply-chain-attack-capabilities', 'https://securelist.com/apt-trends-report-q3-2021/104708/', 'https://securelist.com/the-lazarus-group-deathnote-campaign/109490/']"
1383,BlackShadow,"The database of the Israeli hosting provider Cyberserve was attacked by the Iranian hacker group BlackShadow, demanding ransom from its customers. Customers include local radio stations, museums and educational institutions, as well as the Israeli LGBTQ dating app Atraf.",2021-10-29,2021-10-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science']]","[['Transportation', '', '', '']]",['Black Shadow'],"['Iran, Islamic Republic of']",['Non-state-group'],['Hacktivist(s)'],1,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Black Shadow,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),['https://www.timesofisrael.com/iranian-hackers-take-down-servers-of-israeli-internet-hosting-company-cyberserve/'],System / ideology; International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/124000/hacking/black-shadow-hacked-cyberserve.html', 'https://www.bleepingcomputer.com/news/security/blackshadow-hackers-breach-israeli-hosting-firm-and-extort-customers/', 'https://www.timesofisrael.com/iranian-hackers-take-down-servers-of-israeli-internet-hosting-company-cyberserve/']"
1384,Border crossings database hack - 2021,"The Belarus Cyber-Partisans stated in a tweet that they had gained access to the database on all border crossings in Belarus. A YouTube video shows an excerpt of the alleged data set. All entries and exits of the past 15 years are said to have been documented, including those of Belarusian President Lukashenko and his personnel.",2021-11-01,2021-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,,['Belarus'],"[['EUROPE', 'EASTEU', 'CSTO']]",[['State institutions / political system']],[['Police']],['Belarusian Cyber-Partians'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Belarusian Cyber-Partians,Unknown,Non-state-group,Hacktivist(s),"['https://twitter.com/cpartisans/status/1457840536023351301', 'https://www.youtube.com/watch?v=YpOiGRLEz3w']",System / ideology; National power,System/ideology; National power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://portswigger.net/daily-swig/belarusian-hackers-claim-to-have-accessed-full-database-of-those-crossing-the-countrys-borders', 'https://twitter.com/cpartisans/status/1457840536023351301', 'https://www.youtube.com/watch?v=YpOiGRLEz3w']"
1385,Police surveillance footage leak,"The transparency collective Distributed Denial of Secrets ( DDoSecrets ) released more than 600 hours of aerial surveillance footage of police in Texas and Georgia in November 2021 after the group obtained it through an unknown source. Three months earlier, it was revealed that Dallas police lost 22 terabytes of case data and recovered only 14 terabytes.",2021-01-01,2021-11-01,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft & Doxing,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.infosecurity-magazine.com/news/dallas-police-surveillance-footage/', 'https://www.courthousenews.com/activists-leak-600-hours-of-mostly-dallas-police-helicopter-footage-after-citys-22-terabyte-loss-of-criminal-case-data/', 'https://ddosecrets.com/wiki/Aerial_Surveillance_Footage', 'https://twitter.com/AricToler/status/1457009465400741891', 'https://twitter.com/NatSecGeek/status/1457053874741784576']"
1386,macOS-Exploits,An unknown actor targeted Hong Kong websites of a media provider and a pro-democracy labor and political group using watering hole attacks and exploiting a vulnerability. Google's Threat Analysis Group suspects a state-sponsored actor behind the attack.,2021-08-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,['Hong Kong'],[['ASIA']],[['End user(s) / specially protected groups']],,,['Unknown'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,"Non-state actor, state-affiliation suggested",,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/124513/malware/macos-zero-day-watering-hole-hong-kong.html', 'https://therecord.media/macos-zero-day-deployed-via-hong-kong-pro-democracy-news-sites/']"
1387,Kimsuky vs. South Korean think tanks,"Since at least June 2021, North Korea's state-sponsored APT Kimsuky has targeted geopolitical and aerospace research agencies in South Korea.",2021-06-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Science']],,['Kimsuky/Velvet Chollima/STOLEN PENCIL/Thallium/Black Banshee/G0094'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Thallium/Black Banshee/G0094,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html'],International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/north-korean-hackers-target-the-souths-think-tanks-through-blog-posts/', 'https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html']"
1388,FBI spam mails,"An unknown hacker gained access to the Federal Bureau of Investigation (FBI) email server and used it to send tens of thousands of spam emails in two waves. The emails warn of a cyberattack by a threat actor named Vinny Troia. Actually, Vinny Troia is the head of security research for the dark web intelligence companies NightLion and Shadowbyte.",2021-11-13,2021-11-13,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['Pompompurin'],['Unknown'],['Individual hacker(s)'],,1,2021-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,Pompompurin,Unknown,Individual hacker(s),,"['https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/', 'https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/']",Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://twitter.com/spamhaus/status/1459450061696417792?ref_src=twsrc%5Etfw', 'https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/', 'https://www.hackread.com/us-marshals-service-ransomware-attack/', 'https://www.fbi.gov/news/press-releases/press-releases/fbi-statement-on-incident-involving-fake-emails', 'https://indianexpress.com/article/technology/tech-news-technology/the-fbis-email-system-was-hacked-to-send-out-fake-cybersecurity-warnings-7623616/', 'https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/', 'https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/']"
1389,Iranian hacker group Moses Staff targeting Israeli organizations since 2021,"Since September 2021, the hacker group Moses Staff has been targeting Israeli organizations by, among other things, publishing sensitive data or encrypting networks without ransom demands. The CheckPoint company therefore assesses the group's attacks as entirely politically motivated.",2021-09-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft & Doxing; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Unknown']],,['Moses Staff'],['Unknown'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Moses Staff,Unknown,Unknown - not attributed,,['https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://therecord.media/new-moses-staff-group-targets-israeli-organizations-in-destructive-attacks/', 'https://www.bleepingcomputer.com/news/security/moses-staff-hackers-wreak-havoc-on-israeli-orgs-with-ransomless-encryptions/', 'https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/']"
1390,Iranian state-sponsored group Phosphorus exploits ProxyShell to deploy ransomware,"According to DFIR Report, the Iranian state-sponsored APT Phosphorus (also tracked as APT35, Charming Kitten, Newscaster, TA453, Magic Hound) exploited ProxyShell to conduct a ransomware campaign that encrypts systems of targets domain-wide.",2021-09-01,2021-09-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse; Ransomware,,['Unknown'],,[['Unknown']],,['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059'],"['Iran, Islamic Republic of']",['State'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059,"Iran, Islamic Republic of",State,,['https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application,Data Encrypted for Impact,None,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.hackread.com/proxyshell-vulnerabilities-domain-wide-ransomware-attacks/', 'https://www.techtarget.com/searchsecurity/news/252509511/ProxyShell-leads-to-domain-wide-ransomware-attack', 'https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/']"
1351,Operation SpoofedScholars,"Iran-linked actor TA453 imitates British scholars to obtain sensitive data from professors, Middle East experts, as well as journalists.",2021-01-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United Kingdom'],"[['EUROPE', 'NATO', 'NORTHEU']]","[['Social groups', 'Media', 'Science']]","[['Other social groups', '', '']]",['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453'],National power; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453', 'https://www.securityweek.com/iranian-hackers-impersonate-british-scholars-recent-campaign']"
1392,"MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists","State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.",2021-07-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Palestine', 'Turkey']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Media'], ['State institutions / political system', 'Critical infrastructure', 'Social groups', 'Media']]","[['Political parties', 'Finance', 'Advocacy / activists (e.g. human rights organizations)', ''], ['Political parties', 'Finance', 'Advocacy / activists (e.g. human rights organizations)', '']]",['MoleRats/ Gaza Cybergang'],['Palestine'],['Unknown - not attributed'],,1,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,MoleRats/ Gaza Cybergang,Palestine,Unknown - not attributed,,['https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://thecybersecurity.news/vulnerabilities/molerats-apt-launches-spy-campaign-on-bankers-politicians-journalists-16146/', 'https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east']"
1393,NSO Pegasus Spyware: Finnish diplomats,Finland's Ministry for Foreign Affairs says devices of Finnish diplomats have been hacked and infected with NSO Group's Pegasus spyware in a cyber-espionage campaign.,2021-01-01,2022-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Unknown'],,[['State institutions / political system']],,,,,,0,,,,,,,,,,,['https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/prime-ministers-office-compromised.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.darkreading.com/attacks-breaches/threat-actors-use-microsoft-onedrive-for-command-and-control-in-attack-campaign', 'https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/prime-ministers-office-compromised.html', 'https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/']"
1394,Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign,Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign,2021-09-01,2021-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Eastern Europe'],,"[['State institutions / political system', 'State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Military', 'Defence industry']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)', 'GRU']","['Russia', 'Russia']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2022-01-01; 2022-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165); GRU",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-discovers-dazzlespy-macos-malware-spying-on-visitors-of-hong-kong-pro-democracy-news/'],System / ideology; International power,Unknown,,Unknown,,0,,,,,,Yes,One,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/new-dazzlespy-malware-targets-macos-users-in-watering-hole-attack/', 'https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-discovers-dazzlespy-macos-malware-spying-on-visitors-of-hong-kong-pro-democracy-news/']"
1395,DazzleSpy,A new watering hole attack has been discovered targeting macOS users and visitors of a pro-democracy radio station website in Hong Kong and infecting them with the DazzleSpy malware.,2021-09-01,2021-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Hong Kong'],[['ASIA']],[['Social groups']],[['Advocacy / activists (e.g. human rights organizations)']],,['Unknown'],['Unknown - not attributed'],,1,,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,,Unknown,Unknown - not attributed,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/finnish-diplomats-phones-infected-with-nso-group-pegasus-spyware/', 'https://um.fi/current-affairs/-/asset_publisher/gc654PySnjTX/content/ulkoministerio-on-saanut-selvitettya-siihen-kohdistuneen-vakoilutapauksen']"
1396,MuddyWater vs. Turkey (2021),MuddyWater is impersonating the Turkish Health and Interior Ministries to sink its claws into victim networks.,2021-11-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,['Turkey'],"[['ASIA', 'NATO', 'MEA']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'State institutions / political system']]","[['Government / ministries', '', 'Civil service / administration']]","['MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069', 'Ministry of Intelligence and Security (MOIS; Iran)']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2022-01-01; 2022-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069; Ministry of Intelligence and Security (MOIS; Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html'],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.zdnet.com/article/state-sponsored-iranian-hackers-attack-turkish-govt-organizations/', 'https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/', 'https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html']"
1397,MuddyWater: Armenia and Pakistan,State-sponsored hacking group MuddyWater targeted not furhter definded pakistan entities and the armenian telecommunication sector. It is not known if the iranian cyber-operation against Turkey is linked to this cyber-operation.,2021-06-01,2021-08-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,"['Pakistan', 'Armenia']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'CENTAS', 'CSTO']]","[['Unknown', 'Critical infrastructure'], ['Unknown', 'Critical infrastructure']]","[['', 'Telecommunications'], ['', 'Telecommunications']]","['MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069', 'Ministry of Intelligence and Security (MOIS; Iran)']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2022-01-01; 2022-01-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,,,,MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069; Ministry of Intelligence and Security (MOIS; Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html'],System / ideology; International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html']
1398,US media and publishing conglomerate News Corp was targeted by Chinese-linked espionage group from February 2020 until January 2022,"American media and publishing giant News Corp disclosed on February 4, 2022, that it was the target of a ""persistent"" cyber attack by which the attackers gained access to emails and documents, also by journalists. According to David Wong, vice president of consulting at Mandiant (in February 2022), the perpetrators are believed to have ""China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests.” Mandiant was engaged in the containment of the breach.
In February 2023, News Corp further revealed that the actual breach of its systems already started in February 2020. ",2020-02-01,2022-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Data theft; Hijacking with Misuse,[['News Corp']],['United States'],"[['NATO', 'NORTHAM']]",[['Media']],,['Not available'],['China'],['State'],,1,2022-02-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,David Wong (Vice President of Consulting at Mandiant),,United States,,China,State,,['https://www.wsj.com/articles/cyberattack-on-news-corp-believed-linked-to-china-targeted-emails-of-journalists-others-11643979328?st=yrhf72fjgcuccqv&reflink=desktopwebshare_permalink'],International power,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://www.bleepingcomputer.com/news/security/news-corp-discloses-hack-from-persistent-nation-state-cyber-attacks/', 'https://www.wsj.com/articles/cyberattack-on-news-corp-believed-linked-to-china-targeted-emails-of-journalists-others-11643979328?st=yrhf72fjgcuccqv&reflink=desktopwebshare_permalink', 'https://securityaffairs.com/142701/data-breach/news-corp-security-breach.html', 'https://www.documentcloud.org/documents/23689861-news-corp-feb-2023-data-breach-notification', 'https://www.reuters.com/article/news-corp-cyber-attack-idCNL4N2UF255', 'https://investors.newscorp.com/node/11716/html', 'https://www.bleepingcomputer.com/news/security/news-corp-says-state-hackers-were-on-its-network-for-two-years/', 'https://www.darkreading.com/analytics/attackers-were-on-network-2-years-news-corp', 'https://twitter.com/Dinosn/status/1630224915105452033', 'https://twitter.com/HackRead/status/1630203903286427648', 'https://twitter.com/Dinosn/status/1630088111630721024', 'https://therecord.media/limited-number-of-news-corp-employees-sent-breach-notification-letters-after-january-cyberattack/', 'https://www.hackread.com/news-corp-breach-hackers-undetected/', 'https://twitter.com/Cyber_O51NT/status/1629284078334910466', 'https://twitter.com/Dinosn/status/1629244368149266441', 'https://twitter.com/HackRead/status/1630203903286427648', 'https://twitter.com/Dinosn/status/1630224915105452033', 'https://twitter.com/Dennis_Kipker/status/1631296998094635008']"
1399,Operation Cache Panda,A hacking group affiliated with the Chinese government is believed to have carried out a months-long attack against Taiwan’s financial sector by leveraging a vulnerability in a security software solution used by roughly 80% of all local financial organizations.,2021-11-01,2022-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Taiwan'],"[['ASIA', 'SCS']]",[['Critical infrastructure']],[['Finance']],"['APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)']",['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://medium.com/cycraft/supply-chain-attack-targeting-taiwan-financial-sector-bae2f0962934'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://therecord.media/chinese-hackers-linked-to-months-long-attack-on-taiwanese-financial-sector/', 'https://medium.com/cycraft/supply-chain-attack-targeting-taiwan-financial-sector-bae2f0962934', 'https://medium.com/cycraft/china-implicated-in-prolonged-supply-chain-attack-targeting-taiwan-financial-sector-264b6a1c3525']"
1400,SockDetour,A new custom malware dubbed SockDetour found on systems belonging to US defense contractors has been used as a backup backdoor to maintain access to compromised networks.,2021-07-27,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,,"['United States', 'Global (region)']","[['NATO', 'NORTHAM'], []]","[['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Energy', 'Health', 'Finance', 'Defence industry', '', ''], ['Energy', 'Health', 'Finance', 'Defence industry', '', '']]",['Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2022-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,,,,Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027,China,"Non-state actor, state-affiliation suggested",,"['https://www.bleepingcomputer.com/news/security/us-defense-contractors-hit-by-stealthy-sockdetour-windows-backdoor/', 'https://unit42.paloaltonetworks.com/sockdetour/']",International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/us-defense-contractors-hit-by-stealthy-sockdetour-windows-backdoor/', 'https://unit42.paloaltonetworks.com/sockdetour/']"
1401,U.S. State Governments Targeted by Chinese Hackers via Zero-Day in Agriculture Tool,"A threat group believed to be sponsored by the Chinese government has breached the networks of U.S. state governments, including through the exploitation of a zero-day vulnerability.",2021-05-01,2022-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,['https://www.mandiant.com/resources/apt41-us-state-governments'],Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.securityweek.com/us-state-governments-targeted-chinese-hackers-zero-day-agriculture-tool', 'https://www.mandiant.com/resources/apt41-us-state-governments']"
1402,APT36 use various malware against Indian govt employees in an extended campaign - 2021,"A new campaign from the hacking group tracked as APT36, aka 'Transparent Tribe' or' Mythic Leopard,' has been discovered using new custom malware and entry vectors in attacks against the Indian government. The threat actors are known to utilize their malware of choice, CrimsonRAT (remote access trojan), during this campaign, in addition to new malware as they use various initial entry mechanisms in an attempt to diversify, remain undetected, and gain access to further systems. According to Cisco Talos, the campaign has been documented since June 2021 and uses inauthentic domains that mimic authentic government and government-related domains. ""Notably, the adversary has moved towards deploying small, bespoke stagers and downloaders that can be easily modified, likely to enable quick and agile operations."" It is suspected that the APT36 threat actors are Pakistan-linked since they are known to specifically target government- and military-associated persons and entities. The Windows-based malware that the threat actors are known to use are: CrimsonRAT, ObliqueRAT, and customized malware.",2021-06-01,2022-03-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Military']],['APT36/Transparent Tribe/Mythic Leopard/C-Major'],['Pakistan'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-03-29 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cisco Talos Intelligence,Cisco Talos ,United States,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html'],International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,Not available,Not available,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,Not available,Not available,Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Cyber espionage,Non-state actors,No response justified (missing state attribution & breach of international law),,"['https://www.bleepingcomputer.com/news/security/hackers-use-modified-mfa-tool-against-indian-govt-employees/', 'https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html', 'https://blog.talosintelligence.com/transparent-tribe-new-campaign/', 'https://thehackernews.com/2022/02/new-caprarat-android-malware-targets.html']"
1403,Chinese Hackers Targeted Southeast Asian Nations,"State-sponsored chinese hackers, have been broadly targeting government entities across Southeast Asia, including those closely involved with Beijing regarding the One-Belt-One-Road Initiative.",2021-03-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,"['Philippines', 'Malaysia', 'Thailand', 'Vietnam', 'Indonesia']","[['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA']]","[['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system'], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Legislative', 'Civil service / administration', 'Military', 'Police', 'Political parties'], ['Government / ministries', 'Legislative', 'Civil service / administration', 'Military', 'Police', 'Political parties'], ['Government / ministries', 'Legislative', 'Civil service / administration', 'Military', 'Police', 'Political parties'], ['Government / ministries', 'Legislative', 'Civil service / administration', 'Military', 'Police', 'Political parties'], ['Government / ministries', 'Legislative', 'Civil service / administration', 'Military', 'Police', 'Political parties']]",['TAG-16'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TAG-16,China,"Non-state actor, state-affiliation suggested",,['https://www.recordedfuture.com/chinese-state-sponsored-cyber-espionage-expansion-power-influence-southeast-asia/?utm_source=securityweek'],System / ideology; International power,Territory; Resources; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/report-chinese-hackers-targeted-southeast-asian-nations', 'https://www.recordedfuture.com/chinese-state-sponsored-cyber-espionage-expansion-power-influence-southeast-asia/?utm_source=securityweek']"
1404,Chinese Espionage Campaign: Laos,Chinese state-sponsred hacking groups compromised the networks of the telecom companies and the government of Laos. The chinese government conducted this cyber-operation in the context of the Belt-and-Road Initiative with which the government of Laos is strongly aligned to.,2021-05-01,2021-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,['Laos'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Telecommunications']]",['TAG-33'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TAG-33,China,"Non-state actor, state-affiliation suggested",,['https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://worldview.stratfor.com/article/chinas-cyberespionage-will-remain-robust-and-expansive-southeast-asia', 'https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf']"
1405,Chinese Espionage Campaign: Cambodia,Chinese state-sponsored hacking groups compromised the networks of the Cambodian government and the country's sole international and commercial Aihanoukville Autonomous Port. The targeting of this Cambodian seaport aims to offset Japanese influence as the biggest investor of this particular seaport because of its relevance for the Belt-and-Road Initiative of China.,2021-06-01,2021-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,['Cambodia'],"[['ASIA', 'SEA']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Transportation']]",['TAG-34'],['China'],['Unknown - not attributed'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TAG-34,China,Unknown - not attributed,,['https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf']
1406,Log4j Belgian Defence Ministry,"The Belgian Defense Ministry was hit by a cyber attack which blocked the ministry's activities, it seems that the attackers used the Log4j vulnerability, which was discovered earlier in December of 2021.",2021-12-16,2021-12-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,['Belgium'],"[['EUROPE', 'EU', 'NATO', 'WESTEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.standaard.be/cnt/dmf20211220_92316559', 'https://www.politico.eu/article/belgium-defense-ministry-hit-with-cyberattack/', 'https://securityaffairs.co/wordpress/125813/cyber-warfare-2/belgian-defense-ministry-hit-cyberattack.html', 'https://www.darkreading.com/application-security/does-security-have-to-get-worse-before-it-gets-better', 'https://socradar.io/4-lessons-learned-from-log4shell/']"
1331,"Conflict, Security and Stabilisation Fund (CSSF)",Hackers stole sensitive documents about UK aid projects overseas.,2021-01-01,2021-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft,,['United Kingdom'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://networkingplus.co.uk/news-details?itemid=3879&post=criminals-steal-sensitive-data-on-uk-aid-projects-overseas-356035', 'https://www.theguardian.com/politics/2021/mar/05/hackers-obtain-sensitive-data-on-uk-aid-projects-overseas']"
1408,“KONNI” Targets the Russian Diplomatic Sector,Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions.,2021-08-01,2021-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,"['https://cluster25.io/2022/01/03/konni-targets-the-russian-diplomatic-sector/', 'https://blog.lumen.com/new-konni-campaign-targeting-russian-ministry-of-foreign-affairs/']",International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/hackers-take-over-diplomats-email-target-russian-deputy-minister/', 'https://cluster25.io/2022/01/03/konni-targets-the-russian-diplomatic-sector/', 'https://blog.lumen.com/new-konni-campaign-targeting-russian-ministry-of-foreign-affairs/']"
1409,South Korea Atomic Energy Research Institute,North Korean state-sponsored hacking group Kimsuky gained access into the networks of South Korea's Atomic Energy Research Institute.,2021-05-01,2021-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by media (without further information on source); Incident disclosed by victim,Hijacking without Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Critical infrastructure']],[['Energy']],"['Kimsuky/Velvet Chollima/STOLEN PENCIL/Thallium/Black Banshee/G0094', 'Reconnaissance General Bureau']","[""Korea, Democratic People's Republic of"", ""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested', 'Non-state actor, state-affiliation suggested']",,1,2021-01-01; 2021-01-01,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; IT-security community attributes attacker,,,,Kimsuky/Velvet Chollima/STOLEN PENCIL/Thallium/Black Banshee/G0094; Reconnaissance General Bureau,"Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.sisajournal.com/news/articleView.html?idxno=219152'],International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,none,none,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.kaeri.re.kr/board/view?menuId=MENU00326&linkId=9181', 'https://www.bleepingcomputer.com/news/security/south-koreas-nuclear-research-agency-hacked-using-vpn-flaw/', 'https://www.sisajournal.com/news/articleView.html?idxno=219152', 'https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/']"
1410,DragonForce AcadaME Israel,Malaysian hacktivist group DragonForce stole data of over 200.000 israeli students by hacking into the israeli company AcadeME which mediates jobs for israeli graduates. The hacking group conducted this data theft in support of the palestinian cause against the israeli occupation.,2021-06-21,2021-06-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['DragonForce'],['Malaysia'],['Non-state-group'],['Hacktivist(s)'],1,2021-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,DragonForce,Malaysia,Non-state-group,Hacktivist(s),['https://dragonforce.io/threads/opsbedil-2-0-university-recruitment-network-system-in-israel.3127/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.jpost.com/israel-news/details-of-over-200000-students-leaked-in-cyberattack-672179', 'https://dragonforce.io/threads/opsbedil-2-0-university-recruitment-network-system-in-israel.3127/']"
1411,Triple Threat: TA406,North korean state-sponsored hacking group TA406 or better known as Kimsuky targeted high-value targets in an espionage campaign mostly focused on credential harvesting. Besides that the north korean proxies used the stolen information to demand crypto money.,2021-01-01,2021-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking with Misuse,,"['Unknown', 'Korea, Republic of']","[[], ['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Social groups', 'Media', 'Science'], ['State institutions / political system', 'Social groups', 'Media', 'Science']]","[['Government / ministries', 'Other social groups', '', ''], ['Government / ministries', 'Other social groups', '', '']]",['TA406/ Kimsuky/ Thallium/ Konni Group'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,TA406/ Kimsuky/ Thallium/ Konni Group,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-threat-insight-paper-triple-threat-N-Korea-aligned-TA406-steals-scams-spies.pdf'],International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/north-korean-cyberspies-target-govt-officials-with-custom-malware/', 'https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-threat-insight-paper-triple-threat-N-Korea-aligned-TA406-steals-scams-spies.pdf', 'https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/']"
1412,Iranian IT-company Supply-Chain Attack in Israel,"Iranian nation-state hackers compromised a Israel-based IT company in order to use that access to compromise downstream customers in the defense, energy, and legal sectors in Israel.",2021-07-01,2021-08-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['Critical infrastructure', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Energy', 'Defence industry', '']]",['DEV-0228'],"['Iran, Islamic Republic of']",['State'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DEV-0228,"Iran, Islamic Republic of",State,,['https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/'],International power,System/ideology; International power,,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/microsoft-iranian-state-hackers-increasingly-target-it-sector/', 'https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/']"
1413,Iranian IT-company Supply-Chain Attack in Bahrain,Iranian nation-state hackers compromised a Bahrain-based IT company that works with not further specified cleints of the Bahrain government who were their ultimate target. Besides that they compromised a not  more precisely defined government-owned organiazation in the Middle East that works with the defense and transportation sector.,2021-09-01,2021-10-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Bahrain', 'Middle East (region)']","[['ASIA', 'MENA', 'MEA', 'GULFC'], []]","[['Unknown', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Unknown', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['DEV-0056'],"['Iran, Islamic Republic of']",['State'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,DEV-0056,"Iran, Islamic Republic of",State,,['https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/']
1414,ColunmTK (Supply Chain),Chinese state-sponsored hacking group APT41 stole information from various airlines by compromising the IT service provider SITA in a supply chain attack.,2021-02-01,2021-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Data theft; Hijacking with Misuse,,"['India', 'Singapore', 'Malaysia', 'Finland']","[['ASIA', 'SASIA', 'SCO'], ['ASIA'], ['ASIA', 'SCS', 'SEA'], ['EUROPE', 'EU', 'NORTHEU']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Transportation'], ['Transportation'], ['Transportation'], ['Transportation']]",['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested",,['https://blog.group-ib.com/colunmtk_apt41'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://twitter.com/MAS/status/1366447449976496131', 'https://www.singaporeair.com/en_UK/sg/media-centre/news-alert/?id=kltm93p0', 'https://www.infosecurity-magazine.com/news/sita-supply-chain-breach-hits/?__cf_chl_jschl_tk__=pmd_22d96108ea7a7a023a70a6e1ae2d307113653a31-1626767310-0-gqNtZGzNAfijcnBszQp6', 'https://yle.fi/news/3-11820715', 'https://www.airindia.in/images/pdf/Data-Breach-Notification.pdf', 'https://blog.group-ib.com/colunmtk_apt41']"
1416,ScarCruft Chinotto Surveillance,"North korean state-sponsored hacking group ScarCruft hacked and stole sensitive data from journalists, north korean defector and human rights activists in South Korea.",2021-03-22,2021-09-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]","[['Social groups', 'Social groups', 'Media']]","[['Advocacy / activists (e.g. human rights organizations)', 'Political opposition / dissidents / expats', '']]",['APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067,"Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/'],International power,System/ideology; Territory; International power,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/apt37-targets-journalists-with-chinotto-multi-platform-malware/', 'https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/']"
1417,Colonial Pipeline Hack,"Russian ransomware gang Darkside gained access into the information systems of the company Colonial Pipeline which operates the 5,500-mile Colonial Pipeline from the Gulf Coast to the New York metro area. The company had to stop the pipeline operations in order to contain the impact of the ransomware operation that targeted the billing and accounting systems. The ransomware gang demanded approximately 5$ million dollar ransom for getting back the stolen data, which the company payed. On the 14th of January 2022 the Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang after the US government demanded to do something against the ransomware attacks. A senior Biden administration official said that one of the Russian hacker arrested by the FSB was behind the Colonial Pipeline attack.",2021-05-06,2021-05-12,"Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Disruption; Hijacking with Misuse; Ransomware,[['Colonial Pipeline']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Energy']],['Darkside'],['Russia'],['Non-state-group'],['Criminal(s)'],3,2021-05-10; 2021-05-10; 2021-05-10,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; IT-security community attributes attacker; Attribution by receiver government / state entity,"Federal Bureau of Investigation (FBI); Cybereason; Joe Biden (President, USA)",,United States; United States; United States,Darkside; Darkside; Darkside,Russia; Unknown; Russia,Non-state-group; Non-state-group; Non-state-group,Criminal(s); Criminal(s); Criminal(s),"['https://www.fbi.gov/news/press-releases/press-releases/fbi-statement-on-compromise-of-colonial-pipeline-networks', 'https://www.theguardian.com/us-news/2021/may/10/colonial-pipeline-shutdown-us-darkside-message', 'https://www.cybereason.com/blog/inside-the-darkside-ransomware-attack-on-colonial-pipeline']",Unknown,Unknown,,Unknown,,1,2021-05-09 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government,United States,"Joe Biden (President, USA)",No,,Valid Accounts,Data Exfiltration; Data Encrypted for Impact,None,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,12.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,4400000.0,dollar,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Due diligence,,Not available,2,2022-05-09; 2022-01-14,"Proclamation of public emergency (national level); Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States; Russia,"Joe Biden (President, USA); Federal Security Service (FSB)",Not available,,No response justified (missing state attribution & breach of international law),,"['https://cyberscoop.com/puesh-kumar-energy-cybersecurity/', 'https://cyberscoop.com/vulnerabilities-industrial-conference-s4x23/', 'https://www.darkreading.com/attacks-breaches/to-safeguard-critical-infrastructure-go-back-to-basics', 'https://therecord.media/encino-energy-cyberattack-alleged-data-leak-alphv/', 'https://twitter.com/alexfrudolph/status/1630355470559879169', 'https://twitter.com/alexfrudolph/status/1630355470559879169', 'https://cyberscoop.com/biden-national-cybersecurity-strategy-2023/', 'https://www.c4isrnet.com/cyber/2023/03/02/biden-vows-to-wield-all-instruments-in-fighting-cyber-threats/', 'https://www.lawfareblog.com/biden-harris-administration-releases-new-national-cybersecurity-strategy', 'https://cyberscoop.com/tsa-cybersecurity-airlines/', 'https://www.malwarebytes.com/blog/threat-intelligence/2023/03/ransomware-review-march-2023', 'https://www.techrepublic.com/article/business-email-compromises-double-overtake-ransomware/', 'https://cyberscoop.com/easterly-cisa-budget-china-biden/', 'https://securityaffairs.com/144466/security/cisa-jddc-energy-sector.html', 'https://thehackernews.com/2023/04/supply-chain-attacks-and-critical.html', 'https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/read-the-manual-locker-a-private-raas-provider.html?q=&newsPagePath=/content/mainsite/en-us/about/newsroom/stories/research', 'https://www.darkreading.com/operations/marlinspike-adds-charles-carmakal-to-its-advisory-board', 'https://securityaffairs.co/wordpress/126729/cyber-crime/fsb-dismantled-revil-ransomware-gang.html', 'https://apps.web.maine.gov/online/aeviewer/ME/40/44968239-4f1b-4bb7-927c-775864a3ad07.shtml', 'https://www.wsj.com/articles/cyberattack-forces-closure-of-largest-u-s-refined-fuel-pipeline-11620479737', 'https://www.fbi.gov/news/press-releases/press-releases/fbi-statement-on-compromise-of-colonial-pipeline-networks', 'https://www.whitehouse.gov/briefing-room/press-briefings/2022/01/14/background-press-call-by-a-senior-administration-official-on-cybersecurity/', 'https://www.theguardian.com/us-news/2021/may/10/colonial-pipeline-shutdown-us-darkside-message', 'https://www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you-need-to-know', 'https://www.cybereason.com/blog/inside-the-darkside-ransomware-attack-on-colonial-pipeline', 'https://www.washingtonpost.com/business/2021/06/09/colonial-pipeline-mandiant-house-hearing/', 'https://www.cyberscoop.com/ransomware-payments-cost-treasury/', 'https://www.darkreading.com/threat-intelligence/advanced-cyberattackers-disruptive-hits-new-technologies', 'https://www.darkreading.com/ics-ot/what-will-it-take-to-secure-critical-infrastructure', 'https://twitter.com/BlackBerrySpark/status/1601411383127588865', 'https://www.cyberscoop.com/nsa-energy-sector-cyberattacks/', 'https://www.cyberscoop.com/ransomware-australia-task-force/', 'https://portswigger.net/daily-swig/security-done-right-infosec-wins-of-2022', 'https://www.cyberscoop.com/critical-infrastructure-cybersecurity-imperative/', 'https://socradar.io/dark-web-profile-royal-ransomware/', 'https://twitter.com/Cyber_O51NT/status/1612596007430410240', 'https://www.securonix.com/blog/securonix-2022-threat-report-part-3-detecting-ransomware/', 'https://therecord.media/energy-cybersecurity-university-leadership-act-passes-house/']"
1418,Indian APT Patchwork used Ragnatela Backdoor against Pakistani Ministry of Defense and targets from academia and science sector at the end of 2021,Indian APT Patchwork compromised the Pakistani Ministry of Defense and several Pakistani academic institutions specialized in molecular medicine and biological science at the end of 2021.,2021-11-01,2021-12-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]","[['State institutions / political system', 'Science']]","[['Government / ministries', '']]",['Patchwork/ Dropping Elephant'],['India'],['Unknown - not attributed'],,1,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,Patchwork/ Dropping Elephant,India,Unknown - not attributed,,['https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://securityaffairs.co/wordpress/126524/apt/patchwork-apt-ragnatela-rat.html', 'https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/', 'https://www.bleepingcomputer.com/news/security/oops-cyberspies-infect-themselves-with-their-own-malware/']"
1420,Puerto Rico Senate,"Puerto Rico’s Senate announced Wednesday that it was the target of a cyberattack that disabled its internet provider, phone system and official online page, the latest in a string of similar incidents in recent years.",2022-01-01,2022-01-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,,['Puerto Rico'],,[['State institutions / political system']],[['Legislative']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://abcnews.go.com/International/wireStory/official-puerto-ricos-senate-targeted-cyberattack-82495236', 'https://www.securityweek.com/official-says-puerto-ricos-senate-targeted-cyberattack']"
1421,People's Mojahedin Organization of Iran disrupted two TV channel and two radio broadcasts of Iranian state broadcaster IRIB on 27 January 2022,"People's Mojahedin Organization of Iran (PMOI) disrupted two TV channel and two radio broadcasts - Channel One, Koran Channel, Radio Javan, Radio Payam - of Islamic Republic of Iran Broadcasting (IRIB) on 27 January 2022, according to the deputy head of technical affairs for IRIB Reza Alidadi. 
The disruption means a very short interruption of the event by showing the counterfeits of the two leaders of the PMOI, Maryam and Masoud Rajavi. 
However, on the same day, 27 January 2022, the hacktivist group Predatory Sparrow also claimed responsibility for the disruption. ",2022-01-27,2022-01-27,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,[['Islamic Republic of Iran Broadcasting (IRIB)']],"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Media']],,"[""People's Mujahideen Organisation of Iran (PMOI)/ Mujahideen Khalq Organisation (MKO)""]",['Albania'],['Non-state-group'],['Terrorist(s)'],2,2022-01-27; 2022-01-27,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Receiver attributes attacker; Attacker confirms,"Reza Alidadi (Deputy Head of Technical Affairs for IRIB, Iran); Predatory Sparrow",,"Iran, Islamic Republic of; Not available",People's Mujahideen Organisation of Iran (PMOI)/ Mujahideen Khalq Organisation (MKO); Predatory Sparrow,Albania; Unknown,Non-state-group; Non-state-group,Terrorist(s); Hacktivist(s),"['https://www.bloomberg.com/news/articles/2022-01-27/iran-state-tv-says-exiled-dissidents-briefly-hacked-broadcasts?leadSource=uverify%20wall', 'https://t.me/GonjeshkeDarande/146']",System / ideology,Not available,,Not available,,0,,,,,,No,,Not available,Defacement,Not available,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.digitaltveurope.com/2022/01/28/iranian-state-broadcaster-irib-hacked-by-opposition-group/', 'https://www.cyberscoop.com/iran-state-tv-hack-predatory-sparrow-indra/', 'https://www.bloomberg.com/news/articles/2022-01-27/iran-state-tv-says-exiled-dissidents-briefly-hacked-broadcasts?leadSource=uverify%20wall', 'https://t.me/GonjeshkeDarande/146', 'https://research.checkpoint.com/2022/evilplayout-attack-against-irans-state-broadcaster/']"
1422,Iran’s national TV stream hacked for the second time in a week,"A hacktivist group known as Adalat Ali (Ali’s Justice) has hijacked the web stream of Iran’s state-owned television station, the Islamic Republic of Iran Broadcasting (IRIB), in order to broadcast an anti-regime message earlier this week.",2022-02-01,2022-02-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Media']],,['Adalat Ali'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Adalat Ali,Unknown,Non-state-group,Hacktivist(s),['https://twitter.com/RadioFarda_/status/1488541026138697728?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1488541026138697728%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Ftherecord.media%2Firans-national-tv-stream-hacked-for-the-second-time-in-a-week%2F'],System / ideology,Not available,,Not available,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://therecord.media/irans-national-tv-stream-hacked-for-the-second-time-in-a-week/', 'https://twitter.com/RadioFarda_/status/1488541026138697728?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1488541026138697728%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Ftherecord.media%2Firans-national-tv-stream-hacked-for-the-second-time-in-a-week%2F', 'https://www.wired.com/story/hacktivism-russia-ukraine-ddos/']"
1425,"Ukraine border control hit with wiper cyberattack, slowing refugee crossing","A Ukraine border control station has been struck with a data wiper cyberattack that has slowed the process of allowing refugees to cross into Romania, a cybersecurity expert who spoke with Ukrainian agents at the border crossing told VentureBeat.",2022-02-26,2022-02-26,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Police']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.washingtonpost.com/world/2022/02/26/europe-welcomes-refugees-ukraine-russia/', 'https://venturebeat.com/2022/02/27/ukraine-border-control-hit-with-wiper-cyberattack-slowing-refugee-crossing/']"
1426,The IT Army of Ukraine targeted Russian entities from the finance sector with DDoS attacks at the end of February 2022,"The Ukrainian Cyber Police Force stated that their new ""IT Army"" of volunteer hacktivists has taken down key Russian websites and state online portals, such as ""the website of the Investigative Committee of the Russian Federation, the FSB of the Russian Federation, the bank ""Sberbank"" and other government and critical information systems important for the Russian Federation and Belarus."" They further state that they now are openly engaged in cyber-warfare against Russian and pro-Russian entities. The list of websites that they claim to have targeted are: sberbank.ru, vsrf.ru, scrf.gov.ru, kremlin.ru, radiobelarus.by, rec.gov.by, sb.by, belarus.by, belta.by, tvr.by.",2022-02-27,2022-02-28,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,"[['SberBank'], ['Investigative Committee of the Russian Federation (SKR)'], ['Federal Security Service (FSB; Russia)'], [None], [None]]","['Russia', 'Russia', 'Russia', 'Belarus', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['Critical infrastructure'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure']]","[['Finance'], ['Intelligence agencies'], ['Intelligence agencies'], ['', ''], ['', '']]","['Ukrainian Cyber Police Force', 'IT Army of Ukraine']","['Ukraine', 'Ukraine']","['State', 'State']",,1,2022-02-01; 2022-02-01,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attacker confirms; Attacker confirms,Cyber Police Force of Ukraine; Cyber Police Force of Ukraine,,Ukraine; Ukraine,Ukrainian Cyber Police Force; IT Army of Ukraine,Ukraine; Ukraine,State; State,,"['https://www.bleepingcomputer.com/news/security/ukraine-says-its-it-army-has-taken-down-key-russian-sites/', 'https://www.forbes.com/sites/thomasbrewster/2022/02/28/moscow-exchange-and-sberbank-websites-knocked-offline-was-ukraines-cyber-army-responsible/?sh=2009a14177ca', 'https://cyberpolice.gov.ua/news/spilno-iz-kibervolonteramy-kiberpolicziya-prodovzhuye-atakuvaty-vebresursy-agresora-6445/']",System / ideology; National power,Not available,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,Minor,1.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/ukraine-says-its-it-army-has-taken-down-key-russian-sites/', 'https://www.forbes.com/sites/thomasbrewster/2022/02/28/moscow-exchange-and-sberbank-websites-knocked-offline-was-ukraines-cyber-army-responsible/?sh=2009a14177ca', 'https://cyberpolice.gov.ua/news/spilno-iz-kibervolonteramy-kiberpolicziya-prodovzhuye-atakuvaty-vebresursy-agresora-6445/', 'https://www.reuters.com/world/europe/ukraine-launches-it-army-takes-aim-russian-cyberspace-2022-02-26/']"
1427,Anonymous-linked hacker group Spid3r targeted Belarusian state websites with DDoS attacks  on,"Anonymous-affiliated group Spid3r (@YourAnonSpider) claimed to have hacked Belarusian government websites, such as Belarusian ministries of the Ministry of Justice, Ministry of Internal Affairs, and Ministry of Education via Twitter on May 29, 2022. Spid3r (@YourAnonSpider) also claimed a defacement of the Volozhinsky District Executive Committee website on May, 30, 2022.
",2022-05-29,2022-05-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,"[['Volozhinsky District Executive Committee (Belarus)'], ['Ministry of Education (Belarus)'], ['Ministry of Justice (Belarus)'], ['Ministry of Internal Affairs (Belarus)']]","['Belarus', 'Belarus', 'Belarus', 'Belarus']","[['EUROPE', 'EASTEU', 'CSTO'], ['EUROPE', 'EASTEU', 'CSTO'], ['EUROPE', 'EASTEU', 'CSTO'], ['EUROPE', 'EASTEU', 'CSTO']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries']]",['Spid3r (@YourAnonSpider)'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-05-29 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Spid3r,,,Spid3r (@YourAnonSpider),Unknown,Non-state-group,Hacktivist(s),"['https://twitter.com/cyber_etc/status/1531013980226998277?s=20&t=kbDZH5sWN4AiCeseovNgvA', 'https://twitter.com/cyber_etc/status/1531329187289636864?s=20&t=MgEq_efbLJJYbTt1Y6SKFA']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://www.avionews.it/item/1242738-ukrainian-conflict-alleged-russian-plans-hacked.html', 'https://securityaffairs.co/wordpress/128703/hacking/anonymous-a-week-of-battles.html', 'https://twitter.com/YourAnonTV/status/1499513585915019278?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1499513585915019278%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F128703%2Fhacking%2Fanonymous-a-week-of-battles.html', 'https://twitter.com/YourAnonTV/status/1499874976362635268?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1499874976362635268%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F128703%2Fhacking%2Fanonymous-a-week-of-battles.html', 'https://www.itsecuritynews.info/anonymous-wages-a-cyber-war-against-russia-targets-oligarchs/', 'https://www.infosecurity-magazine.com/news/anonymous-claims-attacks-against/', 'https://twitter.com/twitter/status/1520218402903760896', 'https://twitter.com/twitter/status/1520895718415908864', 'https://twitter.com/cyber_etc/status/1531013980226998277?s=20&t=kbDZH5sWN4AiCeseovNgvA', 'https://twitter.com/cyber_etc/status/1531329187289636864?s=20&t=MgEq_efbLJJYbTt1Y6SKFA', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1428,@ContiLeaks: Conti Ransomware source code leaked,"A Ukrainian researcher leaked the database of ransomware groups Conti and Ryuk because of their support of the Russian invasion of Ukraine. In the course of the leak, the Ukrainian researcher disclosed internal chat conversations and various versions of source code of the ransomware group's malware, which gives anyone access to the cryptor.exe, cryptor_dll.dll, and decryptor.exe executables.",2022-02-27,2022-03-01,"Attack on non-political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing,[['Conti Ransomware Operation']],,,[['Social groups']],[['Criminal']],['@ContiLeaks'],['Ukraine'],['Individual hacker(s)'],,1,2022-02-27 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,@ContiLeaks,,Ukraine,@ContiLeaks,Ukraine,Individual hacker(s),,"['https://securityaffairs.co/wordpress/128563/data-breach/conti-ransomware-source-code-leaked.html', 'https://www.bleepingcomputer.com/news/security/conti-ransomware-source-code-leaked-by-ukrainian-researcher/', 'https://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/']",System / ideology,System/ideology,,Yes / HIIK intensity,,0,,,,,,No,,Trusted Relationship,Data Exfiltration; Resource Hijacking,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),none,none,none,none,2,Moderate - high political importance,2.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://securityaffairs.co/wordpress/128563/data-breach/conti-ransomware-source-code-leaked.html', 'https://www.bleepingcomputer.com/news/security/conti-ransomware-source-code-leaked-by-ukrainian-researcher/', 'https://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/', 'https://www.cyberscoop.com/conti-karakurt-extortion-ransomware/', 'https://www.wired.com/story/hacktivism-russia-ukraine-ddos/']"
1429,"Hacktivist group v0g3lSec defaced the Russian Space Research Institute website on March 3, 2022","On Thursday, March 3rd, hacktivists from a group going by the Twitter handle of “v0g3lSec” managed to deface the website of the Russian Space Research Institute (IKI).",2022-03-03,2022-03-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Science']],,['v0g3lSec'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,v0g3lSec,Unknown,Non-state-group,Hacktivist(s),['https://twitter.com/YourAnonNews/status/1499380682174480386'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.hackread.com/anonymous-hack-russia-space-research-institute-site/', 'https://twitter.com/YourAnonNews/status/1499380682174480386']"
1431,Anonymous hacked Russian security cameras and shared the live feed online in March 2022,"Anonymous and other hacker groups continue to target Russia, in a recent attack the collective has taken over more than 400 Russian cameras in support of Ukraine. The group shared the live feed of the cameras on the website behindenemylines.live and grouped them in various categories based on their location (Businesses, Outdoor, Indoor, Restaurants, Offices, Schools, and Security Offices).",2022-03-01,2022-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft,[['Not available']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Civil service / administration', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-03-08 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),"['https://twitter.com/thewarriorpoetz/status/1501081481212579843?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1501081481212579843%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F128847%2Fhacktivism%2Fanonymous-vs-russia.html', 'https://securityaffairs.co/wordpress/128847/hacktivism/anonymous-vs-russia.html']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://securityaffairs.co/wordpress/128847/hacktivism/anonymous-vs-russia.html', 'https://twitter.com/thewarriorpoetz/status/1501081481212579843?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1501081481212579843%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F128847%2Fhacktivism%2Fanonymous-vs-russia.html', 'https://twitter.com/twitter/status/1512355603603095552', 'https://twitter.com/twitter/status/1512405172454137856', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1432,Hackers Target German Branch of Russian Oil Giant Rosneft,"The German subsidiary of Russian energy giant Rosneft has been hit by a cyberattack, the Federal Office for Information Security (BSI) said on Monday, with hacker group Anonymous claiming responsibility. The attack could have caused a massive disruption in mineral oil distribution; however, extensive harm was thwarted when the Rosneft Germany's IT systems were again operating after only a brief disruption. President of the Federal Office for Information Security (BSI), Arne Schönbohm, clarified that Rosneft Germany was targeted by the hacktivists because it was a Russian affiliated company and part of critical infrastructure.",2022-02-01,2022-03-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Disruption; Hijacking without Misuse,[['Rosneft']],['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Critical infrastructure']],[['Energy']],['Anonymous'],['Germany'],['Non-state-group'],['Hacktivist(s)'],1,2022-03-11; 2022-03-11; 2022-03-11; 2022-03-11,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Statement in media report and political statement/technical report; Statement in media report and political statement/technical report",Receiver attributes attacker; Attacker confirms; Receiver attributes attacker; Attacker confirms,Anonymous; Anonymous; Anonymous; Anonymous,,Germany; Germany; Germany; Germany,Anonymous; Anonymous; Anonymous; Anonymous,Germany; Germany; Germany; Germany,Non-state-group; Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s),"['https://anonleaks.nl/2022/anonymous/20-terabyte-anonymous-kapert-daten-von-rosneft-deutschland/', 'https://www.spiegel.de/netzwelt/web/arne-schoenbohm-bsi-chef-warnt-vor-hackerangriffen-in-deutschland-a-683a4dd0-5152-4a54-997c-42906aeee164#ref=rss']",System / ideology,Resources; International power,,Yes / HIIK intensity,HIIK 5,1,2022-06-23 00:00:00,State Actors: Preventive measures,Confidence and security-building Dialogues,Germany,Federal Office for Information Security (BSI),No,,Not available,Not available,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,2.0,Day (< 24h),Not available,Not available,0.0,,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.thelocal.de/20220314/hackers-target-german-branch-of-russian-oil-giant-rosneft/', 'https://www.thelocal.de/20220314/hackers-target-german-branch-of-russian-oil-giant-rosneft', 'https://www.spiegel.de/netzwelt/web/bundeskriminalamt-ermittelt-hackerangriff-auf-rosneft-deutschland-a-74e3a53a-e747-4500-8198-ea6780a7d79a?sara_ecid=soci_upd_KsBF0AFjflf0DZCxpPYDCQgO1dEMph', 'https://anonleaks.nl/2022/anonymous/20-terabyte-anonymous-kapert-daten-von-rosneft-deutschland/', 'https://www.spiegel.de/netzwelt/web/arne-schoenbohm-bsi-chef-warnt-vor-hackerangriffen-in-deutschland-a-683a4dd0-5152-4a54-997c-42906aeee164#ref=rss']"
1433,Israel Says Government Sites Targeted by Hack,Israel's National Cyber Directorate said that the country suffered a cyber attack on Monday that briefly took down a number of government web sites.,2022-03-14,2022-03-14,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,['https://www.securityweek.com/israel-says-government-sites-targeted-hack']
1435,Anonymous targets Russian oil company Transneft in Hack-and-Leak Operation in March 2022,"Anonymous stole roughly 79 gigabytes of emails allegedly from Russian state-controlled oil pipeline company Transneft and the data emerged on known leaks hosting website, DDoSecrets. The Intercept reports that the emails were from Omega Co, which is a R&D (research and development) subsidiary of Transneft, a Russian state-controlled oil pipeline company. ",2022-03-01,2022-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,[['Transneft']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Critical infrastructure']],[['Energy']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-03-21 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),"['https://www.securityweek.com/hacktivists-leak-data-allegedly-stolen-russian-energy-giant-transneft', 'https://hackercombat.com/hacktivists-leak-email-data-from-russian-pipeline-giant-transneft/', 'https://twitter.com/MikaelThalen/status/1504321727110651905', 'https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://twitter.com/cyber_etc/status/1531779902646718464?s=20&t=MgEq_efbLJJYbTt1Y6SKFA']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://www.securityweek.com/hacktivists-leak-data-allegedly-stolen-russian-energy-giant-transneft', 'https://hackercombat.com/hacktivists-leak-email-data-from-russian-pipeline-giant-transneft/', 'https://twitter.com/MikaelThalen/status/1504321727110651905', 'https://twitter.com/cyber_etc/status/1531779902646718464?s=20&t=MgEq_efbLJJYbTt1Y6SKFA', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1436,"Anonymous targets Western Companies (Decathlon, Auchan, Leroy Merlin) with DDoS attacks in late March 2022","Anonymous declared Western companies as targets for cyber attacks on March 21st and 24th because specific companies remain in operation in Russia after the start of the Russian invasion of Ukraine on February 24th, 2022.  By March 31st, Anonymous was claiming credit for multiple DDOS cyber attacks on European firms Decathlon, Leroy Merlin, and Auchan, along with disputed attacks against Nestlé. Security Discovery, a cybersecurity firm, affirmed that the database of Leroy Merlin was hacked and attributed the attack to Anonymous because they had left messages and references within the data. However, the attacks against Nestlé, which pertained to 10 GB of stolen data and 50K (or 10GB) of leaked data, were disputed by the company and Gizmodo attributed the data leak to failures made by the company.",2022-03-21,2022-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,"[['Nestlé'], ['Auchan'], ['Decathlon'], ['Leroy Merlin']]","['Switzerland', 'France', 'France', 'France']","[['EUROPE', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-03-24 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,Unknown,Anonymous,Unknown,Non-state-group,Hacktivist(s),"['https://securityaffairs.co/wordpress/129447/hacking/anonymous-companies-active-russia.html', 'https://twitter.com/YourAnonTV/status/1506272971824025604?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1506310451977764873%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129447%2Fhacking%2Fanonymous-companies-active-russia.html', 'https://twitter.com/LatestAnonPress/status/1506296105088262146?s=20&t=zcQLq85tbfNQBsjG67LB9g', 'https://twitter.com/YourAnonTV/status/1506776596157370369', 'https://twitter.com/twitter/status/1509943048595197952']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,1.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,International organizations,,,,"['https://securityaffairs.co/wordpress/129447/hacking/anonymous-companies-active-russia.html', 'https://twitter.com/YourAnonTV/status/1506272971824025604?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1506310451977764873%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129447%2Fhacking%2Fanonymous-companies-active-russia.html', 'https://twitter.com/LatestAnonPress/status/1506296105088262146?s=20&t=zcQLq85tbfNQBsjG67LB9g', 'https://twitter.com/YourAnonTV/status/1506776596157370369', 'https://twitter.com/twitter/status/1509943048595197952', 'https://www.cnbc.com/2022/04/01/which-companies-are-being-targeted-by-anonymous-see-their-responses.html', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1437,Anonymous targets the Central Bank of Russia in March 2022 with Hack-and-Leak-Operation,"The Anonymous hacker collective (Black Rabbit World and RootkitHuN7er/@rootkit_sec) claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents and threatens to leak files through the #OpRussia operation. The Intercept reported on April 22, 2022 that 22.5GB of data was leaked and published via DDoSecrets. The reporting by The Intercept also attributes this attack to The Black Rabbit World which has a presence on Twitter. Tweets found online attribute hacking activity to RootkitHuN7er/@rootkit_sec and states that the group supports Ukraine.",2022-03-24,2022-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,[['Central Bank (Russia)']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'Critical infrastructure']]","[['Other (e.g., embassies)', 'Finance']]","['Anonymous', 'Black Rabbit']","['Unknown', 'Unknown']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,2022-03-24; 2022-03-24,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms,Anonymous; Anonymous,,,Anonymous; Black Rabbit,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),"['https://securityaffairs.co/wordpress/129447/hacking/anonymous-companies-active-russia.html', 'https://securityaffairs.co/wordpress/129490/hacking/central-bank-of-russia-data-leak-anonymous.html', 'https://twitter.com/LatestAnonPress/status/1506779235565944841?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1506779235565944841%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129490%2Fhacking%2Fcentral-bank-of-russia-data-leak-anonymous.html', 'https://twitter.com/youranontv/status/1506769001040551937?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ', 'https://securityaffairs.co/wordpress/129555/hacktivism/anonymous-hacked-vgtrk-russian-radio-tv.html', 'https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://twitter.com/cyber_etc/status/1533399029211619328?s=20&t=MgEq_efbLJJYbTt1Y6SKFA']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://securityaffairs.co/wordpress/129447/hacking/anonymous-companies-active-russia.html', 'https://securityaffairs.co/wordpress/129490/hacking/central-bank-of-russia-data-leak-anonymous.html', 'https://twitter.com/LatestAnonPress/status/1506779235565944841?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1506779235565944841%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129490%2Fhacking%2Fcentral-bank-of-russia-data-leak-anonymous.html', 'https://twitter.com/youranontv/status/1506769001040551937?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ', 'https://securityaffairs.co/wordpress/129555/hacktivism/anonymous-hacked-vgtrk-russian-radio-tv.html', 'https://twitter.com/cyber_etc/status/1533399029211619328?s=20&t=MgEq_efbLJJYbTt1Y6SKFA', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNews/status/1507733860515254279?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1438,The hacktivist collective Anonymous targeted the Russian companies MashOil and FID Group with hack-and-leak operation in March 2022,"The online hacktivist group Anonymous has claimed responsibility for targeting two Russian companies stealing a trove of their data and leaking it online for the public to download. The Intercept reports that 110GB of data was leaked from Mashoil, a Moscow based company that designs, manufactures and maintains equipment that is used in the drilling, mining, and fracking industries. The other affected company is FID Group, a group of Belarusian and Russian enterprises. It specializes in manufacturing equipment for the oil and gas industry in both countries. ",2022-03-01,2022-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,,"['Belarus', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Energy', ''], ['Energy', '']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),"['https://www.hackread.com/anonymous-hack-russian-industrial-firms-data-leak/', 'https://twitter.com/cyber_etc/status/1508384556793090049?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ', 'https://twitter.com/pucksreturn/status/1508518212471857153?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ', 'https://t.co/XVbynI7xmC', 'https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/']",System / ideology,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Low,7.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,,,No response justified (missing state attribution & breach of international law),,"['https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://www.hackread.com/anonymous-hack-russian-industrial-firms-data-leak/', 'https://twitter.com/cyber_etc/status/1508384556793090049?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ', 'https://twitter.com/pucksreturn/status/1508518212471857153?s=21&t=FCIDTEAZEBY1ZlIMLfDEaQ', 'https://t.co/XVbynI7xmC', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1439,China hacks Ukraine in Run-Up To Invasion - 2022,"China staged a huge cyberattack on Ukraine’s military and nuclear facilities in the build-up to Russia’s invasion, according to intelligence memos obtained by The Times. This started before the end of the Winter Olympics and peaked on February 23, a day before Russia invaded, according to a source from the Ukrainian Security Service. Later, other media referred to the statements of Western officials, who claimed that the Chinese government had also attacked Russia, Belarus and Poland in order to blame the respective opponents in a False-Flag-operation. Chinese officials blamed this attack on western countries, namely the US, Germany, and the Netherlands.",2022-02-01,2022-02-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Disruption,"[['Not available'], ['Not available'], ['Not available']]","['Ukraine', 'Russia', 'Belarus']","[['EUROPE', 'EASTEU'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Military', 'Energy', ''], ['Military', 'Energy', ''], ['Military', 'Energy', '']]",,['China'],['State'],,2,2022-04-01; 2022-03-11,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution; Contested attribution,United Kingdom’s National Cyber Security Centre (NCSC); National Computer Network Emergency Response Technical Team/Coordination Center of China,,United Kingdom; China,,China; United States,State; State,,"['https://www.databreaches.net/china-accused-of-hacking-ukraine-days-before-russian-invasion/', 'https://www.thetimes.co.uk/article/china-cyberattack-ukraine-z9gfkbmgf', 'https://www.bbc.com/news/technology-60983346', 'https://www.oodaloop.com/technology/2022/04/04/china-accused-of-cyber-attacks-on-ukraine-before-russian-invasion/']",International power,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration; Network Denial of Service,None,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),none,"Widespread effects, e.g., affecting different regions of country or a country as a whole (incident scores 2 points in intensity)",Not available,4,Moderate - high political importance,6.0,Low,6.0,Not available,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,501-10000,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; International peace; Sovereignty,State actors; Prohibition of intervention; ,Not available,0,,,,,,Cyber espionage; Sovereignty,State actors; ,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.databreaches.net/china-accused-of-hacking-ukraine-days-before-russian-invasion/', 'https://www.thetimes.co.uk/article/china-cyberattack-ukraine-z9gfkbmgf', 'https://www.bbc.com/news/technology-60983346', 'https://www.oodaloop.com/technology/2022/04/04/china-accused-of-cyber-attacks-on-ukraine-before-russian-invasion/', 'https://www.theguardian.com/technology/2022/apr/01/china-accused-of-launching-cyber-attacks-on-ukraine-before-russian-invasion', 'https://news.cgtn.com/news/2022-03-11/U-S-hackers-found-to-attack-Russia-through-computers-in-China-18jBJi5QW7S/index.html']"
1440,Anonymous targeted Russian Orthodox Church with hack-and-leak operation in March / April 2022,"Anonymous #OpRussia claims to have hacked the Russian Orthodox Church ‘s charitable wing and leaked 15 GB of alleged stolen data. The data was leaked to DDoSecrets on April 1, 2022 and contained emails for the charity wing of the church.",2022-03-01,2022-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,[['Russian Orthodox Church']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Social groups']],[['Religious']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-04-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),"['https://securityaffairs.co/wordpress/129760/hacktivism/anonymous-hacked-russian-orthodox-church.html', 'https://twitter.com/YourAnonTV/status/1510003195266879488?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1510003195266879488%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129760%2Fhacktivism%2Fanonymous-hacked-russian-orthodox-church.html', 'https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,Data Exfiltration,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://securityaffairs.co/wordpress/129760/hacktivism/anonymous-hacked-russian-orthodox-church.html', 'https://twitter.com/YourAnonTV/status/1510003195266879488?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1510003195266879488%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129760%2Fhacktivism%2Fanonymous-hacked-russian-orthodox-church.html', 'https://twitter.com/YourAnonTV/status/1510003195266879488', 'https://twitter.com/cyber_etc/status/1510175920866443272', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1441,Anonymous targets Russian military personnel stationed in Bucha after massacre in April 2022 Military Unit Bucha Massacre,"As part of #OpRussia, Anonymous claimed in Spring 2022 to leak personal details of the Russian military stationed in Bucha, where the Russian military carried out a massacre of civilians during its occupation, prior to 31 March 2022. The information first appeared in Ukrainian news outlet, Pravda, on March 1st, and the leak was declared reliable by the Centre for Defence Strategies, a Ukrainian security thinktank. The specific Russian military unit whose data was leaked was the 64th Motor Rifle Brigade, stationed in Bucha during the occupation.",2022-03-01,2022-04-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,[['64th Motor Rifle Brigade']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Military']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-04-04 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),"['https://twitter.com/Anonymous_Link/status/1511024536115982352?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1511024536115982352%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129844%2Fhacktivism%2Fanonymous-targets-russian-military-state-television.html', 'https://www.newsweek.com/anonymous-leaks-personal-data-120k-russian-soldiers-fighting-ukraine-1694555', 'https://www.dailymail.co.uk/news/article-10684925/Hackers-Anonymous-release-personal-data-120-000-Russian-soldiers-fighting-Ukraine.html?ns_mchannel=rss&ns_campaign=1490&ito=1490']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,None,0.0,euro,None/Negligent,,,Not available,0,,,,,,Not available,,,,"['https://securityaffairs.co/wordpress/129844/hacktivism/anonymous-targets-russian-military-state-television.html', 'https://twitter.com/Anonymous_Link/status/1511024536115982352?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1511024536115982352%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129844%2Fhacktivism%2Fanonymous-targets-russian-military-state-television.html', 'https://twitter.com/twitter/status/1511024536115982336', 'https://www.newsweek.com/anonymous-leaks-personal-data-120k-russian-soldiers-fighting-ukraine-1694555', 'https://www.dailymail.co.uk/news/article-10684925/Hackers-Anonymous-release-personal-data-120-000-Russian-soldiers-fighting-Ukraine.html?ns_mchannel=rss&ns_campaign=1490&ito=1490', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1443,Anonymous targets Russian companies with hack-and-leak operation in April 2022,"Anonymous targets Russian companies with hack-and-leak operation in April 2022. Among the targeted companies have been Tendertech (specializing in processing financial and banking documents on behalf of businesses and entrepreneurs), GUOV i GS – General Dept. of Troops and Civil Construction (construction company that works on projects in the interests of the Russian Ministry of Defense), Synesis Surveillance System and Neocom Geoservice (engineering firm specializing in exploring oil and gas fields and providing drilling support). Data from those firms have been leaked via DDoSecrets on April 19, 2022. ",2022-04-01,2022-04-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,"[[None], ['Synesis Surveillance System'], ['Tendertech'], ['GUOV i GS – General Dept. of Troops and Civil Construction']]","['Russia', 'Russia', 'Russia', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure']]","[[''], [''], [''], ['Defence industry']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-04-19 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),"['https://twitter.com/YourAnonTV/status/1512162531430866948?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1512162531430866948%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129991%2Fhacktivism%2Fanonymous-it-army-of-ukraine-vs-russia.html', 'https://twitter.com/YourAnonTV/status/1517558587559759872']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,Not available,0.0,None,0.0,euro,None/Negligent,,,Not available,0,,,,,,Not available,,,,"['https://cybernews.com/cyber-war/three-russian-firms-have-over-400-gb-worth-of-emails-leaked/', 'https://twitter.com/YourAnonTV/status/1512162531430866948?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1512162531430866948%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F129991%2Fhacktivism%2Fanonymous-it-army-of-ukraine-vs-russia.html', 'https://twitter.com/securityaffairs/status/1517786282491064320', 'https://twitter.com/YourAnonTV/status/1517558587559759872', 'https://twitter.com/twitter/status/1517526699956707328', 'https://twitter.com/twitter/status/1511070375945375744', 'https://www.thetechoutlook.com/news/technology/anonymous-hacks-korolevskiy-a-russian-military-manufacturer/', 'https://twitter.com/twitter/status/1515887953616252928', 'https://twitter.com/twitter/status/1516120610337873920', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://theintercept.com/2022/12/30/russia-china-news-media-agreement/']"
1444,DDoS Attack on Finnish government during speech of Zelenskyy,"On April 8, a denial-of-service attack took down the websites of the Finnish ministries of Defense and Foreign Affairs. The attack started at about noon, while Ukrainian President Zelenskyy addressed Finland’s members of parliament (MPs).",2022-04-08,2022-04-08,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,,['Finland'],"[['EUROPE', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,"['https://um.fi/ajankohtaista/-/asset_publisher/gc654PySnjTX/content/ulkoministerioon-kohdistunut-palvelunestohyokkays', 'https://securityaffairs.co/wordpress/130032/hacking/ddos-took-down-finnish-govt-sites.html', 'https://www.cyberscoop.com/finland-denial-of-service-zelenskyy/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://um.fi/ajankohtaista/-/asset_publisher/gc654PySnjTX/content/ulkoministerioon-kohdistunut-palvelunestohyokkays', 'https://securityaffairs.co/wordpress/130032/hacking/ddos-took-down-finnish-govt-sites.html', 'https://www.cyberscoop.com/finland-denial-of-service-zelenskyy/']"
1445,Anonymous targeted Russias Ministry of Culture and municipal entities with hack-and-leak operation in April 2022,"In April 2022, Anonymous claimed to hack and leak data from municipal entities in Blagoveshchensk and Tver Oblast, along with the Russia's Ministry of Culture (Министерство культуры Российской Федерации), resulting in hundreds of gigabytes of data being made public. The Intercept reported that 446GB of data (30,000 emails) from the Ministry of Culture of the Russian Federation was leaked to DDoSecrets; 150 gigabytes of emails (230,000 emails) from the city administration of Blagoveshchensk; 116 gigabytes of emails (130,000 emails) from the governor’s office of Tver Oblast",2022-04-01,2022-04-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,"[['Ministry of Culture (Russia)'], ['Not available']]","['Russia', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Civil service / administration']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-04-11 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,,Anonymous,Unknown,Non-state-group,Hacktivist(s),"['https://cybernews.com/cyber-war/anonymous-leaked-700-gb-of-russian-government-data/', 'https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://securityaffairs.co/wordpress/130106/hacktivism/anonymous-hacked-russia-ministry-of-culture.html', 'https://www.hackread.com/anonymous-hits-russian-ministry-of-culture-leaks-446gb-of-data/']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,Minor,4.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Sovereignty,,Not available,,"['https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://cybernews.com/cyber-war/anonymous-leaked-700-gb-of-russian-government-data/', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://securityaffairs.co/wordpress/130106/hacktivism/anonymous-hacked-russia-ministry-of-culture.html', 'https://www.hackread.com/anonymous-hits-russian-ministry-of-culture-leaks-446gb-of-data/']"
1446,"Anonymous targets Russian oil companies Gazprom Linde, Gazregion, and Technotec in April 2022 with hack-and-leak campaign","Anonymous continued with its cyber-operations against Russia in support of Ukraine under the moniker #OpRussia. This time they attacked companies working in the Russian energy sector, Gazprom Linde, Gazregion, and Technotec. According to The Intercept, data stolen in the cyber attack was released via DDoSecrets: 440 GB from Technotec emails; 728 GB from Gazprom Linde emails; and 222 GB of data from Gazregion. The Intercept further attributes attacks to Gazregion to three different hacking groups: NB65, @DepaixPorteur, and an anonymous hacker. The data from these three groups was submitted to DDoSecrets at about the same time and contained overlapping content to “provide as complete a picture as possible, and to provide an opportunity for comparison and cross-checking.”",2022-04-01,2022-04-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,"[['Technotec'], ['Gazregion'], ['Gazprom Linde Engineering']]","['Russia', 'Russia', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Energy'], ['Energy'], ['Energy']]","['Anonymous', 'NB65', '@DepaixPorteur']","['Unknown', 'Not available', 'Not available']","['Non-state-group', 'Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)', 'Hacktivist(s)']",1,2022-04-30; 2022-04-30; 2022-04-30; 2022-04-30; 2022-04-30; 2022-04-30,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,Anonymous; Anonymous; Anonymous; Anonymous; Anonymous; Anonymous,,Unknown; Unknown; Unknown; Unknown; Unknown; Unknown,Anonymous; Anonymous; NB65; NB65; @DepaixPorteur; @DepaixPorteur,Unknown; Not available; Unknown; Not available; Unknown; Not available,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s),"['https://securityaffairs.co/wordpress/130262/hacktivism/anonymous-targets-russian-entities.html', 'https://twitter.com/YourAnonTV/status/1514501756243353601?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1514502022371975169%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130262%2Fhacktivism%2Fanonymous-targets-russian-entities.html', 'https://twitter.com/retr0h4x0r/status/1520167029210238976', 'https://twitter.com/twitter/status/1516086586798186496', 'https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://securityaffairs.co/wordpress/130262/hacktivism/anonymous-targets-russian-entities.html', 'https://twitter.com/YourAnonTV/status/1514501756243353601?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1514502022371975169%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130262%2Fhacktivism%2Fanonymous-targets-russian-entities.html', 'https://twitter.com/retr0h4x0r/status/1520167029210238976', 'https://www.thetechoutlook.com/news/anonymous-collective-has-hacked-and-leaked-data-from-the-website-of-the-federal-state-unitary-enterprise/', 'https://twitter.com/twitter/status/1516086586798186496', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/ThraxmanOneFist/status/1548863020012642309']"
1447,Defacement Campaign against Israeli Outlets Jerusalem Post  and Maariv,The website of the Jerusalem Post and the Twitter account of Maariv were defaced on the second anniversary of the killing of Iranian general Qassem Soleimani on 3rd of January 2020.,2022-01-03,2022-01-03,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,,['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Media']],,,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],System / ideology,Not available,,Not available,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),none,none,none,1,Moderate - high political importance,1.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.securityweek.com/israeli-media-outlets-hacked-soleimani-killing-anniversary,%20https://www.firstpost.com/world/two-israeli-media-outlets-hacked-on-anniversary-of-irianian-general-qasem-soleimanis-killing-10255131.html']"
1448,Belarus-linked pro-Russian APT UNC1151/Ghostwriter targeted Ukrainian state websites in January 2022 with DDoS & defacement attacks,"The websites of the Ukrainian Ministry of Foreign Affairs, Ministry of Education and Science, Ministry of Defense, the State Emergency Service, and the Cabinet of Ministers got defaced and targeted with DDoS by the Belarus-linked, pro-Russian APT UNC1151/Ghostwriter on January 13 and 14, 2022, according to Ukrainian state officials. The attackers posted political messages on it, warning the Ukrainian population that they ""should expect the worst"". ",2022-01-13,2022-01-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker; Incident disclosed by authorities of victim state,Disruption,"[['Ministry of Foreign Affairs (Ukraine)'], ['State Emergency Service (Ukraine)'], ['Ministry of Defence (Ukraine)'], ['Ministry of Education and Science (Ukraine)'], ['Cabinet of Ministers (Ukraine)']]","['Ukraine', 'Ukraine', 'Ukraine', 'Ukraine', 'Ukraine']","[['EUROPE', 'EASTEU'], ['EUROPE', 'EASTEU'], ['EUROPE', 'EASTEU'], ['EUROPE', 'EASTEU'], ['EUROPE', 'EASTEU']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries']]",['UNC1151/ Ghostwriter'],['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2022-01-16 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Unknown,,Ukraine,UNC1151/ Ghostwriter,Russia,"Non-state actor, state-affiliation suggested",,['https://www.reuters.com/world/europe/exclusive-ukraine-suspects-group-linked-belarus-intelligence-over-cyberattack-2022-01-15/'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-01-14 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,CERT-UA,No,,,,,True,none,Long-term disruption (> 24h; incident scores 2 points in intensity),none,none,none,2,Moderate - high political importance,2.0,Not available,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,Not available,,,,"['https://www.security.ntt/blog/threat-analysis-of-the-russia-ukraine-conflict', 'https://twitter.com/KimZetter/status/1481890639029551106', 'https://twitter.com/OlegNikolenko_/status/1481880668195983362', 'https://cert.gov.ua/article/17899', 'https://www.reuters.com/world/europe/exclusive-ukraine-suspects-group-linked-belarus-intelligence-over-cyberattack-2022-01-15/', 'https://www.cyberscoop.com/ukraine-website-hack-russia-tensions/']"
1450,Palestinian Preventive Security Service (PSS) espionage,"Palestinian Preventive Security Service (PSS) attacked people opposing the Fatah-led government, journalists, human rights activists, and military groups including the Syrian opposition and Iraqi military.",,2021-04-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,,"['Palestine', 'Syria', 'Iraq', 'Turkey', 'Lebanon', 'Libya']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'NATO', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['AFRICA', 'MENA', 'MEA', 'NAF']]","[['State institutions / political system', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Media'], ['State institutions / political system', 'Social groups', 'Media']]","[['Military', 'Political opposition / dissidents / expats', ''], ['Military', 'Political opposition / dissidents / expats', ''], ['Military', 'Political opposition / dissidents / expats', ''], ['Military', 'Political opposition / dissidents / expats', ''], ['Military', 'Political opposition / dissidents / expats', ''], ['Military', 'Political opposition / dissidents / expats', '']]",['Preventive Security Service (PSS)'],['Palestine'],['State'],,1,2021-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,,,,Preventive Security Service (PSS),Palestine,State,,['https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/'],System / ideology; National power; Subnational predominance; International power,Subnational predominance,,Yes / HIIK intensity,HIIK 2,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,['https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/']
1451,ProjectWEB,Data theft from several Japanese government entities in the course of the Japanese tech giant Fujitsu hack.,,2021-05-24,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state; Incident disclosed by authorities of victim state",Data theft; Hijacking with Misuse,,['Japan'],"[['ASIA', 'SCS', 'NEA']]","[['State institutions / political system', 'Critical infrastructure']]","[['Government / ministries', 'Transportation']]",,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.documentcloud.org/documents/20791612-japanese-cabinet-cyber-security-center-warning-about-projectweb-leaks-part-1', 'https://threatpost.com/fujitsu-saas-hack-japan-scrambling/166517/', 'https://therecord.media/fujitsu-suspends-projectweb-platform-after-japanese-government-hacks/', 'https://pr.fujitsu.com/jp/news/2021/05/25.html', 'https://www.bleepingcomputer.com/news/security/japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/']"
1452,Data leak of Medical Records of Indonesian Patients,Reports have emerged about an alleged massive data leak of Indonesian hospital patients’ medical information being sold in an illegal internet forum. Hackers claimed to have breached the Indonesian Health Ministry centralized server to obtain the data.,,2022-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,,['Indonesia'],"[['ASIA', 'SCS', 'SEA']]",[['State institutions / political system']],[['Government / ministries']],,['Unknown'],['Unknown - not attributed'],,1,,,Media-based attribution,,,,,Unknown,Unknown - not attributed,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://en.tempo.co/read/1588509/rumors-on-acute-hepatitis-caused-by-covid-19-vaccine-baseless-epidemiologist', 'https://www.asia-pacific-solidarity.net/news/2022-01-07/health-ministry-responds-massive-data-leak-of-medical-records.html']"
1454,Lockbit Leak France,Cybercriminals claim to have breached systems belonging to France’s Ministry of Justice and they are threatening to make public the files stolen from the government organization.,,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,,['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system', 'Science']]","[['Civil service / administration', '']]",['LockBit'],['Unknown'],['Non-state-group'],['Criminal(s)'],1,2022-01-01 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,,,,LockBit,Unknown,Non-state-group,Criminal(s),[],Unknown,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,none,none,none,1,Moderate - high political importance,1.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.securityweek.com/french-ministry-justice-targeted-ransomware-attack', 'https://www.zdnet.com/article/french-officials-investigating-lockbit-claim-of-ransomware-attack/', 'https://www.lemagit.fr/actualites/252512561/LockBit-20-menace-de-divulguer-des-donnees-de-la-Justice-francaise?mid=1#cid=408186']"
1455,MuddyWater Global Campaign,US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide.,,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,"['Asia (region)', 'Africa', 'Europe (region)', 'North America']",,"[['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure']]","[['Civil service / administration', 'Defence industry'], ['Civil service / administration', 'Defence industry'], ['Civil service / administration', 'Defence industry'], ['Civil service / administration', 'Defence industry']]",['MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2022-01-01 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,,,,MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://www.cisa.gov/uscert/ncas/alerts/aa22-055a'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/us-and-uk-expose-new-malware-used-by-muddywater-hackers/', 'https://www.cisa.gov/uscert/ncas/alerts/aa22-055a', 'https://www.lefigaro.fr/international/centrale-nucleaire-en-ukraine-biden-macron-scholz-et-johnson-appellent-a-la-retenue-20220821']"
1468,Russian APT Gamaredon targeted Ukrainian organizations with infostealer in cyber operations,"The Russian state-sponsored APT Gamaredon aka Shuckworm targeted unnamed Ukrainian organizations from July 15 until at least August 8, 2022. It used an infostealer in order to spy on its targets, according to attributing IT-company Symantec. 
The Russian state-sponsored APT Gamaredon aka Shuckworm targeted Ukrainian government organizations once again since August 2022 with a new infostealer, according to the technical report of Cisco Talos.
The Russian state-sponsored APT Gamaredon attacks continued in September 2022 with various targets in Ukraine, including targeting Ukrainian government agencies which included defense and law enforcement agencies. The intention of the attacks by the bad actors appeared to be partly with the goal of data theft, and partly with the goal of increasing its offensive capabilities. IT specialists from Cisco Talos have analyzed the activity of the APT group and have observed that the hackers use phishing documents with malware, called Infostealer, which is embedded in computers to gain further access to the networks. The malware provides the hackers the ability to exfiltrate files and ""deploy binary and script-based payloads to infected end devices."" The APT threat actors are known to specifically and exclusively target Ukrainian targets. It is suspected that the threat actors first gain access to computers via Office documents.",2022-07-15,2022-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company; Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Government / ministries']],"['Gamaredon Group/Shuckworm/BlueAlpha/ACTINIUM/Primitive Bear/Armageddon/DEV-0157, Group G0047 (FSB, 18th Center, Crimea)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2022-08-15; 2022-09-15,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Symantec; Cisco Talos Intelligence,,United States; United States,"Gamaredon Group/Shuckworm/BlueAlpha/ACTINIUM/Primitive Bear/Armageddon/DEV-0157, Group G0047 (FSB, 18th Center, Crimea); Gamaredon Group/Shuckworm/BlueAlpha/ACTINIUM/Primitive Bear/Armageddon/DEV-0157, Group G0047 (FSB, 18th Center, Crimea)",Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/russia-ukraine-shuckworm', 'https://cert.gov.ua/article/971405', 'https://blog.talosintelligence.com/2022/09/gamaredon-apt-targets-ukrainian-agencies.html']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Phishing,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.techrepublic.com/article/russias-shuckworm-cyber-group-launching-ongoing-attacks-on-ukraine/', 'https://www.bleepingcomputer.com/news/security/russian-hackers-target-ukraine-with-default-word-template-hijacker/', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/russia-ukraine-shuckworm', 'https://cert.gov.ua/article/971405', 'https://www.bleepingcomputer.com/news/security/russian-hackers-use-new-info-stealer-malware-against-ukrainian-orgs/', 'https://securityaffairs.co/wordpress/135780/apt/gamaredon-new-stealing-malware.html', 'https://therecord.media/notorious-russian-hacking-group-uses-a-new-tool-against-ukraine-orgs-researchers-say/', 'https://thehackernews.com/2022/09/russian-gamaredon-hackers-target.html', 'https://blog.talosintelligence.com/2022/09/gamaredon-apt-targets-ukrainian-agencies.html', 'https://www.computerworld.pl/news/Hakerzy-z-grupy-Gamaredon-APT-atakuja-ukrainskie-agencje-rzadowe,441401.html', 'https://www.securitylab.ru/news/533932.php', 'https://thehackernews.com/2023/01/new-research-delves-into-world-of.html', 'https://securityaffairs.com/141752/malware/apt-gamaredon-attacks.html', 'https://twitter.com/Dennis_Kipker/status/1621467787326590977', 'https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html']"
1546,Emails involving Labour Party councillors in Croydon and journalist Steven Downes hacked in early 2021,"Email correspondence involving several Labour Party councillors in Croydon and Steven Downes, a journalist reporting for the local newspaper Inside Croydon, was compromised through a hack of Downes account in early 2021, according to the Investigative Unit of Al Jazeera. Material from the hacked emails was subsequently used to expel David White, then secretary of Croydon Central Constituency Labour Party, and Andrew Pelling, then councillor in Croydon. ",2021-01-01,2021-03-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,[['Steven Downes']],['United Kingdom'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['Media']],,['Unknown'],['Not available'],['Unknown - not attributed'],,1,,,,,,,Unknown,,Unknown - not attributed,,[],System / ideology; National power,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,12.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/jsrailton/status/1576387939722227712', 'https://www.youtube.com/watch?v=db-Gpmfajp8', 'https://www.ajiunit.com/article/unprecedented-leak-exposes-inner-workings-of-uk-labour-party/']"
1500,Hacktivist group Guacamaya leaked 10 terabytes of data from military and police agencies of several central  and south american countries on the 19th of September 2022.,"Repressive Forces: Hacktivist group Guacamaya released 10 terabytes of data from military and police agencies of Chile, El Salvador, Colombia, Peru and Mexico the hacktivists are accusing of damaging the environment and repressing the natives on behalf of the former ""invaders"", namely the former colonisers and the ""global North"". The hacktivists leaked the data on the 19th of September 2022 on the website Enlace Hacktivista, a website that publishes material from hackers, where they claimed responsibility for the leak. 

The data leaked from the Mexican Secretariat of National Defense contains references to the health of president Andres Manuel Lopez Obrador, insights into differences between the Secretariat of National Defense and the Navy, information on the surveillance of U.S. ambassador Ken Salazar and transcripts on narco-criminal operations, the revealment that the local police kidnapped 43 students and handed them over to be killed by a drug gang in 2014, general information on the cooperation between military and drug cartels, references to involvement of Russian security companies in the training of defense groups in opposition to the drug cartels, information on the military monitoring of journalists and activists.

The leaked data from the Colombian General Command of the Military Forces exposed identities and methods of Australian secret agents to fight international drug cartels like surveillance reports, phone taps and payroll records for Colombian law enforcement officers.

The leaked data from the Chilean Army Joint Chief's of Staff revealed cybersecurity strategies, communication interceptions, military spending, exposed the identities of 162 members of different security agencies and information on the migratory crisis in North Chile. ",2022-09-19,2022-09-19,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft & Doxing,"[['Secretariat of National Defense (SEDENA; Mexico)'], ['National Civil Police (El Salvador)'], ['General Command of the Armed Forces (Colombia)'], ['El Salvador’s Armed Forces'], ['Peruvian Army'], ['Chief of the Joint Chiefs of Defence (Chile)'], ['Joint Command of the Armed Forces of Peru (CCFFAA)']]","['Mexico', 'El Salvador', 'Colombia', 'El Salvador', 'Peru', 'Chile', 'Peru']","[[], ['CENTAM'], ['SOUTHAM'], ['CENTAM'], ['SOUTHAM'], ['SOUTHAM'], ['SOUTHAM']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Police'], ['Military'], ['Military'], ['Military'], ['Military'], ['Military']]",['Guacamaya'],['Central America (region)'],['Non-state-group'],['Hacktivist(s)'],1,2022-09-19 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Guacamaya,,Central America (region),Guacamaya,Central America (region),Non-state-group,Hacktivist(s),['https://enlacehacktivista.org/comunicado_guacamaya4.txt'],System / ideology,Not available,,Not available,,2,2022-09-30; 2022-09-23,State Actors: Stabilizing measures; State Actors: Executive reactions,Statement by head of state/head of government; Resignation,Mexico; Chile,Andrés Manuel López Obrador (President; MEX); General Guillermo Paiva Hernández (Head of Joint Chiefs of Staff; CHL),No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,7.0,1-10,5.0,None,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,Not available,,"['https://twitter.com/AnonOpsSE/status/1625958482204676096', 'https://elpais.com/https:/elpais.com/mexico/2023-03-10/lopez-obrador-dice-que-el-ejercito-no-espio-con-pegasus-a-periodistas-y-activistas-sino-que-se-hizo-investigacion.html', 'https://elpais.com/https:/elpais.com/mexico/2023-04-18/lopez-obrador-acusa-al-pentagono-de-espionaje.html', 'https://www.cyberscoop.com/central-american-hacking-group-releases-emails/', 'https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-9/', 'https://www.defensa.cl/noticias/declaracion-publica/', 'https://www.securityweek.com/hack-puts-latin-american-security-agencies-edge', 'https://therecord.media/mexican-president-confirms-guacamaya-hack-targeting-regional-militaries/', 'https://twitter.com/cybersecboardrm/status/1576027241015873536', 'https://www.derstandard.at/story/2000139595413/cyberangriff-in-mexiko-hacker-stehlen-militaerunterlagen', 'https://www.databreaches.net/mexico-confirms-hack-of-military-records-presidents-health-information/', 'https://securityaffairs.co/wordpress/136497/data-breach/guacamaya-hacked-latam-countries.html', 'https://twitter.com/securityaffairs/status/1576242644476653573', 'https://twitter.com/cybersecboardrm/status/1576079035846762496', 'https://twitter.com/securityaffairs/status/1576663635899785216', 'https://www.heise.de/news/Mexikanische-Armee-steht-nach-Hackerangriff-nackt-da-7282860.html', 'https://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/', 'https://chiletoday.cl/massive-hack-reveals-sensitive-chilean-defense-documents/', 'https://twitter.com/CarlosLoret/status/1575846901986959367', 'https://twitter.com/lopezdoriga/status/1575825911454236672?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1575825911454236672%7Ctwgr%5E478c23dc7edb20feea572b862f0db3a505be95b7%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww-therecord.recfut.com%2Fmexican-president-confirms-guacamaya-hack-targeting-regional-militaries%2F', 'https://latinus.us/2022/09/29/loret-capitulo-96/', 'https://www.reporteindigo.com/reporte/quienes-son-guacamaya-los-hacktivistas-detras-del-ataque-cibernetico-a-la-sedena/', 'https://therecord.media/mexican-president-confirms-guacamaya-hack-targeting-regional-militaries/', 'https://securityaffairs.co/wordpress/136497/hacking/guacamaya-hacked-latam-countries.html', 'https://twitter.com/securityaffairs/status/1576827459164831745', 'https://www.heise.de/news/Dienstag-Kim-Kardashin-zahlt-Strafe-Mexikanische-Armee-blossgestellt-7282925.html', 'https://www.heise.de/tp/features/Lateinamerika-Riesiges-Daten-Leak-durch-historische-Cyberattacke-7284158.html', 'https://english.elpais.com/international/2022-10-09/intercepted-frequencies-satellite-photos-and-intelligence-reports-documents-from-the-us-mexico-war-against-fentanyl.html', 'https://www.foxnews.com/world/mexican-government-hack-reveals-military-sold-arms-received-escort-cartels-report', 'https://english.elpais.com/international/2022-10-13/white-house-on-mexicos-defense-ministry-leaks-all-governments-are-vulnerable-to-being-hacked.html', 'https://www.smh.com.au/national/enter-the-dragonfruit-drugs-gold-and-the-data-hack-revealing-the-fight-to-stop-cartel-20221004-p5bmzj.html', 'https://www.databreaches.net/australian-police-secret-agents-exposed-in-colombian-data-leak-by-guacamaya/', 'https://www.bleepingcomputer.com/news/security/australian-police-secret-agents-exposed-in-colombian-data-leak/', 'https://english.elpais.com/international/2022-10-13/white-house-on-mexicos-defense-ministry-leaks-all-governments-are-vulnerable-to-being-hacked.html', 'https://twitter.com/Dennis_Kipker/status/1581949719261368321', 'https://english.elpais.com/international/2022-10-18/mexicos-defense-ministry-leaks-highlight-blowback-effect-of-hacking.html', 'https://www.washingtonpost.com/world/2022/10/21/mexico-border-china-technology/', 'https://www.smh.com.au/national/secret-agents-targeting-drug-cartels-in-australia-exposed-in-data-hack-20221004-p5bmzg.html', 'https://www.reuters.com/world/americas/mexico-president-backs-defense-ministrys-refusal-account-massive-data-leak-2022-10-18/', 'https://enlacehacktivista.org/comunicado_guacamaya4.txt', 'https://enlacehacktivista.org/index.php?title=Fuerzas_Represivas', 'https://therecord.media/guacamaya-leaks-spark-debate-about-militarization-spyware-but-no-accountability/', 'https://twitter.com/cahlberg/status/1606143773167288321', 'https://www.eff.org/deeplinks/2022/12/hacking-governments-and-government-hacking-latin-america-2022-year-review', 'https://en.mercopress.com/2022/09/23/chile-s-top-general-resigns-over-intel-leak', 'https://therecord.media/mexican-president-confirms-guacamaya-hack-targeting-regional-militaries/', 'https://www.cyberscoop.com/guacamaya-hacktivist-group-latin-america-interview/']"
1501,Hackers linked to Iran's MOIS disrupted Albania's Total Information Managment System (TIMS) on 9 September 2022 and leaked internal information related to State Police,"HomeLand Justice, a front the US government suspects to be coordinated by Iran's Ministry of Intelligence and Security (MOIS), infiltrated the data storage and transmission systems of Albania's State Police on 9 September, according to a statement by Albania's Ministry of the Interior. The intrusion led to the temporary shutdown of the Total Information Management System (TIMS), which gathers information on the entries and exits of people and vehicles. Data obtained in the compromise was subsequently offered for sale. This operation follows the public attribution by Albania and NATO allies of an earlier cyber-operation, which had culminated in the disruption of Albanian government services on 15 July 2022, to Iranian state-sponsored hackers. On 19 September, HomeLand Justice disclosed email exchanges of former General Police Director Gledis Nano, including with foreign officials.
The group on subsequent occasions published what appeared to be internal information from systems operated by the Albanian State Police. A cache divulged on 3 October, contained the personal details of individuals suspected of crimes by the Albanian authorities, including photos, names, date of birth, and ID numbers. The origins of the leak remain unclear. The State Police has refuted reports about MEMEX, its system to collect information on investigations, being the source and maintained that the database had not been compromised. A local Albanian media outlet, referring to unnamed officials involved in the investigation, reported that an Albanian citizen enabled access to the data. On 10 October, the group released details of 300 police officers, including their names, photos, and other personal information. The provenance of this information has not been publicly ascertained.",2022-09-09,2022-10-10,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft & Doxing,"[['Albanian State Police'], ['Gledis Nano']]","['Albania', 'Albania']","[['EUROPE', 'BALKANS', 'NATO', 'WBALKANS'], ['EUROPE', 'BALKANS', 'NATO', 'WBALKANS']]","[['State institutions / political system'], ['State institutions / political system']]","[['Police'], ['Police']]",['Not available'],"['Iran, Islamic Republic of']",['State'],,3,2022-09-10; 2022-09-11; 2022-09-21,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Attribution by third-party; Attribution by third-party,"Edi Rama (Prime Minister, ALB); National Security Council; Cybersecurity and Infrastructure Security Agency (CISA)",,Albania; United States; United States,Not available; Not available; HomeLand Justice/ Homeland Justice,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of",State; State; State,,"['https://twitter.com/WHNSC/status/1568782751511486469?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1568782751511486469%7Ctwgr%5E66097bdaeec8ebc8a08689dfbb86d745b609563c%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.dw.com%2Fen%2Falbania-once-again-the-target-of-cyberattacks-after-cutting-diplomatic-ties-with-iran-and-expelling-diplomats%2Fa-63146285', 'https://twitter.com/ediramaal/status/1568523932029919232', 'https://www.cisa.gov/uscert/ncas/alerts/aa22-264a']",System / ideology,System/ideology; National power; Third-party intervention / third-party affection,Iran (opposition); Iran (opposition); Iran (Opposition),Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,Low,8.0,Day (< 24h),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.databreaches.net/gag-order-issued-to-stop-release-of-information-stolen-by-hackers/', 'https://www.dw.com/en/albania-once-again-the-target-of-cyberattacks-after-cutting-diplomatic-ties-with-iran-and-expelling-diplomats/a-63146285', 'https://twitter.com/WHNSC/status/1568782751511486469?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1568782751511486469%7Ctwgr%5E66097bdaeec8ebc8a08689dfbb86d745b609563c%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.dw.com%2Fen%2Falbania-once-again-the-target-of-cyberattacks-after-cutting-diplomatic-ties-with-iran-and-expelling-diplomats%2Fa-63146285', 'https://twitter.com/ediramaal/status/1568523932029919232', 'https://edition.cnn.com/2022/09/10/politics/albania-cyberattack-iran/index.html', 'https://www.cisa.gov/uscert/ncas/alerts/aa22-264a', 'https://www.euractiv.com/section/digital/news/albanian-national-security-council-convenes-over-iran-cyber-attacks/', 'https://lajme.rtsh.al/artikull/sulmet-kibernetike-mbledhja-e-keshillit-te-sigurimit-kombetar-institucionet-raportojne-mbi-masat-e-marra-', 'https://dosja.al/politike/mbledhja-me-begajn-per-et-kibernetike-ibrahimaj-zbardh-biseden-me-d-i248361', 'https://dosja.al/politike/presidenti-mbledh-keshillin-e-sigurise-kombetare-rel-opozita-e-kishte-k-i248443', 'https://mb-gov-al.translate.goog/reagim-i-ministrise-se-brendshme-rikthehet-sistemi-tims-pas-sulmit-kibernetik/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp', 'https://www.balkanweb.com/sulmi-kibernetik-me-hakerat-iraniane-bashkepunoi-edhe-nje-shqiptar/', 'https://balkaninsight.com/2022/10/03/iranian-hackers-leak-database-of-albanian-criminal-suspects/', 'http://en.ata.gov.al/2022/10/03/state-police-memex-system-data-are-not-hacked/', 'https://www.euractiv.com/section/politics/news/hackers-continue-to-leak-data-from-albanian-intelligence-services/']"
1502,Iranian state-sponsored hackers disrupted Albanian government websites and essential services on 15 July 2022,"Iranian state-sponsored hackers shut down the websites of the Albanian Parliament and the Prime Minister’s office as well as access to the e-government platform e-Albania, according to a video statement by Albanian Prime Minister Edi Rama. Attackers encrypted and destroyed data enabling essential services and leaked government information, including elements from emails by the prime minister and the ministry of foreign affairs. 
Microsoft attributed the activity with high confidence to at least four Iranian politically motivated hacking groups. Technical reports by the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) issued supporting findings, followed by statements of the US National Security Council and the UK Foreign Office condemning the attacks and identifying links to state sponsors in Iran. Reactions of the Foreign Office were founded on conclusions by the UK National Cyber Security Centre (NCSC) that Iranian state-sponsored ""almost certainly"" bore responsibility for the attacks. In a statement by the National Atlantic Council, NATO recognized this attribution of responsibility to Iran by allies. 
The cyber attack took place ahead of a People's Mojahedin Organization of Iran (MEK) summit originally planned for 23-24 July 2022 in Albania, which has been hosting core members of the group. The MEK forms part of the National Council of Resistance of Iran and is considered a terrorist group by Iran. 
The technical report of the FBI and CISA concluded that one of the Iranian threat actors gained access to the network of the Albanian government 14 months before initiating the disruptive effects on 15 July.",2021-05-01,2022-07-21,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ","Incident disclosed by IT-security company; Incident disclosed by attacker; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state; Incident disclosed by authorities of victim state",Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,"[['e-Albania'], ['Albanian Government']]","['Albania', 'Albania']","[['EUROPE', 'BALKANS', 'NATO', 'WBALKANS'], ['EUROPE', 'BALKANS', 'NATO', 'WBALKANS']]","[['State institutions / political system'], ['State institutions / political system']]","[['Civil service / administration'], ['Government / ministries']]",,"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,6,2022-09-07; 2022-09-08; 2022-09-08; 2022-09-08; 2022-09-08; 2022-09-08; 2022-09-08; 2022-09-08; 2022-09-08; 2022-09-08; 2022-09-08; 2022-09-08; 2022-09-08; 2022-08-04; 2022-08-04; 2022-08-04; 2022-08-04; 2022-09-08; 2022-09-07; 2022-09-07; 2022-09-07; 2022-09-07; 2022-09-21; 2022-09-21,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms; IT-security community attributes attacker; Attacker confirms; Attribution by international organization; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,"Edi Rama (Prime Minister, ALB); Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Mandiant; Mandiant; Mandiant; Mandiant; North Atlantic Treaty Organization (NATO); United Kingdom’s National Cyber Security Centre (NCSC); United Kingdom’s National Cyber Security Centre (NCSC); National Security Council; National Security Council; Cybersecurity and Infrastructure Security Agency (CISA); Federal Bureau of Investigation (FBI)",,Albania; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; nan; United Kingdom; United States; United Kingdom; United States; United States; United States,None; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049; OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049; DEV-0861; DEV-0861; DEV-0166 (Intruding Divisor); DEV-0166 (Intruding Divisor); DEV-0133 (Lyceum); DEV-0133 (Lyceum); DEV-0842; DEV-0842; Ministry of Intelligence and Security (MOIS; Iran); Ministry of Intelligence and Security (MOIS; Iran); None; None; None; None; None; None; None; None; None; HomeLand Justice; HomeLand Justice,"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State",; ; ; ; ; ; ; ; ; ; ; ; ; Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); ; ; ; ; ; ; ,"['https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/', 'https://www.nato.int/cps/en/natohq/official_texts_207156.htm', 'https://www.mandiant.com/resources/blog/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against?1=', 'https://www.kryeministria.al/en/newsroom/videomesazh-i-kryeministrit-edi-rama/', 'https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/07/statement-by-nsc-spokesperson-adrienne-watson-on-irans-cyberattack-against-albania/', 'https://www.gov.uk/government/news/uk-condemns-iran-for-reckless-cyber-attack-against-albania', 'https://www.cisa.gov/uscert/ncas/alerts/aa22-264a']",System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,Iran (opposition); Iran (opposition); Iran (Opposition),Unknown,,5,2022-09-06; 2022-09-08; 2022-09-21; 2022-09-08; 2023-01-01,State Actors: Stabilizing measures; International organizations: Stabilizing measures; State Actors: Preventive measures; EU: Stabilizing measures; State Actors: Preventive measures,Statement by head of state/head of government; Statement by secretary-general or similar; Awareness raising; Declaration of HR; Capacity building in third countries,Albania; NATO (region); United States; EU (region); United States,Albanian Government; North Atlantic Treaty Organization (NATO); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); High Representative of the European Union for Foreign Affairs and Security Policy,No,,Exploit Public-Facing Application,Data Exfiltration; Data Destruction; Data Encrypted for Impact,None,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),International telecommunication law; International peace; Sovereignty,; Prohibition of intervention; ,Not available,3,2022-09-07; 2022-09-09; 2022-12-02,"Peaceful means: Retorsion (International Law); Peaceful means: Retorsion (International Law); Other legal measures on national level (e.g. law enforcement investigations, arrests)",Severance of diplomatic relations; Economic sanctions; ,Albania; United States; Albania,Council of ministers; US Department of the Treasury; Tirana Prosecutor’s Office (ALB),,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/', 'https://www.govinfosecurity.com/us-sends-cyber-team-to-aid-albanias-cyber-defenses-a-21523', 'https://www.cybercom.mil/Media/News/Article/3337717/committed-partners-in-cyberspace-following-cyberattack-us-conducts-first-defens/', 'https://twitter.com/Cyberwarzonecom/status/1639063487702880256', 'https://twitter.com/Dennis_Kipker/status/1639239711872122881', 'https://therecord.media/foreign-cyber-aid-state-department-congress', 'https://cyberscoop.com/fick-cyber-diplomats-embassies/', 'https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/', 'https://www.nato.int/cps/en/natohq/official_texts_207156.htm', 'https://www.tiranatimes.com/?p=152748', 'https://www.mandiant.com/resources/blog/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against?1=', 'https://twitter.com/VZhora/status/1567601467284160512', 'https://www.kryeministria.al/en/newsroom/videomesazh-i-kryeministrit-edi-rama/', 'https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/08/readout-of-national-security-advisor-jake-sullivans-call-with-prime-minister-edi-rama-of-albania/', 'https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/07/statement-by-nsc-spokesperson-adrienne-watson-on-irans-cyberattack-against-albania/', 'https://www.gov.uk/government/news/uk-condemns-iran-for-reckless-cyber-attack-against-albania', 'https://www.bleepingcomputer.com/news/security/fbi-iranian-hackers-lurked-in-albania-s-govt-network-for-14-months/', 'https://www.securityweek.com/natos-team-albania-help-iran-alleged-cyberattack', 'https://www.cisa.gov/uscert/ncas/alerts/aa22-264a', 'https://www.securityweek.com/iranian-hackers-breached-albanian-government-one-year-disruptive-attacks', 'https://therecord.media/cisa-iranian-hackers-spent-14-months-in-albanian-govt-network-before-launching-ransomware/', 'https://www.consilium.europa.eu/en/press/press-releases/2022/09/08/cyber-attacks-declaration-by-the-high-representative-on-behalf-of-the-european-union-expressing-solidarity-with-albania-and-concern-following-the-july-malicious-cyber-activities/', 'https://abcnews.go.com/International/wireStory/albanian-staff-charged-negligence-cyberattack-94202825', 'https://www.euractiv.com/section/politics/news/five-albanian-state-it-staff-investigated-over-iran-hack/', 'https://socradar.io/dark-web-profile-apt42-iranian-cyber-espionage-group/', 'https://www.euractiv.com/section/politics/news/hackers-continue-to-leak-data-from-albanian-intelligence-services/', 'https://twitter.com/Dennis_Kipker/status/1603049563711062016', 'https://cyberscoop.com/pro-iranian-abraham-ax-saudi-israel-moses-staff/', 'https://twitter.com/780thC/status/1618571785276100609', 'https://www.cisa.gov/uscert/ncas/alerts/aa22-264a', 'https://www.darkreading.com/attacks-breaches/iran-backed-actor-behind-cyberattack-charlie-hebdo-microsoft-says']"
1503,Anonymous takes down Iranian government websites beginning on 20th September 2022,"Op Iran: Anonymous takes down websites of the Iranian government, central bank and state-owned media as a sign of protest following the death of Mahsa Amini, who died on the 16th of September 2022 in the custody of the Iranian moral police, beginning on the 20th September 2022, according to the tweets of Anonymous and Anonymous-affiliated accounts. ",2022-09-20,2022-09-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,"[['Central Bank (Iran)'], ['Government Spokesman Office (Iran)'], ['Office of the Supreme Leader (Iran)'], ['President of the Islamic Republic of Iran'], ['Fars News Agency'], ['Islamic Republic of Iran Broadcasting (IRIB)'], ['Forensic Research Center (Iran)'], [None]]","['Iran, Islamic Republic of', 'Iran, Islamic Republic of', 'Iran, Islamic Republic of', 'Iran, Islamic Republic of', 'Iran, Islamic Republic of', 'Iran, Islamic Republic of', 'Iran, Islamic Republic of', 'Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA']]","[['State institutions / political system', 'Critical infrastructure'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['Media'], ['Media'], ['Science'], ['State institutions / political system']]","[['Other (e.g., embassies)', 'Finance'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries'], [''], [''], [''], ['Civil service / administration']]",['Anonymous'],['Not available'],['Non-state-group'],['Hacktivist(s)'],1,2022-09-20 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,,Anonymous,,Non-state-group,Hacktivist(s),"['https://twitter.com/YourAnonSpider/status/1572337224536174593', 'https://twitter.com/YourAnonSpider/status/1572521377839874049/photo/1', 'https://twitter.com/YourAnonSpider/status/1572582347593363457', 'https://twitter.com/YourAnonSpider/status/1572713941448417280']",System / ideology,Not available,,Not available,,0,,,,,,No,,Not available,Endpoint Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,0,Moderate - high political importance,0.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://therecord.media/anonymous-takes-down-iranian-government-websites-amid-protests-following-death-of-mahsa-amini/', 'https://therecord.media/iran-shutters-mobile-networks-instagram-whatsapp-amid-protests/', 'https://twitter.com/YourAnonSpider/status/1572337224536174593', 'https://twitter.com/YourAnonSpider/status/1572521377839874049/photo/1', 'https://twitter.com/YourAnonSpider/status/1572582347593363457', 'https://twitter.com/YourAnonSpider/status/1572713941448417280', 'https://therecord.media/anonymous-takes-down-iranian-government-websites-amid-protests-following-death-of-mahsa-amini/', 'https://www.hackread.com/opiran-anonymous-iran-state-sites-cctv-camera-hack/', 'https://www.lefigaro.fr/international/iran-les-hackers-d-anonymous-prennent-part-a-la-protestation-20220928', 'https://twitter.com/Cyberwarzonecom/status/1577086623392493568', 'https://www.rferl.org/a/iran-central-bank-cyberattack-thwarted/32212160.html', 'https://therecord.media/irans-support-of-russia-draws-attention-of-pro-ukraine-hackers/', 'https://twitter.com/cahlberg/status/1612790331874877446']"
1504,U.S. federal court system was breached in early 2020,"The Judiciary's Case Managment / Electronic Case Files Managment System (CM/ECF) was breached in early 2020 by three hostile foreign actors, according to House Judiciary Committee Chairmain Jerrold Nadler. 
The administrative office of the U.S. courts published a press release on the 6th of January 2021, announcing to protect sensitive court documents because of the actual SolarWinds hack at that time, mentioning that they are investigating an apparent compromise of the U.S. federal court managment system. ",2020-01-01,2021-01-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,[['Administrative Office of the U.S. Courts (AO)']],['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Judiciary']],,['Not available'],['Unknown - not attributed'],,1,,,,,,,,,Unknown - not attributed,,['https://www.cyberscoop.com/senator-federal-courts-cyberattack/'],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,Not available,none,none,0,Moderate - high political importance,1.0,Minor,5.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,,,,,Cyber espionage,,Not available,,"['https://www.cyberscoop.com/senator-federal-courts-cyberattack/', 'https://judiciary.house.gov/calendar/eventsingle.aspx?EventID=4966', 'https://www.politico.com/news/2022/07/28/justice-department-data-breach-federal-court-system-00048485', 'https://www.cyberscoop.com/federal-court-system-breach/', 'https://www.documentcloud.org/documents/22123051-wyden-letter-about-data-breach-of-us-courts', 'https://web.archive.org/web/20210106200355/https://www.uscourts.gov/news/2021/01/06/judiciary-addresses-cybersecurity-breach-extra-safeguards-protect-sensitive-court']"
1508,Anonymous targeted the Russian Ministry of Defense in a hack-and-leak operation in April 2022,"The hacker group Anonymous claims to have hacked the website of the Russian Ministry of Defense and leaked the data of over 300,000 people who are most likely to be mobilized for the Ukraine war in September 2022 as part of its #OpRussia.",2022-09-01,2022-09-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,[['Ministry of Defence (Russia)']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Not available'],['Non-state-group'],['Hacktivist(s)'],1,2022-09-23 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,Unknown,Anonymous,,Non-state-group,Hacktivist(s),['https://twitter.com/YourAnonTV/status/1573290421270507520'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,8.0,Not available,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,Cyber espionage,Non-state actors,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://securityaffairs.co/wordpress/136127/hacktivism/anonymous-russian-ministry-of-defense.html', 'https://twitter.com/YourAnonTV/status/1573290421270507520', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1511,CaddyWiper: Russian state-sponsored hacker group attacked a ukrainian bank and other targets on the 14th of March 2022,"CaddyWiper: Russian state-sponsored hacker group Sandworm (GRU Unit 74455) (aka Telebots, Voodoo Bear, and Iron Viking) is attributed to an attack on a Ukrainian bank and other Ukrainian targets, including targets within the energy industry, beginning on March 14 2022.  The IT-security company, ESET, made the assessment with high confidence. The ESET researchers worked closely with CERT-UA when ICS-capable malware, including an infamous Industroyer malware (previously used in a 2016 Sandworm APT attack that cut Ukrainian power), and regular disk wipers for Windows, Linux and Solaris operating systems was used in an attack against Ukrainian energy providers. Following the most recent malware attack, CERT-UA renamed the malware Industroyer2. CaddyWiper was found on March 14, 2022, to have been used in an attack against a Ukrainian Bank and again on April 8, 2022, against a Ukrainian energy provider in which a temporary disruption occurred and power was cut from nine substations (according to a non-public document from CERT-UA). In addition to Industroyer2 and CaddyWiper, Sandworm deployed various destructive malware families including ORCSHRED, SOLOSHRED, and AWFULSHRED. The initial compromise of the IT system is not known nor how the attackers transitioned from the IT network to the Industrial Control System (ICS) network. Cooperations with Microsoft and ESET allow the Ukrainian cybersecurity professionals to continue to investigate and respond to the Industroyer2 attacks.
",2022-03-14,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,"[['Not available'], ['Not available']]","['Ukraine', 'Ukraine']","[['EUROPE', 'EASTEU'], ['EUROPE', 'EASTEU']]","[['Unknown'], ['Critical infrastructure']]","[[''], ['Energy']]","['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-04-12 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/', 'https://twitter.com/ESETresearch/status/1503436420886712321', 'https://blog.morphisec.com/caddywiper-analysis-new-malware-attacking-ukraine', 'https://www.welivesecurity.com/deutsch/2022/03/15/caddywiper-neue-datenloeschende-malware-in-der-ukraine-entdeckt/', 'https://thehackernews.com/2022/09/researchers-identify-3-hacktivist.html', 'https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/', 'https://www.csoonline.com/article/3656954/ukraine-energy-facility-hit-by-two-waves-of-cyberattacks-by-russia-s-sandworm-group.html#tk.rss_criticalinfrastructure']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Valid Accounts,Disk Wipe; Inhibit System Recovery,Not available,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,1.0,None,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Not available,0,,,,,,Due diligence,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.wired.com/story/ukraine-russia-wiper-malware/', 'https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/', 'https://twitter.com/Cyber_O51NT/status/1629280661474508801', 'https://twitter.com/780thC/status/1629087842516320256', 'https://securityaffairs.com/143570/cyber-warfare-2/russian-hybrid-warfare-ukraine.html', 'https://www.welivesecurity.com/2023/03/30/eset-research-podcast-year-fighting-rockets-soldiers-wipers-ukraine/', 'https://www.cyberscoop.com/ukraine-russia-cyber-zhora-industroyer2-sandworm/', 'https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/', 'https://twitter.com/ESETresearch/status/1503436420886712321', 'https://blog.morphisec.com/caddywiper-analysis-new-malware-attacking-ukraine', 'https://www.welivesecurity.com/deutsch/2022/03/15/caddywiper-neue-datenloeschende-malware-in-der-ukraine-entdeckt/', 'https://thehackernews.com/2022/09/researchers-identify-3-hacktivist.html', 'https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/', 'https://www.csoonline.com/article/3656954/ukraine-energy-facility-hit-by-two-waves-of-cyberattacks-by-russia-s-sandworm-group.html#tk.rss_criticalinfrastructure', 'https://www.welivesecurity.com/2022/05/20/sandworm-ukraine-new-version-arguepatch-malware-loader/', 'https://www.technologyreview.com/2022/04/12/1049586/russian-hackers-tried-to-bring-down-ukraines-power-grid-to-help-the-invasion/', 'https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/', 'https://www.wired.com/story/worst-hacks-2022/', 'https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/', 'https://cyberscoop.com/sandworm-wiper-ukraine-russia-military-intel/', 'https://therecord.media/sandworm-swiftslicer-malware-ukraine-russia-eset/', 'https://twitter.com/RecordedFuture/status/1619109632882135040', 'https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html']"
1512,CyberBerkut broke into the Ukrainian Election Commission's network in May 2014 before the presidential election and posted files online,"The pro-Russian hacktivist group CyberBerkut announced that it had broken into the Ukrainian Election Commission's network in May 2014 ahead of the presidential election and posted files online, such as system logs and mailbox contents of Election Commission members. The group reasoned that the hack was intended to reject the election as illegal. A short time later, Ukrainian Interior Minister Arsen Avakov announced on Facebook that his website had been hacked, after an announcement was made there that the electronic voting system had failed and votes would have to be counted by hand. This was due to DDoS attacks, allegedly by CyberBerkut that lasted from about 1 to 3 a.m. on May 26.",2014-05-22,2014-05-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption; Hijacking with Misuse,[['Ukrainian Central Election Commission']],['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Election infrastructure / related systems']],['CyberBerkut'],['Ukraine'],['Non-state-group'],['Hacktivist(s)'],1,2014-05-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,CyberBerkut,,Ukraine,CyberBerkut,Ukraine,Non-state-group,Hacktivist(s),['http://www.cyber-berkut.ru/en/index_02.php'],System / ideology,Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,Not available,Data Exfiltration; Data Destruction,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; International peace; Sovereignty,Civic / political rights; Prohibition of intervention; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.bloomberg.com/opinion/articles/2014-05-26/how-hackers-exposed-ukraine-s-vulnerability', 'http://www.cyber-berkut.ru/en/index_02.php', 'https://ria.ru/20140525/1009211710.html', 'https://www.csmonitor.com/World/Passcode/2014/0617/Ukraine-election-narrowly-avoided-wanton-destruction-from-hackers', 'https://www.wired.com/story/ukraine-russia-wiper-malware/']"
1513,Chinese state-sponsored hacker group TA413 targets Tibetan organizations in the first half of 2022,"Chinese state-sponsored hacker group TA413 targets Tibetan organizations for surveillance and intelligence-gathering purposes in the first half of 2022, according to the technical report of Recorded Future. 
The hackers exploited a zero-day vulnerability in the Sophos firewall and deployed a new backdoor called LOWZERO.",2022-01-01,2022-06-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,,,[['Social groups']],[['Religious']],['TA413'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2022-09-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Recorded Future,,United States,TA413,China,"Non-state actor, state-affiliation suggested",,['https://www.recordedfuture.com/chinese-state-sponsored-group-ta413-adopts-new-capabilities-in-pursuit-of-tibetan-targets'],System / ideology; Autonomy,System/ideology; Autonomy; Resources,China (Tibet); China (Tibet); China (Tibet),Unknown,,0,,,,,,Yes,One,Exploit Public-Facing Application; Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,10.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Self-determination,; ; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.mandiant.com/resources/blog/zero-days-exploited-2022', 'https://securityaffairs.co/wordpress/136252/apt/ta413-targets-tibet-backdoor.html', 'https://thehackernews.com/2022/09/chinese-espionage-hackers-target.html', 'https://www.recordedfuture.com/chinese-state-sponsored-group-ta413-adopts-new-capabilities-in-pursuit-of-tibetan-targets', 'https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce', 'https://securityaffairs.co/wordpress/131843/apt/china-apt-exploits-follina-flaw.html', 'https://twitter.com/M_Miho_JPN/status/1576073406692237312']"
1514,Viasat Hack: Russian Military Intelligence disrupted Ukrainian satellite broadband services - February 2022,"Russia disrupted the satellite broadband services of US communication company Viasat in Ukraine in support of the Russian invasion on 24 February 2022, according to the US State Department, the government of the United Kingdom, and the Council of the European Union. In addition to Ukraine, the disruption of satellite services of Viasat also affected other countries in Europe, including Germany (e.g., German wind turbines). While the Viasat network was ""stabilized"" by 15 March, an incident report was issued by Viasat on 30 March and stated that the company and its customers were still affected by the attack. The US authorities (CISA and FBI) issued a warning on 17 March to US critical infrastructure companies of satellite communications (SATCOM) risks and ""possible threats."" By 10 May the malicious attack was attributed to the Russian Federation. Sentinel Labs identified that the data wiping malware supposedly used in the Viasat attack was AcidRain, the cybersecurity researchers also attributed the malware to being developed by Russian intelligence agencies. The virus was uploaded to VirusTotal via Italy under the file name ""Ukrop."" The malware affected 5,600 wind turbines in Germany that utilized Viasat modems.",2022-02-24,2022-03-15,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,,"['Poland', 'Hungary', 'Greece', 'Italy', 'Germany', 'France', 'Ukraine']","[['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'BALKANS'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'EASTEU']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Telecommunications'], ['Telecommunications'], ['Telecommunications'], ['Telecommunications'], ['Telecommunications'], ['Telecommunications'], ['Telecommunications']]",,['Russia'],['State'],,8,2022-07-19; 2022-05-10; 2022-05-10; 2022-05-10; 2022-05-10; 2022-05-10; 2022-05-10; 2022-05-10,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by EU institution/agency; Attribution by EU institution/agency; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,"High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); Antony J. Blinken (Secretary of State, USA); Liz Truss (Secretary of State for Foreign, Commonwealth and Development Affairs, United Kingdom); United Kingdom’s National Cyber Security Centre (NCSC); Government of Canada; Marise Payne (Minister for Foreign Affairs; Minister for Women, AUS); Nanaia Cybelle Mahuta (Foreign Minister, NZL)",,EU (region); EU (region); United States; United Kingdom; United Kingdom; Canada; Australia; New Zealand,,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,State; State; State; State; State; State; State; State,,"['https://www.gov.uk/government/news/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion', 'https://www.ncsc.gov.uk/news/russia-behind-cyber-attack-with-europe-wide-impact-hour-before-ukraine-invasion', 'https://www.consilium.europa.eu/en/press/press-releases/2022/05/10/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union/', 'https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/', 'https://www.consilium.europa.eu/en/press/press-releases/2022/07/19/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-malicious-cyber-activities-conducted-by-hackers-and-hacker-groups-in-the-context-of-russia-s-aggression-against-ukraine/']",System / ideology; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,7,2022-05-10; 2022-05-10; 2022-07-19; 2022-05-10; 2022-05-10; 2022-05-10; 2022-05-10,State Actors: Preventive measures; State Actors: Preventive measures; EU: Stabilizing measures; EU: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures,Capacity building in third countries; Capacity building in third countries; Declaration of HR; Declaration of HR; Statement by minister of foreign affairs; Statement by minister of foreign affairs; Statement by minister of foreign affairs,United States; EU (region); EU (region); United Kingdom; Canada; Australia; New Zealand,"U.S. Department of State; High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); High Representative of the Union for Foreign Affairs and Security Policy (HR/VP); Liz Truss (Secretary of State for Foreign, Commonwealth and Development Affairs, GBR); Government of Canada; Marise Payne (Minister for Foreign Affairs; Minister for Women, AUS); Nanaia Cybelle Mahuta (Foreign Minister, NZL)",No,,Supply Chain Compromise,Disk Wipe,None,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),International telecommunication law; Due diligence; Sovereignty,; ; ,Not available,1,2022-05-10 00:00:00,Peaceful means: Retorsion (International Law),Economic sanctions,New Zealand,"Nanaia Cybelle Mahuta (Foreign Minister, NZL)",International peace; Due diligence,; ,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://thediplomat.com/2023/02/the-next-cyber-phase-of-the-russia-ukraine-war-will-echo-in-asia/', 'https://elpais.com/tecnologia/2023-02-14/por-que-rusia-no-ha-logrado-ganar-la-guerra-cibernetica-en-ucrania.html', 'https://english.elpais.com/international/2023-02-14/why-russia-has-failed-to-win-the-cyberwar-in-ukraine.html', 'https://english.elpais.com/international/2023-02-14/why-russia-has-failed-to-win-the-cyberwar-in-ukraine.html', 'https://www.wired.com/story/ukraine-russia-wiper-malware/', 'https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months', 'https://cyberscoop.com/ukraine-russia-cyberwar-anniversary/', 'https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/', 'https://www.nrc.nl/nieuws/2023/02/26/zelfs-rusland-houdt-grote-cyberaanvallen-maar-eventjes-vol-a4158110', 'https://twitter.com/Dennis_Kipker/status/1629122902099361795', 'https://www.c4isrnet.com/cyber/2023/03/02/biden-vows-to-wield-all-instruments-in-fighting-cyber-threats/', 'https://cyberscoop.com/ukraine-internet-outages-infrastructure-attacks/', 'https://cyberscoop.com/solarium-commission-space-systems-critical-infrastructure/', 'https://therecord.media/designate-space-critical-infrastructure-cyberspace-solarium-commission', 'https://www.bleepingcomputer.com/news/security/cisa-fbi-warn-us-critical-orgs-of-threats-to-satcom-networks/', 'https://www.spiegel.de/netzwelt/web/viasat-satellitennetzwerk-offenbar-gezielt-in-osteuropa-gehackt-a-afd98117-5c32-4946-ab8a-619f1e7af024?sara_ecid=soci_upd_KsBF0AFjflf0DZCxpPYDCQgO1dEMph', 'https://www.reuters.com/world/europe/exclusive-us-spy-agency-probes-sabotage-satellite-internet-during-russian-2022-03-11/', 'https://edition.cnn.com/2022/03/15/europe/ukraine-detains-hacker/index.html', 'https://news.viasat.com/blog/corporate/ka-sat-network-cyber-attack-overview', 'https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected', 'https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/', 'https://www.gov.uk/government/news/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion', 'https://www.ncsc.gov.uk/news/russia-behind-cyber-attack-with-europe-wide-impact-hour-before-ukraine-invasion', 'https://www.consilium.europa.eu/en/press/press-releases/2022/05/10/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union/', 'https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/', 'https://www.techtarget.com/searchsecurity/news/252518023/US-EU-attribute-Viasat-hack-to-Russia', 'https://www.reuters.com/business/media-telecom/exclusive-hackers-who-crippled-viasat-modems-ukraine-are-still-active-company-2022-03-30/', 'https://www.cybersecurity-insiders.com/new-acidrain-malware-hit-viasats-modems-downing-ukraines-internet/', 'https://securityboulevard.com/2022/04/a-significant-spike-in-cyberattacks-from-russia-could-be-expected-in-april/', 'https://www.cyberscoop.com/nakasone-persistent-engagement-hunt-forward-nine-teams-ukraine/', 'https://www.golem.de/news/windraeder-cyberangriff-auf-deutsche-windtechnik-ag-2204-164655.html', 'https://www.consilium.europa.eu/en/press/press-releases/2022/07/19/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-malicious-cyber-activities-conducted-by-hackers-and-hacker-groups-in-the-context-of-russia-s-aggression-against-ukraine/', 'https://www.canada.ca/en/global-affairs/news/2022/05/statement-on-russias-malicious-cyber-activity-affecting-europe-and-ukraine.html', 'https://www.foreignminister.gov.au/minister/marise-payne/media-release/attribution-russia-malicious-cyber-activity-against-european-networks', 'https://www.beehive.govt.nz/release/new-sanctions-target-disinformation-and-malicious-cyber-actors', 'https://www.darkreading.com/threat-intelligence/advanced-cyberattackers-disruptive-hits-new-technologies', 'https://www.cyberscoop.com/dhs-mayorkas-cybersecurity/', 'https://twitter.com/CyberScoopNews/status/1603803185986125831', 'https://www.wired.com/story/most-dangerous-people-on-the-internet-2022/', 'https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/', 'https://www.wired.com/story/worst-hacks-2022/', 'https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/', 'https://www.darkreading.com/ics-ot/space-race-defenses-satellite-cyberattacks']"
1520,Anonymous disrupted Russian TV networks broadcast in February and March 2022,"Anonymous hacked several Russian TV and streaming networks (Rostelecom, All-Russia State Television and Radio Broadcasting Company, VGTRK, Wink, Ivi, Russia 24, Channel One, Moscow 24, St. Petersburg TV Channel) and created broadcast signal intrusions by showing pro-Ukrainian content, including footage of the 2022 Russian invasion of Ukraine and patriotic Ukrainian music. ",2022-02-27,2022-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,"[['VGTRK'], ['Ivi'], ['Moscow 24'], ['Russia 24'], ['Rostelecom'], ['Channel One'], ['Wink']]","['Russia', 'Russia', 'Russia', 'Russia', 'Russia', 'Russia', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Telecommunications'], ['Telecommunications'], ['Telecommunications'], ['Telecommunications'], ['Telecommunications'], ['Telecommunications'], ['Telecommunications']]",['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-02-27; 2022-02-27,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Media-based attribution; Attacker confirms,Anonymous; Anonymous,,Unknown; Unknown,Anonymous; Anonymous,Unknown; Unknown,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),"['https://securityaffairs.co/wordpress/129555/hacktivism/anonymous-hacked-vgtrk-russian-radio-tv.html', 'https://www.independent.co.uk/news/world/europe/anonymous-wink-ivi-russia-24-channel-1-moscow-24-b2029915.html']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Day (< 24h),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,,,Not available,,,,"['https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://www.independent.co.uk/news/world/europe/anonymous-wink-ivi-russia-24-channel-1-moscow-24-b2029915.html', 'https://www.bbc.com/news/technology-60784526', 'https://www.secureworld.io/industry-news/nb65-hackers-russia-ukraine', 'https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/', 'https://www.theguardian.com/world/2022/feb/27/anonymous-the-hacker-collective-that-has-declared-cyberwar-on-russia', 'https://securityaffairs.co/wordpress/129555/hacktivism/anonymous-hacked-vgtrk-russian-radio-tv.html', 'https://ddosecrets.substack.com/p/release-vgtrk-7862-gb?s=r', 'https://twitter.com/twitter/status/1513228484834906112', 'https://twitter.com/cyber_etc/status/1531290170393251844?s=20&t=cpIeg7vXC1n32GgdYJ5dRg', 'https://twitter.com/cyber_etc/status/1531324715066970113?s=20&t=MgEq_efbLJJYbTt1Y6SKFA', 'https://twitter.com/cyber_etc/status/1534501056151003136?s=20&t=MgEq_efbLJJYbTt1Y6SKFA', 'https://www.cbsnews.com/news/russian-radio-station-hacked-ukrainian-anthem-and-anti-war-song-kommersant-fm/', 'https://twitter.com/cyber_etc/status/1534513094969507840?s=20&t=MgEq_efbLJJYbTt1Y6SKFA', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/MilaDiamond/status/1551366232024109056', 'https://www.hackread.com/ev-charging-stations-dos-attacks/', 'https://twitter.com/twitter/status/1515411501049434112', 'https://twitter.com/YourAnonNews/status/1500613013510008836?', 'https://twitter.com/joetidy/status/1505450799241039875?s=20&t=x9Rdi6JKHLqimhe61dsMsg']"
1533,Anonymous-linked group NB65 targeted Russian firms with hack-and-leak operation in March / April 2022,"Anonymous-linked hacking group Network Battalion (aka NB65) claimed to have hacked-and-leaked data by Russian law firm Capital Legal Services (65GB of data leaked and submitted by wh1t3sh4d0w) and Mosekspertiza (483GB of data) in March / April 2022. The data was leaked via Twitter on April 1, 2022. Moscow Metro; SSK Gazregion LLC; Russian bank PSCB (Petersburg Social Commercial Bank/JSC Bank PSCB); Continent Express, a travel organization (399 GB); Elektrocentromontazh, the power organization; ALET, a customs broker; Qiwi. This activity also included data leaks.",2022-03-01,2022-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,"[['Mosekspertiza'], ['Capital Legal Services (Russia)']]","['Russia', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,['NB65'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-04-01 00:00:00,"Attribution given, type unclear",Attacker confirms,Anonymous,,Unknown,NB65,Unknown,Non-state-group,Hacktivist(s),"['https://twitter.com/YourAnonTV/status/1509934686444867586?s=20&t=ECZnWFN9zLTS7IZ4FD-ctw', 'https://twitter.com/YourAnonTV/status/1509938786444189708?s=20&t=TuNPN5ln0j_92nTB50lJ7A']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,1-10,1.0,Not available,0.0,euro,,,,Not available,0,,,,,,Not available,,,,"['https://twitter.com/twitter/status/1512918186462691328', 'https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/', 'https://securityaffairs.co/wordpress/130262/hacktivism/anonymous-targets-russian-entities.html', 'https://twitter.com/YourAnonTV/status/1509938786444189708?s=20&t=TuNPN5ln0j_92nTB50lJ7A', 'https://twitter.com/YourAnonTV/status/1509934686444867586?s=20&t=ECZnWFN9zLTS7IZ4FD-ctw', 'https://twitter.com/xxNB65/status/1510484074070224896', 'https://www.secureworld.io/industry-news/nb65-hackers-russia-ukraine', 'https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/', 'https://twitter.com/twitter/status/1516010705748647936', 'https://twitter.com/youranontv/status/1519316487965749249', 'https://twitter.com/Anonymous_Link/status/1520082146995494912', 'https://twitter.com/cyber_etc/status/1522149035888586756', 'https://twitter.com/twitter/status/1516086586798186496', 'https://twitter.com/twitter/status/1515060469136044032', 'https://twitter.com/cyber_etc/status/1510175920866443272', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1538,Chinese APT Group BRONZE STARLIGHT using ransomware to mask IP theft since mid-2021,"Since mid-2021, the state-sponsored Chinese APT Group BRONZE STARLIGHT has engaged in a campaign of deploying ransomware in an effort to conceal the theft of steal strategic intellectual property. Targeted organizations, including semiconductor companies, largely operate in sectors that align with China's industrial priorities. In what appears to be a bid to avoid attention, the group has limited targeting to a few select organizations at a time and frequently moved on to new ransomware families. The group seeks to leverage unmitigated vulnerabilities, such as Log4j 2, that enable it to establish access and escalate privileges during early phases of an intrusion.",2021-06-01,2022-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Disruption; Hijacking with Misuse; Ransomware,,"['Europe (region)', 'India', 'Japan', 'Brazil', 'Kazakhstan', 'United States', 'Not available', 'United States']","[[], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SCS', 'NEA'], ['SOUTHAM'], ['ASIA', 'CSTO', 'SCO'], ['NATO', 'NORTHAM'], [], ['NATO', 'NORTHAM']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Unknown', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]","[[''], ['Defence industry'], [''], ['Health'], ['Finance'], ['Finance', ''], ['', ''], ['Civil service / administration', 'Finance', '', '']]",['BRONZE STARLIGHT / DEV-0401'],['China'],"['Non-state actor, state-affiliation suggested']",,3,2022-06-23; 2022-10-03; 2022-01-10,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Secureworks; Sygnia; Microsoft,,United States; South Africa; United States,BRONZE STARLIGHT / DEV-0401; Emperor Dragonfly/ DEV-0401/ BRONZE STARLIGHT; None,China; China; China,"Non-state actor, state-affiliation suggested; Unknown - not attributed; Unknown - not attributed",,"['https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader', 'https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/#Night%20Sky', 'https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group', 'https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/#DEV-0401']",International power,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application,Data Exfiltration; Data Encrypted for Impact,None,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Minor,1.0,Not available,Not available,Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage,,Not available,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.recordedfuture.com/semiconductor-companies-targeted-by-ransomware', 'https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader', 'https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/#Night%20Sky', 'https://twitter.com/unix_root/status/1576954728121974785', 'https://www.bleepingcomputer.com/news/security/cheerscrypt-ransomware-linked-to-a-chinese-hacking-group/', 'https://securityaffairs.co/wordpress/136611/malware/apt10-cheerscrypt-ransomware.html', 'https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group', 'https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html', 'https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/', 'https://twitter.com/MsftSecIntel/status/1480730559739359233', 'https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/#DEV-0401']"
1539,Witchetty targeted governments and a stock market exchange in the Middle East and Africa between February and September 2022,The espionage group Witchetty (LookingFrog) targeted governments and a stock exchange in the Middle East and Africa between February and September 2022. They also exploited the ProxyShell and ProxyLogon vulnerabilities and used new tools such as a backdoor Trojan. The goal is a permanent presence in the targets' networks.,2022-02-27,2022-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,"['Middle East (region)', 'Africa']",,"[['State institutions / political system'], ['Critical infrastructure']]","[['Government / ministries'], ['Finance']]",,['Not available'],['Unknown - not attributed'],,1,2022-09-29 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,,,Unknown - not attributed,,['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage'],Unknown,Not available,,Not available,,0,,,,,,No,,Exploit Public-Facing Application,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Medium,12.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,Cyber espionage; Diplomatic / consular law; Sovereignty,; ; ,Not available,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage', 'https://www.darkreading.com/attacks-breaches/espionage-steganographic-backdoor-against-govs-stock-exchange', 'https://thecyberwire.com/stories/c74b6d30ddac4d769bba3a6276145805/witchetty-espionage-group-uses-updated-toolkit', 'https://tarnkappe.info/artikel/hacking/windows-logo-enthaelt-backdoor-malware-tarnt-sich-als-bild-257020.html', 'https://securityaffairs.co/wordpress/136477/apt/witchetty-apt-steganography.html', 'https://www.hackread.com/chinese-hackers-hide-windows-logo-malware/', 'https://twitter.com/securityaffairs/status/1575972607681527809', 'https://twitter.com/switch_d/status/1576329148905185286', 'https://twitter.com/securityaffairs/status/1576163136893112320', 'https://twitter.com/HackRead/status/1576290468656078848', 'https://twitter.com/JAMESWT_MHT/status/1576633774481510401', 'https://www.heise.de/news/Backdoor-in-Windows-Logo-versteckt-7282730.html', 'https://twitter.com/securityaffairs/status/1576860040836788224', 'https://twitter.com/HackRead/status/1576829408135901186']"
1542,State-sponsored hacker group hijacked Microsoft Exhange Servers and stole information of 10 global organizations since August 2022,"A state-sponsored hacker group hijacked Microsoft Exhange Servers and stole information from 10 global organizations, including one critical infrastructure operator, since August 2022, according to a report made by Microsoft with medium confidence. 
The hacker group used two zero-day vulnerabilities (CVE-2022-41040; CVE-2022-41082), named ProxyNotShell to deploy the Chinese Chopper webshell. ",2022-08-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,,['Global (region)'],,"[['Unknown', 'Critical infrastructure']]",,['Unknown'],['Not available'],"['Non-state actor, state-affiliation suggested']",,2,2022-09-30; 2022-09-28,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Microsoft; GTSC,,United States; Vietnam,Unknown; Unknown,Not available; China,"Non-state actor, state-affiliation suggested; Unknown - not attributed",,"['https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html', 'https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/']",Unknown,Unknown,,Unknown,,0,,,,,,Yes,multiple,Exploit Public-Facing Application; Valid Accounts,Data Exfiltration,None,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Not available,3.0,Minor,2.0,Not available,Not available,1-10,0.0,Not available,0.0,Not available,0.0,euro,Not available,Sovereignty; International organizations,; ,Not available,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.lawfareblog.com/biden-harris-administration-releases-new-national-cybersecurity-strategy', 'https://twitter.com/Cyberwarzonecom/status/1575635646450106368', 'https://socradar.io/threat-actors-exploit-unpatched-microsoft-exchange-zero-days/', 'https://twitter.com/hackerfantastic/status/1575627994403840000', 'https://www.hackread.com/microsoft-confirms-0-days-exchange-servers/', 'https://www.heise.de/news/Warten-auf-Sicherheitsupdates-Zero-Day-Attacken-auf-Microsoft-Exchange-Server-7280460.html', 'https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-new-exchange-zero-days-are-used-in-attacks/', 'https://www.govinfosecurity.com/possible-chinese-hackers-exploit-microsoft-exchange-0-days-a-20182', 'https://twitter.com/cybersecboardrm/status/1576604169791733763', 'https://www.bleepingcomputer.com/news/security/fake-microsoft-exchange-proxynotshell-exploits-for-sale-on-github/', 'https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-new-exchange-zero-days-are-used-in-attacks/', 'https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/', 'https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html', 'https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/', 'https://twitter.com/_r_netsec/status/1576979919665770496', 'https://www.heise.de/news/Exchange-Server-Zero-Day-Bisheriger-Workaround-unzureichend-7283072.html', 'https://www.securityweek.com/microsoft-links-exploitation-exchange-zero-days-state-sponsored-hacker-group', 'https://www.securityweek.com/mitigation-proxynotshell-exchange-vulnerabilities-easily-bypassed', 'https://thehackernews.com/2022/10/proxynotshell-new-proxy-hell.html', 'https://securityaffairs.co/wordpress/136596/hacking/microsoft-exchange-0day-mitigations-bypass.html', 'https://www.heise.de/news/Exchange-0-Day-Microsoft-korrigiert-Workaround-7284241.html', 'https://www.bleepingcomputer.com/news/security/microsoft-updates-mitigation-for-proxynotshell-exchange-zero-days/', 'https://therecord.media/microsoft-updates-guidance-for-proxynotshell-bugs-after-researchers-get-around-mitigations/', 'https://thehackernews.com/2022/10/mitigation-for-exchange-zero-days.html', 'https://thehackernews.com/2022/10/microsoft-issues-improved-mitigations.html', 'https://www.cybersecasia.net/news/two-recent-zero-day-vulnerabilities-affecting-microsoft-exchange-not-exploited-yet', 'https://www.securityweek.com/patch-tuesday-microsoft-scrambles-thwart-new-zero-day-attacks', 'https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-proxynotshell-exchange-zero-days-exploited-in-attacks/', 'https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2022-patch-tuesday-fixes-6-exploited-zero-days-68-flaws/']"
1543,Russian hacker group National Republican Army (NRA) attacked Russian software developer Unisoftware with ransomware and stole information,"Russian hacker group National Republican Army (NRA) attacked Russian software developer Unisoftware with ransomware and stole information to protest against the Russian government and its war against Ukraine. According to statements by the group published in the Ukrainian newspaper Kyiv Post, its actions pursue the overthrow of the government.
The Kyiv Post authenticated the stolen data and verified several of Unisoftware's government clients. The identity of these organizations remains unknown. The Federal Tax Service, the Ministry of Finance and the Central Bank are believed to be among the company's clients. ",2022-01-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft; Ransomware,"[[None], ['Unisoftware']]","['Russia', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries'], ['']]",,['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2022-10-02 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,National Republican Army (NRA),,Russia,,Russia,Non-state-group,Hacktivist(s),['https://www.kyivpost.com/world/russian-citizens-wage-cyberwar-from-within.html'],System / ideology; National power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Not available,0.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,Not available,,"['https://twitter.com/YourAnonNews/status/1576737272648683520', 'https://twitter.com/Cyberknow20/status/1576549145942233088', 'https://www.kyivpost.com/world/russian-citizens-wage-cyberwar-from-within.html', 'https://twitter.com/officejjsmart/status/1576526846736601088']"
1544,Hackers compromised the databases and disrupted some services of Mimoso do Sul city hall in Brazil on 29 September 2022,"Hackers compromised the databases and disrupted some services of Mimoso do Sul city hall in Brazil on 29 September 2022, according to a social media post of the local administration. ",2022-09-29,2022-09-29,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,[['Mimoso do Sul City Hall']],['Brazil'],[['SOUTHAM']],[['State institutions / political system']],[['Civil service / administration']],['Unknown'],['Not available'],['Unknown - not attributed'],,1,,,,,,,Unknown,,Unknown - not attributed,,[],Unknown,Not available,,Not available,,0,,,,,,Not available,,Not available,Data Encrypted for Impact; Service Stop,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",Not available,Not available,3,Moderate - high political importance,3.0,Minor,3.0,Not available,Not available,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/ransomwaremap/status/1576458666555084800', 'https://www.instagram.com/p/CjGNolYuTJZ/?utm_source=ig_embed&ig_rid=8acaa568-02d4-4925-a1f6-f7eca019f0c9', 'https://www.agazeta.com.br/es/cotidiano/prefeitura-de-mimoso-do-sul-tem-sistema-invadido-em-ataque-cibernetico-0922']"
1407,UK Ministry of Defence training academy,"A retired military officer has disclosed a cyberattack that struck the UK Ministry of Defence (MoD) academy and had a ""significant"" impact on the organization.",2021-03-01,2021-03-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse,,['United Kingdom'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['State institutions / political system']],[['Military']],,['Unknown'],['State'],,1,2021-01-01 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,,,Unknown,State,,['https://www.thesun.co.uk/news/14412578/mod-defence-academy-cyber-attack-foreign-power/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,True,none,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://news.sky.com/story/cyber-attack-on-uks-defence-academy-had-significant-impact-officer-in-charge-at-the-time-reveals-12507570', 'https://www.thesun.co.uk/news/14412578/mod-defence-academy-cyber-attack-foreign-power/']"
1553,North Korean state-sponsored hacker group Lazarus gained access to the corporate network of an aerospace company in the Netherlands in October 2021,"North Korean state-sponsored hacker group Lazarus gained access to the corporate network of an aerospace company in the Netherlands for data exfiltration purposes in autumn 2021, attributed by IT-security company ESET with high confidence. 
The hacker group used the Dell firmware exploit (CVE-2021-21551) to deploy various malware. In a related case, the attempt to gain access to the computer of a Belgian political journalist was stopped. ",2021-10-01,2021-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,[['Not available']],['Netherlands'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Critical infrastructure']],[['Space']],"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-09-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/', 'https://www.virusbulletin.com/uploads/pdf/conference/vb2022/VB2022-Kalnai-Havranek.pdf']",International power,Unknown,,Unknown,,0,,,,,,No,,Phishing,Not available,None,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,4.0,Not available,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://securitymea.com/2023/02/09/eset-threat-reports-on-russian-invasions-impact-on-digital-threats/', 'https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/', 'https://twitter.com/Cyber_O51NT/status/1639428701137035264', 'https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/', 'https://www.bleepingcomputer.com/news/security/lazarus-hackers-abuse-dell-driver-bug-using-new-fudmodule-rootkit/', 'https://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/', 'https://twitter.com/cybersecboardrm/status/1576976076860973056', 'https://thehackernews.com/2022/10/hackers-exploiting-dell-driver.html', 'https://securityaffairs.co/wordpress/136623/apt/lazarus-exploit-dell-firmware-driver.html', 'https://www.securityweek.com/north-korean-hackers-exploit-dell-driver-vulnerability-disable-windows-security', 'https://www.virusbulletin.com/uploads/pdf/conference/vb2022/VB2022-Kalnai-Havranek.pdf', 'https://socradar.io/apt-group-lazarus-exploits-high-severity-flaw-in-dell-driver/']"
1554,The Russia-affiliated Conti Group carried out a ransomware attack against several Costa Rican government institutions in April 2022,"The Russia-affiliated Conti/Wizard Spider group gained access toand stole data from 27 governmental entities, municipalities and state-run utilities in Costa Rica during 11-18 April 2022.
IT security company AdvIntel questioned whether ransom demands of $10 million and subsequently $20 million dollars cited in news reports should be taken seriously, speculating that Conti rather conducted this final attack as a publicity before disbanding and reorganizing. 
In response to the ransomware attacks, Costa Rican President Rodrigo Chaves declared a national emergency on 8 May 2022. 
Additionally, the US State Department is offering a $10 million reward for information leading to the identification of Conti group members.
Due to the groups pro-Russian stance, it took in the course of war in Ukraine, the Conti group dismantled into multiple splinter groups that were part of the Conti Ransomware group. The core group of Conti operators responsible for the attack against the Costa Rican government subsequently reconstituted under the name Quantum.
Almost a year after the attack, in March 2023, the US government announced that it plans on providing $25 million to the government of Costa Rica in cybersecurity assistance to help recover from the incident and to strengthen its digital infrastructure.",2022-04-11,2022-04-18,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse; Ransomware,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['Costa Rica', 'Costa Rica', 'Costa Rica', 'Costa Rica', 'Costa Rica', 'Costa Rica', 'Costa Rica', 'Costa Rica', 'Costa Rica', 'Costa Rica']","[['CENTAM'], ['CENTAM'], ['CENTAM'], ['CENTAM'], ['CENTAM'], ['CENTAM'], ['CENTAM'], ['CENTAM'], ['CENTAM'], ['CENTAM']]","[['Critical infrastructure'], ['State institutions / political system'], ['Critical infrastructure'], ['Unknown'], ['State institutions / political system'], ['State institutions / political system'], ['Critical infrastructure'], ['State institutions / political system'], ['Critical infrastructure'], ['State institutions / political system']]","[['Health'], ['Civil service / administration'], ['Energy'], [''], ['Government / ministries'], ['Government / ministries'], [''], ['Civil service / administration'], ['Telecommunications'], ['Government / ministries']]","['Wizard Spider/Trickbot/Conti/ITG23/G0102', 'Not available']","['Not available', 'Not available']","['Non-state-group', 'Individual hacker(s)']","['Criminal(s)', '']",2,2022-05-20; 2022-05-20; 2022-05-20; 2022-05-20; 2022-05-20; 2022-05-20; 2022-05-20; 2022-05-20; 2022-04-19,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; Attacker confirms,AdvIntel; AdvIntel; AdvIntel; AdvIntel; AdvIntel; AdvIntel; AdvIntel; AdvIntel; Conti Group,,United States; United States; United States; United States; United States; United States; United States; United States; Russia,Wizard Spider/Trickbot/Conti/ITG23/G0102; Wizard Spider/Trickbot/Conti/ITG23/G0102; Wizard Spider/Trickbot/Conti/ITG23/G0102; Wizard Spider/Trickbot/Conti/ITG23/G0102; Not available; Not available; Not available; Not available; Wizard Spider/Trickbot/Conti/ITG23/G0102,Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Russia,Non-state-group; Non-state-group; Individual hacker(s); Individual hacker(s); Non-state-group; Non-state-group; Individual hacker(s); Individual hacker(s); Non-state-group,Criminal(s); ; Criminal(s); ; Criminal(s); ; Criminal(s); ; Criminal(s),"['https://heimdalsecurity.com/blog/check-out-these-new-details-on-the-costa-rica-government-attack-by-conti-ransomware/', 'https://www.state.gov/reward-offers-for-information-to-bring-conti-ransomware-variant-co-conspirators-to-justice/', 'https://www.bbc.com/news/technology-61323402', 'https://www.centralamerica.com/news/costa-rica-cyber-attack-currently-underway/', 'https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape']",System / ideology,Unknown,,Unknown,,2,2022-05-08; 2023-03-30,State Actors: Stabilizing measures; State Actors: Preventive measures,Statement by head of state/head of government; Capacity building in third countries,Costa Rica; United States,Rodrigo Chaves (President of Costa Rica); U.S. Department of State,No,,Valid Accounts,Data Exfiltration; Defacement,None,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",11-50,0.0,1-10,1.0,Not available,0.0,dollar,None/Negligent,Sovereignty,,Not available,1,2022-05-08 00:00:00,Proclamation of public emergency (national level),,Costa Rica,"Rodrigo Chaves (President, Costa Rica)",Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/', 'https://twitter.com/SentinelOne/status/1627742884827959296', 'https://heimdalsecurity.com/blog/check-out-these-new-details-on-the-costa-rica-government-attack-by-conti-ransomware/', 'https://www.bleepingcomputer.com/news/security/how-conti-ransomware-hacked-and-encrypted-the-costa-rican-government/', 'https://www.advintel.io/post/anatomy-of-attack-truth-behind-the-costa-rica-government-ransomware-5-day-intrusion', 'http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_articulo.aspx?param1=NRA&nValor1=1&nValor2=96886&nValor3=130028&nValor4=-1&nValor5=2&nValor6=08/05/2022&strTipM=FA', 'https://www.bleepingcomputer.com/news/security/costa-rica-declares-national-emergency-after-conti-ransomware-attacks/', 'https://therecord.media/ransomware-tracker-the-latest-figures/', 'https://www.cyberscoop.com/karakurt-extortion-cisa-advisory-conti-ransomware/', 'https://www.state.gov/reward-offers-for-information-to-bring-conti-ransomware-variant-co-conspirators-to-justice/', 'https://www.swissinfo.ch/spa/costa-rica-gobierno_chaves-decreta-emergencia-de-ciberseguridad-y-elimina-el-uso-de-mascarilla/47577168', 'https://twitter.com/CCSSdeCostaRica/status/1516465311872172032?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1516465311872172032%7Ctwgr%5E7a28d45cc8c3f935187136be031b9f32af083fc2%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fcosta-rica-declares-national-emergency-after-conti-ransomware-attacks%2F', 'http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_articulo.aspx?param1=NRA&nValor1=1&nValor2=96886&nValor3=130028&nValor5=2&strTipM=FA', 'https://www.bbc.com/news/technology-61323402', 'https://www.micitt.go.cr/2022/05/06/estados-unidos-ofrece-recompensa-por-informacion-que-lleve-a-co-conspiradores-de-conti-ransomware-ante-la-justicia/', 'https://www.ameliarueda.com/nota/costa-rica-en-emergencia-nacional-por-ciberataques-noticias-costa-rica', 'https://www.centralamerica.com/news/costa-rica-cyber-attack-currently-underway/', 'https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape', 'https://observador.cr/ministro-elian-villegas-reconoce-hackeo-en-sistemas-de-hacienda-y-asegura-que-no-pagara-por-rescate/', 'https://restofworld.org/2022/cyberattack-costa-rica-citizens-hurting/', 'https://www.wired.com/story/most-dangerous-people-on-the-internet-2022/', 'https://www.eff.org/deeplinks/2022/12/hacking-governments-and-government-hacking-latin-america-2022-year-review', 'https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/', 'https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/', 'https://www.wired.com/story/twitter-leak-200-million-user-email-addresses/', 'https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-24/', 'https://twitter.com/SentinelOne/status/1631004375563862036', 'https://cyberscoop.com/white-house-announces-25-million-in-cybersecurity-aid-to-costa-rica/', 'https://therecord.media/biden-administration-commits-25-million-costa-rica-ransomware-recovery', 'https://www.wired.com/story/white-house-costa-rica-albania-ransomware-aid/', 'https://www.defenseone.com/defense-systems/2023/03/state-department-give-costa-rica-25m-cybersecurity/384603/', 'https://www.databreaches.net/us-commits-25-million-to-costa-rica-for-conti-ransomware-recovery/', 'https://cyberscoop.com/microsoft-cobalt-strike-hacking-tool/', 'https://blogs.microsoft.com/on-the-issues/2023/04/06/stopping-cybercriminals-from-abusing-security-tools/', 'https://therecord.media/foreign-cyber-aid-state-department-congress', 'https://cyberscoop.com/fick-cyber-diplomats-embassies/']"
1391,BlueNoroff hackers steal crypto using fake MetaMask extension,The North Korean threat actor group known as 'BlueNoroff' has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions,2021-11-01,2000-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,,"['United States', 'Russia', 'China', 'India', 'United Kingdom', 'Ukraine', 'Poland', 'Czech Republic', 'United Arab Emirates', 'Germany']","[['NATO', 'NORTHAM'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['EUROPE', 'NATO', 'NORTHEU'], ['EUROPE', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]",,"['Bluenoroff/APT38/Stardust Chollima/G0082 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2022-01-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,,,,"Bluenoroff/APT38/Stardust Chollima/G0082 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488/'],International power,Unknown,,Unknown,,0,,,,,,No,,,,,False,none,none,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,,,,,,,,,,,,,,,,0,,,,,,,,,,"['https://www.bleepingcomputer.com/news/security/bluenoroff-hackers-steal-crypto-using-fake-metamask-extension/', 'https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488/']"
1558,Multiple unnamed APTs obtained sensitive information from US defense company since January 2021,"Multiple APT groups gained long-term access to a US defense company as early as January 2021 and mainted access through January 2022, based on a joint advisory issued by CISA, the FBI, and the NSA. Utilizing a series of recently disclosed vulnerabilities to take advantage of unpatched systems, the attackers installed China Chopper webshells on Exchange servers to steal sensitive data through a custom exfiltration tool. ",2021-01-01,2022-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,,['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Defence industry']],,['Not available'],['State'],,1,2022-10-04 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Attribution by receiver government / state entity,Recorded Future,,United States,,,State,,['https://therecord.media/cisa-multiple-government-hacking-groups-had-long-term-access-to-defense-company/'],Unknown,Not available,,Not available,,0,,,,,,No,,Not available; Valid Accounts,Data Exfiltration,Required,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.cyberscoop.com/feds-release-advisory-apts/', 'https://www.bleepingcomputer.com/news/security/us-govt-hackers-stole-data-from-us-defense-org-using-new-malware/', 'https://therecord.media/cisa-multiple-government-hacking-groups-had-long-term-access-to-defense-company/', 'https://www.cisa.gov/uscert/ncas/alerts/aa22-277a', 'https://twitter.com/CyberScoopNews/status/1577428097602920449', 'https://www.c4isrnet.com/cyber/2022/10/05/us-says-hackers-attacked-defense-organization-stole-sensitive-info/', 'https://twitter.com/GossiTheDog/status/1577422022254071809', 'https://thehackernews.com/2022/10/fbi-cisa-and-nsa-reveal-how-hackers.html', 'https://www.securityweek.com/us-government-details-tools-used-apts-defense-organization-attack', 'https://twitter.com/Dinosn/status/1577540118956724225', 'https://twitter.com/cybereason/status/1577665461105442818', 'https://twitter.com/cahlberg/status/1577505324608942080']"
1562,"Middle East-based DeftTorero targeted a variety of sectors in the region with new tactics, techniques and procedures starting in 2019","Kaspersky reports that the threat actor DeftTorero (Lebanese Cedar/Volatile Cedar) from the Middle East became known in attacks as early as 2015. With no further activity detected until 2021, the IT company found a change in tactics, techniques and procedures and investigated them for the period from 2019 to 2021. The main targets were corporates and the education, government, military, media and telecommunications sectors in the Middle East.",2019-01-01,2021-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,,"['Turkey', 'Egypt', 'Saudi Arabia', 'Lebanon', 'Kuwait', 'Jordan', 'United Arab Emirates']","[['ASIA', 'NATO', 'MEA'], ['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'Science']]","[['Military', 'Telecommunications', '', '', ''], ['Military', 'Telecommunications', '', '', ''], ['Military', 'Telecommunications', '', '', ''], ['Military', 'Telecommunications', '', '', ''], ['Military', 'Telecommunications', '', '', ''], ['Military', 'Telecommunications', '', '', ''], ['Military', 'Telecommunications', '', '', '']]",['DeftTorero/ Volatile Cedar/ Lebanese Cedar'],['Middle East (region)'],['Unknown - not attributed'],,1,2022-10-03 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,DeftTorero/ Volatile Cedar/ Lebanese Cedar,Middle East (region),Unknown - not attributed,,['https://securitymea.com/2022/10/05/kaspersky-uncovers-new-tactics-used-by-middle-eastern-apt-group-defttorero/'],International power,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application; Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",2.0,Minor,2.0,Not available,Not available,Not available,0.0,1-10,0.0,Not available,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://securitymea.com/2022/10/05/kaspersky-uncovers-new-tactics-used-by-middle-eastern-apt-group-defttorero/', 'https://twitter.com/campuscodi/status/1577477170590613504', 'https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/', 'https://securelist.com/defttorero-tactics-techniques-and-procedures/107610/', 'https://www.itweb.co.za/content/VgZey7JllVDqdjX9']"
1563,Colombia's National Food and Drug Surveillance Institute (INVIMA) services were disrupted,"Colombia's National Food and Drug Surveillance Institute (INVIMA) experienced disruptions, knocking offline the agency's website as well as the service to process import licenses for medicines.",2022-10-03,2022-10-05,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,[['National Food and Drug Surveillance Institute (INVIMA; Colombia)']],['Colombia'],[['SOUTHAM']],[['State institutions / political system']],[['Civil service / administration']],['Unknown'],['Not available'],['Not available'],,1,,,,,,,Unknown,,,,[],Unknown,Not available,,Not available,,0,,,,,,Unknown,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,10.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; International peace; Sovereignty,"Economic, social and cultural rights; Prohibition of intervention; ",Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://therecord.media/colombia-national-food-and-drug-surveillance-institute-hit-with-cyberattack/', 'https://twitter.com/invimacolombia/status/1577455552954712064', 'https://mobile.twitter.com/linapc/status/1577118540200493056']"
1566,"The City of Tucson in Arizona was hacked and personal information of 123,500 individuals was stolen in 2022","Hackers stole personal information, including social security numbers, driver's licenses, state identification and passport numbers from the network of the City of Tucson in Arizona during the period of 17-31 May 2022, according to the city.",2022-05-17,2022-05-31,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft,[['City of Tucson ']],['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,,,,1,,,,,,,None; Unknown,,None; Unknown - not attributed,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,0.0,Low,7.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.securityweek.com/personal-information-123k-individuals-exposed-city-tucson-data-breach', 'https://securityaffairs.co/wordpress/136735/data-breach/city-of-tucson-data-breach.html', 'https://apps.web.maine.gov/online/aeviewer/ME/40/d860ebbf-49e8-4e8f-ad8c-d7359c836c9b.shtml', 'https://apps.web.maine.gov/online/aeviewer/ME/40/d860ebbf-49e8-4e8f-ad8c-d7359c836c9b/9591839b-dc88-4261-9e60-f6c4cd709ace/document.html']"
1567,"Pro-Russian group Killnet disrupts government websites in Colorado, Kentucky and Mississippi on 5 October 2022","Russian hacktivist group Killnet disrupts the government websites of Colorado, Kentucky and Mississippi on 5 October 2022, according to the hackers. ",2022-10-05,2022-10-05,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,,Disruption,"[['Official Government Portal of Colorado'], ['Official Government Portal of Mississippi'], ['Official Government Portal of Kentucky']]","['United States', 'United States', 'United States']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Civil service / administration'], ['Civil service / administration'], ['Civil service / administration']]",['Killnet'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2022-10-05 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Killnet,,Russia,Killnet,Russia,Non-state-group,Hacktivist(s),['https://edition.cnn.com/2022/10/05/politics/russian-hackers-state-government-websites/index.html'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,None,0.0,euro,None/Negligent,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/russian-speaking-hackers-knock-us-state-government-websites-offline/', 'https://www.darkreading.com/attacks-breaches/russian-hackers-shut-down-state-government-sites', 'https://edition.cnn.com/2022/10/05/politics/russian-hackers-state-government-websites/index.html']"
1569,VSOP stole and leaked information from Guatemalan Ministry of Foreign Affairs in September 2022,"VSOP stole information from the Guatemalan Ministry of Foreign Affairs and leaked files of the Guatemalan consulate in New York in September 2022. The compromise resulted in the temporary unavailability of ministry services. Disclosed details included appointment data, passport information and reports on detainees and deportees, the latter dating back as far as 2014.",2022-09-01,2022-10-05,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing; Disruption,[['Ministry of Foreign Affairs (Guatemala)']],['Guatemala'],[['CENTAM']],[['State institutions / political system']],[['Government / ministries']],['VSOP'],['Not available'],['Unknown - not attributed'],,1,2022-09-30 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,VSOP,,,VSOP,,Unknown - not attributed,,['https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-11/'],Unknown,Not available,,Not available,,0,,,,,,No,,Exploit Public-Facing Application,Data Exfiltration; Service Stop,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,3,Moderate - high political importance,3.0,Low,8.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,International peace; Sovereignty; Law of treaties (pacta sunt servanda),Prohibition of intervention; ; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-11/', 'https://prensa.gob.gt/comunicado/comunicado-oficial-0', 'https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-16/']"
1573,Pro-Russian group Killnet disrupts over a dozen US airport websites on 10 October 2022,"Russian hacktivist group KillNet causes short-lived disruptions to over a dozen US airport websites on 10 October 2022. A target list published by KillNet on the group's Telegram channel included 49 domains related to airports in more than half of the countries' states. The DDOS attacks were significant enough to overwhelm the servers hosting sites where travelers booked flights and updates on flights were also impacted. Some of the inaccessible airport websited were: Hartsfield-Jackson Atlanta International Airport (ATL), Los Angeles International Airport (LAX), and Chicago O'Hare International Airport (ORD). The DDOS attacks were confirmed by an official at Department of Homeland Security; however, an official from CISA refused to comment on the attribution of the attacks.

Following the attacks, the FBI stated on November 4, 2022: ""Coinciding with the Russian invasion of Ukraine, the FBI is aware of Pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success."" The FBI further stated that DDoS attacks have a minor impact on services provided to users because these attacks ""target public-facing infrastructure like websites instead of the actual services."" More specifically, the FBI related that DDoS attacks are ""opportunistic in nature"" and have more of a ""psychological impact.""",2022-10-10,2022-10-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on non-political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,"[['Daniel K. Inouye International Airport (HNL)'], ['Des Moines International Airport (DSM)'], ['Denver International Airport (DEN)'], ['LaGuardia Airport (LGA)'], ['St. Louis Lambert International Airport (STL)'], ['Indianapolis International Airport (IND)'], ['Orlando International Airport (MCO)'], ['Los Angeles International Airport (LAX)'], [None], ['Chicago Midway International Airport (MDW)'], ['Phoenix Sky Harbor International Airport (PHX)']]","['United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Transportation'], ['Transportation'], ['Transportation'], ['Transportation'], ['Transportation'], ['Transportation'], ['Transportation'], ['Transportation'], ['Transportation'], ['Transportation'], ['Transportation']]",,['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2022-10-10; 2022-10-11,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attribution by third-party,"Killnet; Frank J. Cilluffo (Academics, USA)",,Russia; United States,,Russia; Russia,"Non-state actor, state-affiliation suggested; Non-state-group","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Hacktivist(s)","['https://www.usatoday.com/story/news/politics/2022/10/10/hackers-airport-websites-russia/8236879001/', 'https://abcnews.go.com/Technology/cyberattacks-reported-us-airports/story?id=91287965', 'https://t.me/killnet_reservs/3007']",System / ideology,Unknown,,Unknown,,0,,,,,,No,,Not available,Network Denial of Service,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/RecordedFuture/status/1623519318150463489', 'https://blog.cloudflare.com/uptick-in-healthcare-organizations-experiencing-targeted-ddos-attacks/', 'https://www.malwarebytes.com/blog/news/2023/02/killnet-group-targets-us-and-european-hospitals-with-ddos-attacks', 'https://twitter.com/securityaffairs/status/1627734553778442240', 'https://therecord.media/killnet-ddos-hospitals-healthcare-russia', 'https://www.darkreading.com/attacks-breaches/pro-islam-anonymous-sudan-hacktivists-front-russia-killnet-operation', 'https://www.usatoday.com/story/news/politics/2022/10/10/hackers-airport-websites-russia/8236879001/', 'https://www.theguardian.com/us-news/2022/oct/10/cyberattacks-disrupt-us-airport-websites', 'https://www.cbsnews.com/news/airport-websites-hacked-pro-russia-ddos-attack/', 'https://www.smh.com.au/world/north-america/let-the-hunger-games-begin-pro-russian-hackers-strike-us-airport-websites-20221011-p5borl.html', 'https://www.latimes.com/california/story/2022-10-10/los-angeles-airport-website-hacked-pro-russia-hacking-group-targets-airports-united-states', 'https://www.nbcnews.com/tech/security/us-travel-websites-knocked-offline-russian-hacker-group-calls-attack-rcna51482', 'https://apnews.com/article/technology-business-atlanta-680cf93f7eb0300127448c35299ad66e', 'https://abcnews.go.com/Technology/wireStory/airport-websites-offline-investigated-91295146', 'https://www.voanews.com/a/some-airport-websites-go-offline-cause-being-investigated-/6783953.html', 'https://www.govinfosecurity.com/us-airport-websites-targeted-by-russian-killnet-group-a-20239', 'https://www.darkreading.com/attacks-breaches/us-airports-cyberattack-crosshairs-pro-russian-group-killnet', 'https://www.bleepingcomputer.com/news/security/us-airports-sites-taken-down-in-ddos-attacks-by-pro-russian-hackers/', 'https://www.jpost.com/international/article-719356', 'https://www.securityweek.com/us-airport-websites-hit-suspected-pro-russian-cyberattacks', 'https://securityaffairs.co/wordpress/136894/hacktivism/killnet-targets-us-airports.html', 'https://edition.cnn.com/2022/10/10/us/airport-websites-russia-hackers/index.html', 'https://abcnews.go.com/Technology/cyberattacks-reported-us-airports/story?id=91287965', 'https://t.me/killnet_reservs/3007', 'https://www.digitalshadows.com/blog-and-research/killnet-the-hactivist-group-that-started-a-global-cyber-war/', 'https://therecord.media/coverage-of-killnet-ddos-attacks-plays-into-attackers-hands-experts-say/', 'https://www.databreaches.net/us-airports-in-cyberattack-crosshairs-for-pro-russian-group-killnet/', 'https://twitter.com/LawyerLiz/status/1579858370399698946', 'https://www.theguardian.com/culture/2022/oct/12/trevor-noah-kanye-west', 'https://www.voanews.com/a/experts-cyberattacks-on-us-airport-websites-highlight-ongoing-threats-/6790243.html', 'https://lookingglasscyber.com/blog/threat-intelligence-insights/lookingglass-cyber-monitor-october-14-2022/', 'https://www.foxbusiness.com/technology/major-us-airport-websites-taken-offline-pro-russia-hacking-group-takes-credit', 'https://www.bleepingcomputer.com/news/security/fbi-hacktivist-ddos-attacks-had-minor-impact-on-critical-orgs/', 'https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/', 'https://therecord.media/ddos-denmark-us-russia-killnet/']"
1574,Iranian activist hackers Edaalate Ali disrupt Iranian state TV broacast featuring the Supreme Leader on 8 October 2022,"Iranian activist hackers Edaalate Ali disrupted the TV news broadcast of Islamic Republic of Iran News Network (IRINN) on 8 October 2022, interfering with a report about a meeting of Iran's Supreme Leader Ayatollah Khamenei. The 15-second-long intervention displayed anti-regime and pro-protest messages. ",2022-10-08,2022-10-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Disruption,[['Islamic Republic of Iran Broadcasting (IRIB)']],"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Media']],,['Edaalate Ali'],['Not available'],['Non-state-group'],['Hacktivist(s)'],1,2022-10-08 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Edaalate Ali,,,Edaalate Ali,,Non-state-group,Hacktivist(s),"['https://www.euractiv.com/section/global-europe/news/iran-state-tv-hacked-with-image-of-supreme-leader-in-crosshairs/', 'https://www.deutschlandfunk.de/iran-hackerangriff-staats-tv-100.html']",System / ideology,System/ideology; National power,Iran (opposition); Iran (opposition),Unknown,,0,,,,,,No,,Not available,Data Manipulation,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",2.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,None,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.haaretz.com/middle-east-news/2022-10-09/ty-article/irans-leadership-holds-crisis-meeting-as-protests-rage-nationwide/00000183-bc39-dc53-a987-fc3df0280000', 'https://www.euractiv.com/section/global-europe/news/iran-state-tv-hacked-with-image-of-supreme-leader-in-crosshairs/', 'https://www.nbcnews.com/news/world/iran-protests-mahsa-amini-news-hacked-supreme-leader-khamenei-protests-rcna51323', 'https://www.rferl.org/a/iran-protests-oil-workers-unrest/32073170.html', 'https://www.deutschlandfunk.de/iran-hackerangriff-staats-tv-100.html', 'https://www.haaretz.com/israel-news/2022-10-11/ty-article/.premium/irans-vision-at-home-and-in-mideast-falters-but-ties-with-russia-blossom/00000183-c68f-d1ea-a5c3-cedf15060000', 'https://www.hackread.com/iran-state-run-tv-hacked-edalate-ali-hackers/']"
1580,Lebanon-based hacking group POLONIUM has targeted Israeli organizations in possible coordination with Iran's Ministry of Intelligence since September 2021,"Lebanon-based hacking group POLONIUM has targeted a range of Israeli organizations in the IT, manufacutring, and defense sectors since at least September 2021 with the presumed aim of stealing confidential data. Microsoft Threat Intelligence Center (MSTIC) assessed with high confidence that the group operates from Lebanon and concluded with moderate confidence that reported activity was coordinated with actors associated with Iran's Ministry of Intelligence and Security (MOIS). Considering operational overlaps on networks compromised by Mercury/MuddyWater, an activity group linked to the MOIS, MSTIC investigates the possibility of a ""hand-off"" model under which MOIS elements provide POLONIUM with access to infiltrated networks.",2021-09-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['Israel'],"[['ASIA', 'MENA', 'MEA']]","[['Unknown', 'State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media', 'State institutions / political system', 'Critical infrastructure', 'Critical infrastructure', 'Critical infrastructure']]","[['', 'Government / ministries', 'Finance', '', '', 'Other (e.g., embassies)', 'Transportation', 'Health', 'Defence industry']]","['POLONIUM', 'Ministry of Intelligence and Security (MOIS; Iran)']","['Lebanon', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'State']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)', '']",1,2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02; 2022-06-02,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft; Microsoft,,United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States; United States,POLONIUM; POLONIUM; POLONIUM; POLONIUM; POLONIUM; POLONIUM; POLONIUM; POLONIUM; Ministry of Intelligence and Security (MOIS; Iran); Ministry of Intelligence and Security (MOIS; Iran); Ministry of Intelligence and Security (MOIS; Iran); Ministry of Intelligence and Security (MOIS; Iran); Ministry of Intelligence and Security (MOIS; Iran); Ministry of Intelligence and Security (MOIS; Iran); Ministry of Intelligence and Security (MOIS; Iran); Ministry of Intelligence and Security (MOIS; Iran),"Lebanon; Lebanon; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Lebanon; Lebanon; Lebanon; Lebanon; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; State; State","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ",['https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/'],International power,System/ideology; International power,Iran – Israel; Iran – Israel,Unknown,,0,,,,,,No,,Exploit Public-Facing Application; Supply Chain Compromise,Not available,None,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; International peace; Due diligence,; Prohibition of intervention; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.bleepingcomputer.com/news/security/hacking-group-polonium-uses-creepy-malware-against-israel/', 'https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/', 'https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/', 'https://twitter.com/chuksjonia/status/1579784402884001792', 'https://twitter.com/cyb3rops/status/1579768943614386178', 'https://therecord.media/report-lebanon-based-hacking-group-attacked-israeli-targets-with-custom-backdoors/', 'https://thehackernews.com/2022/10/researchers-uncover-custom-backdoors.html', 'https://securityaffairs.co/wordpress/137030/apt/polonium-custom-backdoors.html', 'https://www.securityweek.com/seven-creepy-backdoors-used-lebanese-cyberspy-group-israel-attacks', 'https://www.welivesecurity.com/videos/eset-research-poloniums-creepy-toolset-week-security-tony-anscombe/', 'https://twitter.com/Cyber_O51NT/status/1639428701137035264']"
1581,Ukrainian IT Army defaced the website of the Collective Security Treaty Organisation (CSTO) on 7 October 2022,"Ukrainian IT Army defaced a series of websites related to the Collective Security Treaty Organisation (CSTO), a Russian-led military alliance framework, on the occasion of Russian President Wladimir Putin's birthday on 7 October 2022, according to the Ukrainian IT Army. In a message posted to the website, the group ostensibly congratulated Putin, alluding to his responsibility for alleged war crimes. The websites were subsequently taken offline. The CSTO website was previously hacked in September 2022 but was not attributed to any cyber group.

",2022-10-07,2022-10-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,[['Collective Security Treaty Organization (CSTO; Russia)']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['International / supranational organization']],,['IT Army of Ukraine'],['Ukraine'],['Non-state-group'],['Hacktivist(s)'],1,2022-10-07 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,IT Army of Ukraine,,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),['https://t.me/itarmyofukraine2022/763'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,International peace; Due diligence; Sovereignty; International organizations,Prohibition of intervention; ; ; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.nytimes.com/2022/10/07/world/europe/putin-birthday-russia-ukraine.html', 'https://www.nytimes.com/2022/10/07/world/europe/russia-strikes-ukraine.html', 'https://ain.ua/2022/10/07/it-armiya-zlamala-sajt-odkp-i-pryvitala-putina-z-dnem-narodzhennya/', 'https://t.me/itarmyofukraine2022/763', 'https://www.bignewsnetwork.com/news/272759179/russian-led-military-bloc-claims-website-was-hacked?utm_source=feeds.bignewsnetwork.com&utm_medium=referral']"
1589,"State-sponsored Chinese hacker group Budworm gained access to networks of targets in the US, Middle East and Southeast Asia since April 2022","State-sponsored Chinese hacker group Budworm gained access to networks of a Middle Eastern government, a multinational electronics manufacturer, a US state legislature, and a hospital in Southeast Asia from April 2022 to October 2022, according to IT company Symantec. ",2022-04-01,2022-10-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,"[['Not available'], ['Not available'], ['Not available'], ['Not available']]","['Not available', 'Middle East (region)', 'United States', 'Southeast Asia (region)']","[[], [], ['NATO', 'NORTHAM'], []]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system'], ['State institutions / political system'], ['Critical infrastructure']]","[[''], ['Government / ministries'], ['Legislative'], ['Health']]",['Budworm'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-10-13 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,Budworm,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/budworm-espionage-us-state'],International power,Unknown,,Unknown,,0,,,,,,No,,Supply Chain Compromise,Not available,None,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,7.0,Months,Not available,1-10,0.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; International peace; Sovereignty,Non-state actors; Prohibition of intervention; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://securityaffairs.co/wordpress/137075/apt/budworm-apt-targets-us.html', 'https://www.securityweek.com/chinese-cyberspies-targeting-us-state-legislature', 'https://thehackernews.com/2022/10/budworm-hackers-resurface-with-new.html', 'https://therecord.media/u-s-state-legislature-middle-eastern-govt-targeted-by-espionage-group-through-log4j/', 'https://www.cyberscoop.com/china-hacking-budworm-apt27-nsa-threat/', 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/budworm-espionage-us-state', 'https://www.darkreading.com/threat-intelligence/disinformation-attacks-threaten-us-midterm-elections', 'https://twitter.com/Cyber_O51NT/status/1639428701137035264']"
1590,The Bulgarian post was disrupted in April 2022,"The Bulgarian Post was hit by a cyber attack of unknown origin, but Bulgarian cybersecurity experts suspect Russian involvement behind the attack. These hackers utilized Delphi software, of which its users are ""99 %"" in Russia, and disrupted postal service in order to cause tension.",2022-04-04,2022-04-16,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,[['Bulgarian Post']],['Bulgaria'],"[['EUROPE', 'BALKANS', 'NATO', 'EU']]",[['State institutions / political system']],[['Civil service / administration']],['Not available'],['Russia'],['Unknown - not attributed'],,1,2022-05-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,"Vasil Velichkov (IT expert and government advisor, Bulgaria)",,Bulgaria,,Russia,Unknown - not attributed,,['https://3e-news.net/en/a/view/33112/poor-cyber-defense-and-delayed-reaction-to-hacking-have-led-to-massive-damage-to-bulgarian-posts'],Unknown,Unknown,,Unknown,,1,2022-05-04 00:00:00,State Actors: Stabilizing measures,Statement by other ministers/members of parliament,Bulgaria,"Kalina Konstantinowa (Deputy Prime Minister for Effective Governance, Bulgaria)",No,,Not available,Data Destruction; Data Encrypted for Impact,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,Day (< 24h),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,Not available,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/cyber_etc/status/1516070213439135744', 'https://www.euractiv.com/section/politics/short_news/russian-style-hackers-ruin-bulgarian-post-office/', 'https://3e-news.net/en/a/view/33112/poor-cyber-defense-and-delayed-reaction-to-hacking-have-led-to-massive-damage-to-bulgarian-posts', 'https://www.bgpost.bg/en/news/3375']"
1594,Anonymous -linked group v0g3lSec defaces a Russian drug dealing website on the dark web in May 2022,"Anonymous collective v0g3lSec takes over a Russian website on the dark web related to drug dealing in May 2022. Using the Squad 303 tool, the collective defaces the website.",2022-05-03,2022-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,[['Not available']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Social groups']],[['Criminal']],['v0g3lSec'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-05-03 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,v0g3lSec ‏,,Unknown,v0g3lSec,Unknown,Non-state-group,Hacktivist(s),['http://web.archive.org/web/20220503132909/https://twitter.com/v0g3lSec/status/1521481842121129987'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,Not available,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,,,,Low,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.thetechoutlook.com/news/anonymous-collective-v0g3lsec-has-seized-the-drug-dealing-dark-net-website-of-russia-and-defaced-it-with-squad303-tool/', 'https://www.thetechoutlook.com/news/v0g3lsec-has-hacked-into-another-russian-black-market-website-on-the-dark-web/', 'http://web.archive.org/web/20220503132909/https://twitter.com/v0g3lSec/status/1521481842121129987', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1599,Pro-Russian group Killnet targets German authorities and ministries with DDoS attacks in early May,"At the beginning of May, the Russian hacker group Killnet attacked servers of several German authorities and ministries via DDoS attacks, making them temporarily inaccessible. The hacker group claimed responsibility for the attack via telegram. The attacks allegedly affected, among others, the Ministry of Defense, the Bundestag, the Federal Police, the Bundeskriminalamt, several state police agencies, airports, and the SPD website of Chancellor Olaf Scholz. Authorities suspect retaliatory attacks over German arms deliveries to Ukraine behind the attacks. The Federal Office for Information Security assesses the attacks as technically unsophisticated. The ministry of the interior stated that all attacks have been successfully defended and no data was stolen, but according to Der Spiegel, some of the targeted websites have been temporarily unavailable. The German government confirmed the attacks. ",2022-05-01,2022-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Disruption,,"['Germany', 'Germany', 'Germany', 'Germany', 'Germany', 'Germany', 'Germany']","[['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system'], ['Critical infrastructure'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Police'], ['Transportation'], ['Government / ministries'], ['Government / ministries'], ['Political parties'], ['Police'], ['Government / ministries']]",,,,,1,NaT; 2022-05-01,"None; Self-attribution in the course of the attack (e.g., via defacement statements on websites)",None; Attacker confirms,None; Killnet,,None; Russia,,None; Russia,None; Non-state-group,None; Hacktivist(s),"['https://www.wiwo.de/politik/ausland/cyberangriff-russische-hacker-greifen-webseiten-deutscher-behoerden-an/28314926.html', 'https://www.republicworld.com/world-news/russia-ukraine-crisis/russian-hackers-target-german-govt-websites-in-series-of-cyberattacks-report-articleshow.html', 'https://www.dw.com/de/wie-der-krieg-in-der-ukraine-mit-cybercrime-zusammenh%C3%A4ngt/a-61739052', 'https://www.zdf.de/nachrichten/digitales/hacker-angriff-deutschland-ukraine-krieg-russland-100.html']",Other,Unknown,,Unknown,,0,,,,,,No,,Not available,Endpoint Denial of Service,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,Not available,0.0,euro,None/Negligent,International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Medium,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.wiwo.de/politik/ausland/cyberangriff-russische-hacker-greifen-webseiten-deutscher-behoerden-an/28314926.html', 'https://www.republicworld.com/world-news/russia-ukraine-crisis/russian-hackers-target-german-govt-websites-in-series-of-cyberattacks-report-articleshow.html', 'https://www.dw.com/de/wie-der-krieg-in-der-ukraine-mit-cybercrime-zusammenh%C3%A4ngt/a-61739052', 'https://www.zdf.de/nachrichten/digitales/hacker-angriff-deutschland-ukraine-krieg-russland-100.html', 'https://www.telegraph.co.uk/news/2022/10/18/germanys-cyber-security-agency-chief-sacked-alleged-close-ties/', 'https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801?mod=djemalertNEWS']"
1603,Pro-Russian group KillNet disrupted various Bulgarian websites on 15 October 2022,"Russian hacktivist group KillNet disrupted various Bulgarian websites, including of government, airports, media and a telecommunication company, on 15 October 2022, according to statements by the hackers
",2022-10-15,2022-10-15,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,"[['Ministry of Justice (Bulgaria)'], ['Constitutional Court (Bulgaria)'], ['Ministry of Defence (Bulgaria)'], ['Ministry of Interior (Bulgaria)'], ['Presidency (Bulgaria)'], ['Not available']]","['Bulgaria', 'Bulgaria', 'Bulgaria', 'Bulgaria', 'Bulgaria', 'Bulgaria']","[['EUROPE', 'BALKANS', 'NATO', 'EU'], ['EUROPE', 'BALKANS', 'NATO', 'EU'], ['EUROPE', 'BALKANS', 'NATO', 'EU'], ['EUROPE', 'BALKANS', 'NATO', 'EU'], ['EUROPE', 'BALKANS', 'NATO', 'EU'], ['EUROPE', 'BALKANS', 'NATO', 'EU']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['Critical infrastructure', 'Media', 'Critical infrastructure']]","[['Government / ministries'], ['Judiciary'], ['Government / ministries'], ['Government / ministries'], ['Government / ministries'], ['Telecommunications', '', 'Transportation']]",['Killnet'],['Russia'],['Non-state-group'],['Hacktivist(s)'],3,2022-10-16; 2022-10-15; 2022-10-15; 2022-10-15; 2022-10-15,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity,"Killnet; Ivan Geshev (Chief Public Prosecutor, BGR); Prosecutor's Office; Borislav Sarafov; National Investigative Service",,Russia; Bulgaria; Bulgaria; Bulgaria; Bulgaria,Killnet; Unknown; Unknown; Unknown; Unknown,Russia; Russia; Russia; Russia; Russia,Non-state-group; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed; Unknown - not attributed,Hacktivist(s); ; ; ; ,"['https://www-dnevnik-bg.translate.goog/bulgaria/2022/10/15/4403495_geshev_hakerskata_ataka_idva_ot_ruskiia_grad/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de', 'https://www-dnevnik-bg.translate.goog/bulgaria/2022/10/15/4403469_hakerska_ataka_zatrudni_vlizaneto_v_saita_na/?ref=home_NaiNovoto&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de', 'https://t.me/killnet_reservs/3137']",System / ideology,Unknown,,Unknown,,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,4.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.rferl.org/a/bulgaria-cyberattack-russia/32084869.html', 'https://www.databreaches.net/bulgarian-government-hit-by-cyberattack-blamed-on-russian-hacking-group/', 'https://www.novinite.com/articles/217097/Russians+might+be+behind+Hacker+Attacks+against+Bulgaria', 'https://www-dnevnik-bg.translate.goog/bulgaria/2022/10/15/4403495_geshev_hakerskata_ataka_idva_ot_ruskiia_grad/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de', 'https://www-dnevnik-bg.translate.goog/bulgaria/2022/10/15/4403469_hakerska_ataka_zatrudni_vlizaneto_v_saita_na/?ref=home_NaiNovoto&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de', 'https://www-svobodnaevropa-bg.translate.goog/a/32084652.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de', 'https://www.rferl.org/a/bulgaria-cyberattack-russia/32084869.html', 'https://t.me/killnet_reservs/3137', 'https://www.euractiv.com/section/digital/news/bulgaria-targeted-by-russian-hacker-attack/', 'https://www.euractiv.com/section/politics/news/nuclear-phase-out-strains-german-coalition-2/', 'https://securityaffairs.co/wordpress/137230/hacking/bulgaria-hit-cyber-attack-russia.html', 'https://twitter.com/securityaffairs/status/1582089024252305408', 'https://twitter.com/Dennis_Kipker/status/1581951029179883520', 'https://therecord.media/cyberattack-disrupts-bulgarian-government-websites-over-betrayal-to-russia/', 'https://research.checkpoint.com/2022/24th-october-threat-intelligence-report/']"
1605,"Unknown APT groups used a 0-day in Zimbra software to gain access to government, telecommunication and IT entities throughout Central Asia in early September 2022","Unknown APT groups used a 0-day in Zimbra software, namely CEV-2022-41352, to gain access to government, telecommunication and IT entities in early September 2022 as part of the first attack wave, according to a technical report by Kaspersky. The taregeting showed mixed patters of selective and opportunistic attacks with a strong geographic focus on Central Asia. ",2022-09-07,,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Hijacking without Misuse,[['Not available']],['Central Asia (region)'],,"[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', 'Telecommunications', '']]",['Unknown'],['Not available'],['Unknown - not attributed'],,2,2022-10-13; 2022-10-13,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Kaspersky; Volexity,,Russia; United States,Unknown; Unknown,,Unknown - not attributed; Unknown - not attributed,,"['https://securelist.com/ongoing-exploitation-of-cve-2022-41352-zimbra-0-day/107703/', 'https://twitter.com/Volexity/status/1580591431197945857']",Unknown,Unknown,,Unknown,,0,,,,,,Yes,One,Exploit Public-Facing Application,Data Manipulation,None,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,1.0,Not available,Not available,Not available,0.0,,0.0,Not available,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.securityweek.com/zimbra-patches-under-attack-code-execution-bug', 'https://thehackernews.com/2022/10/zimbra-releases-patch-for-actively.html', 'https://forums.zimbra.org/viewtopic.php?f=15&t=71153&sid=ec590d3c33b28980e53752569defe800', 'https://securelist.com/ongoing-exploitation-of-cve-2022-41352-zimbra-0-day/107703/', 'https://twitter.com/Volexity/status/1580591431197945857', 'https://blog.zimbra.com/2022/10/new-zimbra-patches-9-0-0-patch-27-8-8-15-patch-34/', 'https://socradar.io/unpatched-rce-vulnerability-in-zimbra-actively-exploited/', 'https://twitter.com/unix_root/status/1581981098493595648']"
1606,An unnamed Chinese APT gained access to the systems of a US software company through the use of  shack2 and China Chopper web shells in 2022,"An unnamed and possibly state-sponsored Chinese APT gained access to the network of a US software company in 2022, using the shack2 and China Chopper web shells, according to the findings that the cybersecurity firm IronNet published with moderate confidence. No data theft was reported. IronNet detected the incident in August 2022. ",2022-01-01,2022-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,[['Not available']],['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Not available'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2022-10-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,IronNet,,United States,,China,"Non-state actor, state-affiliation suggested",,['https://www.ironnet.com/blog/the-security-risk-of-m-a'],International power,System/ideology; International power,China – USA; China – USA,Unknown,,0,,,,,,No,,External Remote Services; Valid Accounts,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,None,0.0,euro,None/Negligent,International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,['https://www.ironnet.com/blog/the-security-risk-of-m-a']
1607,Chinese state-sponsored Winnti Group targets Hong Kong government organizations in espionage effort starting in 2021,"The Chinese state-sponsored hackers APT Winnti Group attacked several of Hong Kong's government institutions using the Spyder Loader malware in an effort to gather intelligence for over a year starting in 2021. This activity is linked to Operation CuckooBees, an alleged espionage effort by Chinese state-sponsored hackers to steal information from critical infrastructure companies dating back to 2019.",2021-01-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,,['Hong Kong'],[['ASIA']],[['State institutions / political system']],[['Government / ministries']],,['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-10-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Symantec,,United States,,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://therecord.media/hong-kong-govt-orgs-targeted-for-over-a-year-with-spyder-loader-malware-report/'],System / ideology; Autonomy; Secession,System/ideology; Autonomy; Secession,China (Hong Kong); China (Hong Kong); China (Hong Kong),Unknown,,0,,,,,,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,7.0,Months,Not available,Not available,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Law of treaties (pacta sunt servanda),; ,Not available,0,,,,,,Cyber espionage,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://thehackernews.com/2022/10/chinese-spyder-loader-malware-spotted.html', 'https://www.bleepingcomputer.com/news/security/hackers-compromised-hong-kong-govt-agency-network-for-a-year/', 'https://therecord.media/hong-kong-govt-orgs-targeted-for-over-a-year-with-spyder-loader-malware-report/', 'https://securityaffairs.co/wordpress/137300/apt/apt41-spyder-loader.html', 'https://twitter.com/unix_root/status/1582349777592758273', 'https://twitter.com/Dinosn/status/1582357654391128065', 'https://twitter.com/Cyber_O51NT/status/1582332169225371649', 'https://twitter.com/780thC/status/1582324378880028673', 'https://www.darkreading.com/threat-intelligence/china-linked-cyber-espionage-team-homes-in-on-hong-kong-government-orgs', 'https://www.securityweek.com/chinas-winnti-group-seen-targeting-governments-sri-lanka-hong-kong', 'https://research.checkpoint.com/2022/24th-october-threat-intelligence-report/']"
1609,Anonymous-linked group CaucasNet claims a hack of patrol robots of the Russian company SMP Robotics in May 2022,"The Anonymous-linked group CaucasNet claims to have hacked the administration panel of the patrol robots ""Tral Patrol 4.0"" of the Russian company SMP Robotics worldwide and broadcasted the Ukrainian national anthem and a Georgian song on the robots on May 9, 2022. Targets included robots at Sheremetyevo International Airport.",2022-05-01,2022-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,[['SMP Robotics']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['CaucasNet'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-05-04 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,CaucasNet,,Unknown,CaucasNet,Unknown,Non-state-group,Hacktivist(s),['https://twitter.com/caucasnet/status/1521643929178939392'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Defacement; Resource Hijacking,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://twitter.com/caucasnet/status/1524177545465372673?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1524177545465372673%7Ctwgr%5E2caead7fdff69fa732bc4bfa398899c2066e99e6%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.dailydot.com%2Fdebug%2Fhackers-surveillance-robots-russia%2F', 'https://www.dailydot.com/debug/hackers-surveillance-robots-russia/', 'https://twitter.com/caucasnet/status/1521643929178939392', 'https://vosveteit.zoznam.sk/hackeri-z-anonymous-rozoberaju-rusko-pribuda-jeden-kyberneticky-utok-za-druhym/', 'https://twitter.com/Anonymous_Link/status/1524056118259036162?s=20&t=1tD6JNcAL4R2MjNPMiP6Hw', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg']"
1613,Unknown hackers stole information of Australian private health insurance provider Medibank in October 2022,"Unknown hackers stole personal information of customers of Australian private health insurance provider Medibank in October 2022. A week before the company became aware of the data theft, Medibank had arrested a ransomware attack in the staging phase. Stolen data came from the systems of the ahm insurance and the international studen insurance services, and comprised customer names, addresses, dates of birth, medicare numbers, policy numbers, and phone numbers. In some cases, details also included claims data, recording the location of where a customer received medical services and codes revealing their diagnoses and procedures.
In November the hackers started leaking the stolen data on the dark web containing screencaps from chats or negotiations between Medibank and the ransomware group. 
On the 1st December 2022, Medibank confirmed, that the hackers leaked another dump of stolen data containing health claim information. In February 2023, the company stated that the ""criminal accessed our systems using a stolen Medibank username and password used by a third party IT service provider"" and that ""following the triage of a security alert on 11 October we closed down the criminal’s attack path and can reconfirm no further activity by the criminal since 12 October 2022 has been detected inside our systems.""",2022-10-01,2022-11-01,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,[['Medibank Private Ltd.']],['Australia'],[['OC']],[['Critical infrastructure']],[['Health']],['Unknown'],['Russia'],['Non-state-group'],['Criminal(s)'],1,2022-11-11 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,"Reece Kershaw (Australian Federal Police Commissioner, Australia)",,Australia,Unknown,Russia,Non-state-group,Criminal(s),"['https://www.medibank.com.au/health-insurance/info/cyber-security/', 'https://www.afp.gov.au/news-media/media-releases/statement-afp-commissioner-reece-kershaw-medibank-private-data-breach']",Unknown,Not available,,Not available,,2,2022-12-08; 2022-11-04,State Actors: Stabilizing measures; State Actors: Legislative reactions,Statement by other ministers/members of parliament; Legislative initiative,Australia; Australia,"Clare O'Neil (Cyber Security Minister, AUS); Parliament of Australia",No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,11.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,> 10 Mio - 100 Mio,24000000.0,dollar,None/Negligent,Human rights,Civic / political rights,Not available,1,2022-11-12 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Australia,Australian Government,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/UK_Daniel_Card/status/1630097281516032000', 'https://socradar.io/what-we-learned-from-medibank-ransomware-incident/', 'https://www.faz.net/aktuell/wirtschaft/digitec/cyberangriff-auf-australische-krankenkasse-hacker-in-russland-18453252.html', 'https://www.thestar.com.my/tech/tech-news/2022/11/30/hackers-cripple-prestigious-indian-hospitals-internet-systems', 'https://www.cyberscoop.com/ransomware-australia-task-force/', 'https://www.smh.com.au/national/happy-cyber-security-day-medibank-hackers-release-massive-trove-of-data-online-20221201-p5c2q5.html', 'https://twitter.com/unix_root/status/1598340896910557184', 'https://www.smh.com.au/business/companies/case-closed-medibank-hackers-release-massive-data-file-20221201-p5c2pu.html', 'https://www.thestar.com.my/tech/tech-news/2022/12/01/hackers-dump-more-customer-data-from-australian-insurer-medibank', 'https://www.lemonde.fr/economie/article/2022/12/01/cybercriminalite-au-vanuatu-le-retour-au-stylo-n-est-plus-une-chimere-de-nostalgique_6152491_3234.html', 'https://research.checkpoint.com/2022/5th-december-threat-intelligence-report/', 'https://therecord.media/multiple-government-departments-in-new-zealand-affected-by-ransomware-attack-on-it-provider/', 'https://socradar.io/major-cyber-attacks-in-review-november-2022/', 'https://www.smh.com.au/technology/in-some-countries-you-have-a-right-to-be-forgotten-online-so-can-you-ask-a-company-to-ditch-your-data-in-australia-20221206-p5c43l.html', 'https://www.smh.com.au/business/companies/accounting-illusion-downer-delivers-the-latest-corporate-head-scratcher-20221208-p5c4t1.html', 'https://www.govinfosecurity.com/australian-aims-to-be-worlds-most-cyber-secure-country-a-20677', 'https://minister.homeaffairs.gov.au/ClareONeil/Pages/national-press-club-address.aspx', 'https://www.theguardian.com/australia-news/2022/dec/15/russian-medibank-hackers-could-be-first-targets-of-australian-sanctions-against-cyber-attackers', 'https://twitter.com/jasonnurse/status/1604812727289012227', 'https://www.spiceworks.com/it-security/data-security/news/medibank-data-leak/', 'https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/', 'https://socradar.io/introducing-radar-pages-major-cyber-attacks/', 'https://www.theguardian.com/australia-news/2022/dec/01/medibank-hackers-announce-case-closed-and-dump-huge-data-file-on-dark-web', 'https://securitymea.com/2022/12/29/10-biggest-cyberattacks-of-the-year/', 'https://socradar.io/top-10-data-leaks-in-2022/', 'https://therecord.media/international-counter-ransomware-task-force-kicks-off/', 'https://www.govinfosecurity.com/australian-insurer-back-online-after-cyberattack-a-20274', 'https://therecord.media/shares-in-australias-medibank-drop-despite-foiling-ransomware-attack/', 'https://www.theguardian.com/technology/2022/oct/19/health-insurer-medibank-enters-trading-halt-after-purported-cyber-attack', 'https://www.smh.com.au/national/customer-data-may-have-been-exposed-in-medibank-cyber-incident-20221019-p5br74.html', 'https://www.smh.com.au/technology/medibank-hackers-threaten-to-release-stolen-health-data-in-ransom-demand-20221019-p5br2s.html', 'https://www.heise.de/news/Krankenversicherer-gehackt-Angreifer-wollen-1000-betroffene-Promis-kontaktieren-7313388.html', 'https://www.abc.net.au/news/2022-10-20/medibank-cyber-attack-hack-stolen-data/101557122', 'https://www.medibank.com.au/health-insurance/info/cyber-security/', 'https://www.smh.com.au/business/the-economy/the-cybersecurity-arms-race-is-running-hot-and-the-hackers-are-winning-20221020-p5brl0.html', 'https://www.foxnews.com/world/cybercriminal-holding-customers-data-australian-health-insurer-ransom', 'https://www.theguardian.com/australia-news/2022/oct/20/medibank-says-sample-of-stolen-customer-data-includes-details-of-medical-procedures', 'https://www.smh.com.au/technology/what-we-know-about-medibank-hack-and-what-should-customers-do-20221020-p5brgi.html', 'https://www.smh.com.au/technology/four-million-australians-could-be-exposed-in-medibank-hack-20221021-p5brmx.html', 'https://apnews.com/article/technology-health-australia-hacking-business-cfa90df38c870633a24384c01487a92e', 'https://www.independent.co.uk/news/ap-australian-canberra-trade-parliament-b2206642.html', 'https://www.securityweek.com/australian-health-insurer-medibank-admits-customer-data-stolen-ransomware-attack', 'https://www.channelnewsasia.com/business/after-telco-hack-australia-faces-wave-data-breaches-3016611', 'https://therecord.media/medibank-says-criminals-have-shared-proof-they-stole-customer-data/', 'https://minister.homeaffairs.gov.au/ClareONeil/Pages/statement-on-medibank-cyber-incident.aspx', 'https://www.medibank.com.au/livebetter/newsroom/post/medibank-cyber-incident-response', 'https://www.smh.com.au/business/companies/medibank-cyberattack-could-be-costly-on-multiple-fronts-20221021-p5brth.html', 'https://www.smh.com.au/technology/how-medibank-joined-optus-in-hack-hell-20221021-p5brt3.html', 'https://www.smh.com.au/technology/energyaustralia-struck-by-cyber-attack-attacking-weakness-in-password-rules-20221022-p5bryn.html', 'https://abcnews.go.com/Technology/wireStory/australia-flags-corporate-penalties-privacy-breaches-91902034', 'https://www.independent.co.uk/news/ap-australia-canberra-parliament-b2208256.html', 'https://research.checkpoint.com/2022/24th-october-threat-intelligence-report/', 'https://www.securityweek.com/australia-flags-new-corporate-penalties-privacy-breaches', 'https://www.databreaches.net/medibank-updates-incident-report-customer-data-also-affected/', 'https://www.securityweek.com/medibank-confirms-broader-cyberattack-impact-after-hackers-threaten-target-celebs', 'https://www.channelnewsasia.com/business/pay-hackers-cybersecurity-it-australia-government-firm-3023661', 'https://www.malwarebytes.com/blog/news/2022/10/medibank-customers-personal-data-compromised-by-cyber-attack', 'https://www.databreaches.net/au-medibanks-latest-update-reveals-more-woes-my-home-hospital-patient-info-accessed/', 'https://www.databreaches.net/australian-clinical-labs-says-data-of-223000-people-hacked/', 'https://thehackernews.com/2022/10/australian-health-insurer-medibank.html', 'https://www.govinfosecurity.com/fallout-from-medibank-hack-grows-a-20361', 'https://therecord.media/cyberspace-has-become-a-battleground-warns-australian-cyber-security-centre/', 'https://www.securityweek.com/hackers-leak-australian-health-records-dark-web', 'https://www.bleepingcomputer.com/news/security/medibank-warns-customers-their-data-was-leaked-by-ransomware-gang/', 'https://www.databreaches.net/hackers-release-australian-health-insurers-customer-data/', 'https://twitter.com/ciaranmartinoxf/status/1590596497137360896', 'https://twitter.com/HackRead/status/1590511910763474944', 'https://twitter.com/ColetteWeston/status/1590607741139054592', 'https://twitter.com/Dennis_Kipker/status/1590663811576451072', 'https://www.govinfosecurity.com/australia-blames-russian-hackers-for-medibank-hack-a-20452', 'https://therecord.media/australian-federal-police-say-cybercriminals-in-russia-behind-medibank-hack/', 'https://www.databreaches.net/au-government-announces-new-task-force-to-target-hackers/', 'https://twitter.com/ciaranmartinoxf/status/1591535531976196096', 'https://twitter.com/troyhunt/status/1591532230211698688', 'https://twitter.com/Cyberknow20/status/1591526482450567178', 'https://www.lemonde.fr/international/article/2022/11/11/cyberattaque-l-australie-accuse-des-pirates-russes-de-vol-de-donnees-medicales_6149437_3210.html', 'https://www.afp.gov.au/news-media/media-releases/statement-afp-commissioner-reece-kershaw-medibank-private-data-breach', 'https://www.news.com.au/finance/business/hackers-leak-more-medibank-customer-data-on-dark-web/news-story/70433a3c5a0b6b2329733912d4470030', 'https://www.pm.gov.au/media/doorstop-cenotaph-sydney', 'https://twitter.com/UK_Daniel_Card/status/1592244332761079809', 'https://research.checkpoint.com/2022/14th-november-threat-intelligence-report/', 'https://www.darkreading.com/threat-intelligence/australia-declares-war-against-cybercriminals', 'https://twitter.com/jasonnurse/status/1592511718328258561', 'https://www.databreaches.net/medibank-defends-decision-to-not-pay-hackers-ransom-for-stolen-data-as-it-contacts-480000-customers/', 'https://ministers.ag.gov.au/media-centre/tougher-penalties-serious-data-breaches-22-10-2022', 'https://www.darkreading.com/attacks-breaches/australia-hack-back-plan-against-cyberattackers-familiar-concerns', 'https://ministers.ag.gov.au/media-centre/joint-standing-operation-against-cyber-criminal-syndicates-12-11-2022', 'https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22legislation%2Fbillsdgs%2F8863742%22', 'https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;page=0;query=BillId:r6940%20Recstruct:billhome', 'https://twitter.com/medibank/status/1585052710730362880', 'https://socradar.io/growing-cybercrime-outsourcing-model-initial-access-brokers/', 'https://www.medibank.com.au/livebetter/newsroom/post/2023-half-year-results-a-solid-result-with-business-momentum-returning?utm_source=substack&utm_medium=email', 'https://thehackernews.com/2023/03/breaking-mold-pen-testing-solutions.html', 'https://www.darkreading.com/attacks-breaches/australia-is-scouring-the-earth-for-cybercriminals-the-us-should-too', 'https://socradar.io/whats-next-for-cybercrime-ecosystem-after-genesis-market-takedown/']"
1615,National Republican Army (NRA) steals data from Russian government contractors and disrupts government websites,"In October 2022, the Kyiv Post disclosed that the Russian hacktivist group National Republican Army (NRA) hacked and stole data from several Russian technology companies based on information received from the group, including sample data allegedly obtained during the operation. Targets included Technoserv, which provides services to protect the Russian government. The group cites the goal of overthrowing Putin as the reason for the attack. Among the documents, according to the NRA, are records that also indicate a relationship between Technoserv and Russia's Federal Security Service (FSB). In an apparant message to Technoserv system administrators, the group claimed to have extracted over 1.2 TB of data,  the equivalent of one million files, ranging from AutoCAD designs, contracts with clients and partners, personal information of employees, including passport details. NRA threatened to publicly release the data.",2022-01-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,"[['Not available'], ['Technoserv'], [None]]","['Russia', 'Russia', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system']]","[[''], [''], ['Government / ministries']]",['National Republican Army (NRA)'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2022-10-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,National Republican Army (NRA),,Russia,National Republican Army (NRA),Russia,Non-state-group,Hacktivist(s),['https://www.kyivpost.com/russias-war/russians-against-putin-nra-claims-massive-hack-of-russian-government-contractors-computers.html'],System / ideology; National power,System/ideology; National power,Russia (opposition); Russia (opposition),Unknown,,0,,,,,,No,,Not available,Data Exfiltration; Defacement,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Not available,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://tarnkappe.info/artikel/hacking/cyberangriff-nra-hackt-wichtige-russische-unternehmen-258025.html', 'https://www.kyivpost.com/russias-war/russians-against-putin-nra-claims-massive-hack-of-russian-government-contractors-computers.html']"
1626,Iranian hacker group Emennet Pasargad stole and leaked information of a US-based organization to target an Iranian opposition group in early 2022,"Iranian hacker group Emennet Pasargad stole and leaked information of a US-based organization to target the Iranian opposition group People's Mojahedin Organization of Iran (MEK) in early 2022, according to a notification of the Federal Bureau of Investigation (FBI). ",2022-01-01,2022-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",,Data theft & Doxing; Disruption; Hijacking with Misuse,[['Not available']],['United States'],"[['NATO', 'NORTHAM']]",[['Unknown']],,['Emennet Pasargad'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-10-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,Federal Bureau of Investigation (FBI),,United States,Emennet Pasargad,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.ic3.gov/Media/News/2022/221020.pdf'],System / ideology; National power,System/ideology; National power; Third-party intervention / third-party affection,Iran (opposition); Iran (opposition); Iran (Opposition),Unknown,,1,2022-10-20 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Federal Bureau of Investigation (FBI),No,,External Remote Services,Data Exfiltration; Data Encrypted for Impact,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Not available,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/iranian-cyber-group-emennet-pasargad-conducting-hack-and-leak-operations-using-false-flag-personas/', 'https://www.ic3.gov/Media/News/2022/221020.pdf', 'https://therecord.media/fbi-warns-of-hack-and-leak-operations-from-group-based-in-iran/', 'https://www.darkreading.com/threat-intelligence/fbi-iranian-threat-group-likely-to-target-us-midterms', 'https://www.cyberscoop.com/fbi-iran-warning-hacktivists-election-israel/', 'https://www.securityweek.com/fbi-warns-iranian-cyber-firms-hack-and-leak-operations', 'https://twitter.com/780thC/status/1584489425144143872']"
1627,Iranian-based APT-C-50 continued Domestic Kitten campaign to spy on Iranian citizens starting in June 2021,"Iranian-based APT-C-50 continued its Domestic Kitten campaign to spy on Iranian citizens using new mobile FurBall malware starting in June 2021, according to a technical report by the IT security company ESET. Hidden within an app, the surveillance software is distributed via a website designed to imitate a legitimate platform for resources translated from English to Farsi. In a possible attempt to maintain a low profile and avoid premature detection, the app's default permissions are limited to extract contact lists that could enable subsequent spearphishing attacks. Earlier versions of the app contained expansive surveillance functionalities that, if activiated by the attacker, could siphon text messages, device location, information on installed apps, notifications of other apps (including incoming messages) from infected devices and included the capability to capture and exfiltrate photos and videos. The Domestic Kitten campaign started in 2016, as reported by multiple IT companies, targeting predominantly anti-Iranian-government groups. ",2021-06-21,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['End user(s) / specially protected groups']],,['APT-C-50'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-10-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,APT-C-50,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/'],System / ideology; National power,System/ideology; National power,Iran (opposition); Iran (opposition),Unknown,,0,,,,,,No,,Drive-By Compromise,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Medium,12.0,Months,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,Not available,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; International telecommunication law,Civic / political rights; ,Not available,0,,,,,,Human rights,Civic / political rights,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://thehackernews.com/2022/10/hackers-using-new-version-of-furball.html', 'https://www.bleepingcomputer.com/news/security/hacking-group-updates-furball-android-spyware-to-evade-detection/', 'https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/', 'https://www.darkreading.com/attacks-breaches/furball-spyware-being-used-against-iranian-citizens', 'https://www.welivesecurity.com/videos/apt-c-50-updates-furball-android-malware-week-security-tony-anscombe/', 'https://research.checkpoint.com/2022/24th-october-threat-intelligence-report/', 'https://securitymea.com/2022/10/27/furball-spyware-goes-after-iranian-citizens-eset-research/']"
1628,Anonymous hacking group Black Reward stole and leaked information of Iran’s Atomic Energy Organization (AEOI) in October 2022,"The hacker group Black Reward gained access to the email servers of a subsidiary of the Atomic Energy Organization of Iran (AEOI) and threatened the government on 21 October with the release of stolen confidential data. The targeted entity, the Nuclear Energy Production and Development Co., operates Iran's so far only nuclear power plant in Busher. The group set a 24-hour ultimatum for the government to release all political prisoners. When this demand was not met, the group moved to leak information it said it had obtained from the subsidiary's email system.
The 50 gigabytes of published information included, inter alia, administrative and operational plans of the Bushehr nuclear facility, passports and visas of Iranian as well as Russian employees, and contracts and agreements on nuclear development plans, according to a Tweet of the hacking group. It remains unclear whether the compromised systems handled classified information.
The attack is one in a series of operations carried out in connection with the protests against the death of Mahsa Amini.",2022-01-01,2022-10-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking without Misuse,[['Atomic Energy Production and Development Co. (Iran)']],"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Critical infrastructure']],[['Energy']],,"['Iran, Islamic Republic of']",['Non-state-group'],['Hacktivist(s)'],2,2022-10-21; 2022-10-23,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Receiver attributes attacker,Black Reward; Atomic Energy Organization of Iran (AEOI),,"Iran, Islamic Republic of; Iran, Islamic Republic of",,"Iran, Islamic Republic of; Not available","Non-state-group; Non-state actor, state-affiliation suggested",Hacktivist(s); ,"['https://www.foxnews.com/world/hackers-breach-irans-atomic-energy-agency-protests-persist', 'https://www.haaretz.com/middle-east-news/iran/2022-10-23/ty-article/hackers-target-irans-atomic-energy-organization-release-nuclear-data/00000184-0493-d644-a39c-d5f7c19c0000', 'https://www.japantimes.co.jp/news/2022/10/23/world/iran-nuclear-energy-hack/', 'https://securityaffairs.co/wordpress/137513/hacking/hackers-stole-sensitive-data-from-irans-atomic-energy-agency.html', 'https://mobile.twitter.com/black_reward/status/1583539226049536000']",System / ideology; National power,System/ideology; National power,Iran (opposition); Iran (opposition),Unknown,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Cyber espionage,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://apnews.com/article/iran-technology-dubai-middle-east-business-944d99079fca61439d64054db6bde941', 'https://www.foxnews.com/world/hackers-breach-irans-atomic-energy-agency-protests-persist', 'https://www.haaretz.com/middle-east-news/iran/2022-10-23/ty-article/hackers-target-irans-atomic-energy-organization-release-nuclear-data/00000184-0493-d644-a39c-d5f7c19c0000', 'https://www.japantimes.co.jp/news/2022/10/23/world/iran-nuclear-energy-hack/', 'https://www.independent.co.uk/news/world/europe/ap-xi-jinping-bering-strait-rishi-sunak-russia-b2208760.html', 'https://www.derstandard.at/story/2000140234915/hacker-unterstuetzen-proteste-irans-atombehoerde-meldet-cyberangriff', 'https://securityaffairs.co/wordpress/137513/hacking/hackers-stole-sensitive-data-from-irans-atomic-energy-agency.html', 'https://mobile.twitter.com/black_reward/status/1583539226049536000', 'https://aeoi.org.ir/?news/48466/318330/337446/%D8%A7%D8%B7%D9%84%D8%A7%D8%B9%DB%8C%D9%87-%D8%B3%D8%A7%D8%B2%D9%85%D8%A7%D9%86-%D8%A7%D9%86%D8%B1%DA%98%DB%8C-%D8%A7%D8%AA%D9%85%DB%8C-%D8%A7%DB%8C%D8%B1%D8%A7%D9%86-%D8%AF%D8%B1%D8%A8%D8%A7%D8%B1%D9%87-%D9%86%D9%81%D9%88%D8%B0-%D8%A8%D9%87-%D8%B3%D8%B1%D9%88%D8%B1-%D9%BE%D8%B3%D8%AA-%D8%A7%D9%84%DA%A9%D8%AA%D8%B1%D9%88%D9%86%DB%8C%DA%A9-%DB%8C%DA%A9%DB%8C-%D8%A7%D8%B2-%D8%B4%D8%B1%DA%A9%D8%AA%E2%80%8C%D9%87%D8%A7%DB%8C-%D8%AA%D8%A7%D8%A8%D8%B9%D9%87', 'https://research.checkpoint.com/2022/24th-october-threat-intelligence-report/', 'https://www.cyberscoop.com/iran-nuclear-emails-hack-leak-black-reward/', 'https://www.bleepingcomputer.com/news/security/iran-s-atomic-energy-agency-confirms-hack-after-stolen-data-leaked-online/', 'https://therecord.media/iran-says-specific-foreign-country-behind-hacktivist-leak-of-atomic-energy-emails/', 'https://www.rferl.org/a/iran-nuclear-agency-hacked-e-mail/32096955.html', 'https://twitter.com/HackRead/status/1584617205588578309', 'https://twitter.com/SentinelOne/status/1586019403820212224', 'https://twitter.com/Dennis_Kipker/status/1587058112736989186']"
1629,APT SideWinder Positioned Backdoor on the website of Pakistan's National Electric Power Regulatory Authority (NEPRA) in September 2022,"The APT group SideWinder placed a backdoor on the official website of the National Electric Power Regulatory Authority (NEPRA) of Pakistan, possibly by compromising NEPRA's web server, Zscaler discovered in September 2022. Attackers used the website as staging ground to deploy malware modules via files disguised as official cybersecurity advisories against further espionage targets in Pakistan. Despite SideWinder's high activity rate - a Kaspersky security researcher in May 2022 identified it as among the most prolific groups - indicators that previously suggested an association with Indian actors have not been substantiated.",,2022-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking with Misuse,[['National Electric Power Regulatory Authority (NEPRA; Pakistan)']],['Pakistan'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Civil service / administration']],['Sidewinder APT/ Rattlesnake/ T-APT4'],['India'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-10-21 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Zscaler,,United States,Sidewinder APT/ Rattlesnake/ T-APT4,India,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://thehackernews.com/2022/10/sidewinder-apt-using-new-warhawk.html', 'https://www.zscaler.com/blogs/security-research/warhawk-new-backdoor-arsenal-sidewinder-apt-group-0', 'https://www.theregister.com/2022/05/12/sidewinder_apt_attack_spree/', 'https://blog.group-ib.com/sidewinder-antibot']",International power,Territory; Resources; International power,India – Pakistan; India – Pakistan; India – Pakistan,Unknown,,0,,,,,,No,,Exploit Public-Facing Application; Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,3.0,Not available,Not available,1-10,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; International peace; Sovereignty,; Prohibition of intervention; ,Not available,0,,,,,,Cyber espionage,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://thehackernews.com/2022/10/sidewinder-apt-using-new-warhawk.html', 'https://www.zscaler.com/blogs/security-research/warhawk-new-backdoor-arsenal-sidewinder-apt-group-0', 'https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-Shabab-SideWinderUncoilsToStrike.pdf', 'https://www.theregister.com/2022/05/12/sidewinder_apt_attack_spree/', 'https://twitter.com/Dinosn/status/1584451594233729024', 'https://twitter.com/cybersecboardrm/status/1584557116194365442', 'https://blog.group-ib.com/sidewinder-antibot']"
1631,Anonymous targeted the Russian Ministry of Defense in a hack-and-leak operation including mobilization data in September 2022,"Anonymous hacked and leaked data of 305,925 people who are likely to be mobilized in the first of three waves of mobilization. Anonymous claims that this hacking Russia's Ministry of Defense and leaking data about Russia mobilized soldiers is for the purpose of defending the sovereign territory of Ukraine against the Russian invasion, as part of #OperationRussia ",2022-09-01,2022-09-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker; Incident disclosed by attacker,Data theft & Doxing,[['Ministry of Defence (Russia)']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-09-23 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,Unknown,Anonymous,Unknown,Non-state-group,Hacktivist(s),"['https://www.thetechoutlook.com/news/technology/security/anonymous-collective-hacked-and-leaked-data-of-305925-people-who-are-likely-to-be-mobilized-in-the-first-of-three-waves-of-mobilization/', 'https://twitter.com/YourAnonTV/status/1573290421270507520']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,Not available,,Not available; Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,,,,,Not available,,,,"['https://www.thetechoutlook.com/news/technology/security/anonymous-collective-hacked-and-leaked-data-of-305925-people-who-are-likely-to-be-mobilized-in-the-first-of-three-waves-of-mobilization/', 'https://twitter.com/YourAnonOne/status/1496965766435926039', 'https://twitter.com/YourAnonNewsESP/status/1507880038741458950?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonDoxx/status/1581970139041652741?s=20&t=TKiTdpmCLm5C1-nJK_XSZg', 'https://twitter.com/YourAnonTV/status/1573290421270507520']"
1555,Russian hackers attacked Gloucester City Council's website using malware in December 2021,"In December 2021, Russian hackers attacked Gloucester City Council's website using malware embedded in an email. Several online services could no longer be accessed. The cost of completely rebuilding the website was already £787,000 in October 2022 and could still exceed the amount of £1 million.",2021-12-20,2021-12-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse,[['Gloucester City Council']],['United Kingdom'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['State institutions / political system']],[['Civil service / administration']],,['Russia'],['Not available'],,1,2022-01-18 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,United Kingdom,,Russia,,,['https://www.bbc.com/news/uk-england-gloucestershire-60045060'],International power,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Yes / HIIK intensity,HIIK 2,1,2022-09-29 00:00:00,State Actors: Executive reactions,,United Kingdom,,No,,Phishing,Service Stop,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Not available,0.0,Medium,11.0,Months,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,,0.0,,0.0,euro,Not available,International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.bbc.com/news/uk-england-gloucestershire-63087153', 'https://www.bbc.com/news/uk-england-gloucestershire-63129084', 'https://www.bbc.com/news/uk-england-gloucestershire-60045060', 'https://www.gloucestershirelive.co.uk/news/gloucester-news/gloucesters-cyber-attack-financial-fallout-7659790']"
1640,"Anonymous hacked and leaked 77,500 emails from the Russian Port and Railway Projects Service of JSC UMMC in May 2022","In May 2022, Anonymous announced that it had hacked and leaked 77,500 emails totaling 106 GB from the Russian Port and Railway Projects Service of JSC UMMC as part of #OpRussia. It operates the two largest ports in Russia specializing in coal shipment. By working with JSC Russian Railways, the two ports have been able to maximize their cargo turnover. Countries supplied include Japan, Germany, South Korea and Turkey.",2022-05-01,2022-05-10,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,[['Port and Railway Projects Service of JSC UMMC (Russia)']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Critical infrastructure']],[['Transportation']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-05-10 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,Unknown,Anonymous,Unknown,Non-state-group,Hacktivist(s),['https://twitter.com/YourAnonTV/status/1524067375057936386?s=20&t=oEE6ju6a-b3iAvxsoKRfZQ'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,,,,,Not available,,,,"['https://twitter.com/YourAnonTV/status/1524067375057936386?s=20&t=oEE6ju6a-b3iAvxsoKRfZQ', 'https://www.thetechoutlook.com/news/technology/anonymous-collective-has-leaked-around-106-gb-worth-of-data-from-the-port-and-railway-projects-service-of-jsc-ummc/', 'https://ddosecrets.com/wiki/Port_and_Railway_Projects_Service_of_JSC_UMMC', 'https://securityaffairs.co/wordpress/131264/hacktivism/anonymous-oprussia-updates.html']"
1641,Anonymous targeted the Polar Department of the Russian Federal Research Institute of Fisheries and Oceanography with a hack-and-leak operation in May 2022,"In May 2022, Anonymous claims to have hacked and leaked the Polar Department of the Russian Federal Research Institute of Fisheries and Oceanography. More than 450GB of emails were allegedly published in the process. The leak sources are B00daMooda and DepaixPorteur.",2022-05-01,2022-05-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,[['Polar Department of the Russian Federal Research Institute of Fisheries and Oceanography']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Science']],,['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-05-11 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,Unknown,Anonymous,Unknown,Non-state-group,Hacktivist(s),['https://twitter.com/DepaixPorteur/status/1524378643681611777'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/DepaixPorteur/status/1524378643681611777', 'https://www.thetechoutlook.com/news/technology/security/anonymous-collective-leaked-466-gb-of-emails-from-the-polar-branch-of-the-russian-federal-research-institute-of-fisheries-and-oceanography/', 'https://securityaffairs.co/wordpress/131264/hacktivism/anonymous-oprussia-updates.html', 'https://ddosecrets.com/wiki/Polar_Branch_of_the_Russian_Federal_Research_Institute_of_Fisheries_and_Oceanography']"
1642,Anonymous targeted the Achinsk city government with hack-and-leak operation in May 2022,"In May 2022, Anonymous announced that the collective has hacked and leaked more than 7000 emails amounting to 8.5 GB from the Achinsk city government, as part of #OpRussia. ",2022-05-01,2022-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft & Doxing,[['Achinsk city government (Russia)']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Civil service / administration']],['Anonymous'],['Unknown'],['Non-state-group'],['Hacktivist(s)'],1,2022-05-12 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,Unknown,Anonymous,Unknown,Non-state-group,Hacktivist(s),['https://twitter.com/YourAnonTV/status/1524737564304936960?ref_src=twsrc%5Etfw'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,None,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,,,,,Not available,,,,"['https://securityaffairs.co/wordpress/131264/hacktivism/anonymous-oprussia-updates.html', 'https://twitter.com/YourAnonTV/status/1524737564304936960?ref_src=twsrc%5Etfw', 'https://www.thetechoutlook.com/news/technology/security/anonymous-breached-achinsk-city-government-email-database-with-7000-emails-leaked/', 'https://ddosecrets.com/wiki/Achinsk_City_Government']"
1643,Suspected Chinese state-sponsored hacking group APT10 targeted Japanese media and government organizations with LODEINFO backdoor beginning in March 2022,"Suspected chinese state-sponsored hacking group APT10 was observed abusing antivirus software to install a new version of LODEINFO malware on devices used by Japanese media groups, diplomatic agencies, government and public sector organizations and think tanks from March to September 2022, detected by IT-security company Kaspersky. APT 10 has targeted Japanese organizations since 2019 in a cyberespionage campaign, according to Kaspersky.
",2022-03-01,2022-09-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['Japan'],"[['ASIA', 'SCS', 'NEA']]","[['Unknown', 'State institutions / political system', 'Social groups', 'Media', 'State institutions / political system']]","[['', 'Government / ministries', 'Advocacy / activists (e.g. human rights organizations)', '', 'Other (e.g., embassies)']]","['APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)']",['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2022-06-15; 2022-06-15; 2021-11-27,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Japan Computer Emergency Response Team Coordination Center (JPCERT/CC); Macnica Inc.; Kaspersky,,Japan; Japan; Russia,"APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau); APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)",China; China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://thehackernews.com/2022/11/chinese-hackers-using-new-stealthy.html', 'https://www.macnica.co.jp/business/security/cyberespionage_report_2021_6.pdf', 'https://hitcon.org/2021/en/agenda/6d88317b-4d90-4249-ba87-d81c80a21382/APT10%20HUNTER%20RISE%20ver3.0%20Repel%20new%20malware%20LODEINFO%20DOWNJPIT%20and%20LilimRAT.pdf']",International power,Unknown,,Unknown,,0,,,,,,No,,Phishing,Not available,None,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,1.0,No system interference/disruption,Not available,Not available,0.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; International peace; Sovereignty,; Prohibition of intervention; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.bleepingcomputer.com/news/security/hacking-group-abuses-antivirus-software-to-launch-lodeinfo-malware/', 'https://www.darkreading.com/threat-intelligence/china-backed-apt10-spy-game-custom-fileless-backdoor', 'https://thehackernews.com/2022/11/chinese-hackers-using-new-stealthy.html', 'https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/', 'https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-ii/107745/', 'https://www.macnica.co.jp/business/security/cyberespionage_report_2021_6.pdf', 'https://hitcon.org/2021/en/agenda/6d88317b-4d90-4249-ba87-d81c80a21382/APT10%20HUNTER%20RISE%20ver3.0%20Repel%20new%20malware%20LODEINFO%20DOWNJPIT%20and%20LilimRAT.pdf']"
1644,Pro-Russian group Killnet attacks several Italian institutional and government websites using DDoS attacks in May 2022,"The pro-Russian hacktivist group Killnet has been attacking Italian institutional and government websites using DDoS attacks since 11 May 2022. According to the Italian Computer Security Incident Response Team (CSIRT), this involved the use of the Slow HTTP technique, in which numerous requests are made at very low transmission speeds. Killnet claimed the attacks and announced further attacks on Telegram.",2022-05-11,2022-05-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,"[['Istituto Superiore di Sanità (ISS; Italy)'], ['Scuola IMT Alti Studi Lucca'], ['Ministero della Difesa'], [""Automobile Club d'Italia""], ['Senato della Repubblica'], ['Infomedix International'], ['Kompass']]","['Italy', 'Italy', 'Italy', 'Italy', 'Italy', 'Italy', 'Italy']","[['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU']]","[['Science'], ['Science'], ['State institutions / political system'], ['Other'], ['State institutions / political system'], ['Media'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[[''], [''], ['Government / ministries'], [''], ['Government / ministries'], [''], ['']]",['Killnet'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2022-05-11 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Killnet,,Russia,Killnet,Russia,Non-state-group,Hacktivist(s),['https://t.me/Legion_Russia/232'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-05-11 00:00:00,State Actors: Stabilizing measures,Statement by other ministers/members of parliament,Italy,Maria Elisabetta Alberti Casellati (President of the Senate; ITA),No,,Not available,Endpoint Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,7.0,,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html', 'https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/', 'https://therecord.media/killnet-ddos-hospitals-healthcare-russia', 'https://t.me/killnet_reservs/1250', 'https://www.bleepingcomputer.com/news/security/italian-cert-hacktivists-hit-govt-sites-in-slow-http-ddos-attacks/', 'https://www.csirt.gov.it/contenuti/attacchi-ddos-ai-danni-di-soggetti-nazionali-ed-internazionali-avvenuti-a-partire-dall11-maggio-2022-analisi-e-mitigazione-bl01-220513-csirt-ita', 'https://t.me/Legion_Russia/232', 'https://www.corriere.it/cronache/22_maggio_11/attacco-hacker-russi-siti-italia-anche-senato-difesa-presi-mira-612c2c38-d149-11ec-b465-8b7c23727ee0.shtml', 'https://therecord.media/italy-killnet-hacking-military-parliament-national-health-institute/', 'https://twitter.com/Min_Casellati/status/1524469977763434497?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1524469977763434497%7Ctwgr%5E5723eaea66ecc76d3ed2bfda811d956f6801b64e%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Ftherecord.media%2Fitaly-killnet-hacking-military-parliament-national-health-institute%2F', 'https://therecord.media/ddos-denmark-us-russia-killnet/']"
1646,Anonymous defaces Russian psychological and consulting website in May 2022,"In May 2022, in the context of the war in Ukraine, the Anonymous collective defaced the Russian psychology and consulting website Metodkabi using cross-site scripting (XSS). The message ""Stop the War"" appeared on the website.",2022-05-14,2022-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,[['Metodkabi']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Anonymous'],['Not available'],['Non-state-group'],['Hacktivist(s)'],1,2022-05-14 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,,Anonymous,,Non-state-group,Hacktivist(s),['https://twitter.com/Anonymous_Link/status/1525431109437341696'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,None,0.0,euro,None/Negligent,,,Not available,0,,,,,,Not available,,,,"['https://twitter.com/Anonymous_Link/status/1525431109437341696', 'https://www.thetechoutlook.com/news/technology/security/anonymous-collective-hacks-the-russian-psychology-and-consulting-website-cross-site-scripting/', 'https://twitter.com/Anonymous_Link/status/1526240927500709888']"
1659,Russian state-sponsored hacking group IRIDIUM used new Prestige ransomware to attack transport and logistics companies in Ukraine and Poland beginning in March 2022,"Russian state-sponsored hacking group IRIDIUM, which overlaps with the GRU-run group Sandworm, is likely responsible for using the new Prestige ransomware to attack transport and logistics companies in Ukraine and Poland to disrupt Ukrainian military activities beginning in March 2022, according to additional information shared by Microsoft following a technical report on October 14, 2022. Microsoft had previously tracked the activity cluster as DEV-0960.",2022-03-01,2022-10-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company; Incident disclosed by IT-security company,Disruption; Hijacking with Misuse; Ransomware,"[['Not available'], ['Not available']]","['Ukraine', 'Poland']","[['EUROPE', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU']]","[['Critical infrastructure'], ['Critical infrastructure']]","[['Transportation'], ['Transportation']]","['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-11-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",Not available,Not available,4,Moderate - high political importance,4.0,Minor,1.0,Not available,Not available,Not available,0.0,1-10,2.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.wired.com/story/ukraine-russia-wiper-malware/', 'https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/', 'https://www.govinfosecurity.com/ukraine-tracks-increased-russian-focus-on-cyberespionage-a-21423', 'https://blogs.microsoft.com/on-the-issues/2023/03/15/russia-ukraine-cyberwarfare-threat-intelligence-center/', 'https://www.rferl.org/a/russian-hackers-ukraine-cyberattacks-microsoft/32319995.html', 'https://www.jpost.com/international/article-734447', 'https://cyberscoop.com/russian-hackers-ukraine-cyberattacks/', 'https://twitter.com/Cyber_O51NT/status/1639428701137035264', 'https://therecord.media/poland-warns-of-pro-kremlin-cyberattacks-aimed-at-destabilization/', 'https://www.welivesecurity.com/2023/03/30/eset-research-podcast-year-fighting-rockets-soldiers-wipers-ukraine/', 'https://www.bleepingcomputer.com/news/security/russian-military-hackers-linked-to-ransomware-attacks-in-ukraine/', 'https://www.cyberscoop.com/russian-military-hacking-crew/', 'https://therecord.media/microsoft-attributes-prestige-ransomware-attacks-on-ukraine-and-poland-to-russian-group/', 'https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/', 'https://securityaffairs.co/wordpress/138362/apt/prestige-ransomware-linked-iridium.html', 'https://www.securityweek.com/microsoft-links-prestige-ransomware-attacks-russian-state-sponsored-hackers', 'https://thehackernews.com/2022/11/microsoft-blames-russian-hackers-for.html', 'https://twitter.com/Dennis_Kipker/status/1592115380797214720', 'https://research.checkpoint.com/2022/14th-november-threat-intelligence-report/', 'https://www.bleepingcomputer.com/news/security/microsoft-warns-of-russian-cyberattacks-throughout-the-winter/', 'https://www.wired.com/story/worst-hacks-2022/', 'https://twitter.com/M_Miho_JPN/status/1609010093793906689', 'https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html', 'https://securitymea.com/2023/02/01/russian-apt-groups-continue-attacks-with-wipers-and-ransomware/']"
1664,More than 30 Thai activists were victims of the Pegasus spyware between October 2020 and November 2021,"An investigation by iLaw, Digital Reach and Citizen Lab discovered that at least 30 Thai pro-democracy protesters and activists were victims of Pegasus spyware between October 2020 and November 2021. The investigation was conducted in response to a mass warning from Apple about spyware attacks by state-sponsored actors in November 2021. The attacks took place during the period of pro-democracy protests in Thailand and primarily targeted individuals associated with them. The organizations suspect Thai government operator as the initiators, but cannot attribute the attacks to any particular actor. In February 2023, activists announced that they sue the government for this activity. 

",2020-10-21,2021-11-12,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,"[['Panusaya Sithijirawattanakul'], ['Elia Fofi'], ['Sarinee Achavanuntakul'], ['Chatrapee Artsomboon'], ['Prajak Kongkirati'], ['Puangthong Pawakapan'], ['Katekanok Wongsapakdee'], ['Nuttaa Mahattana'], ['Benja Apan'], ['Wichapat Srigasipun'], ['Jatupat Boonpattararaksa'], ['Rattapoom Lertpaijit'], ['Jutatip Sirikhan'], ['Dechathorn “Hockey” Bamrungmuang'], ['Chonlatit Chottsawas'], ['Piyarat Chongthep'], ['Inthira Charoenpura'], [None], ['Poramin Rassameesawas'], ['Bussarin Paenaeh'], ['Yingcheep Atchanont'], ['Niraphorn Onnkhaow'], ['Pornpen Khongkachonkiet'], ['Nutchanon Pairoj'], ['Pansiree Jirathakoone'], ['Arnon Nampa']]","['Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand', 'Thailand']","[['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA'], ['ASIA', 'SEA']]","[['Social groups'], ['Other'], ['Science'], ['Social groups'], ['Science'], ['Science'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Other'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups'], ['Social groups']]","[['Advocacy / activists (e.g. human rights organizations)'], [''], [''], ['Advocacy / activists (e.g. human rights organizations)'], [''], [''], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], [''], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)']]",['Not available'],['Thailand'],['State'],,1,2022-07-17; 2022-07-17; 2022-07-17; 2022-07-17; 2022-07-17; 2022-07-17,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party; Attribution by third-party,CitizenLab; CitizenLab; iLaw; iLaw; Digital Reach; Digital Reach,,Canada; United Kingdom; Canada; United Kingdom; Canada; United Kingdom,,Thailand; Thailand; Thailand; Thailand; Thailand; Thailand,State; State; State; State; State; State,,['https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/'],System / ideology; National power,System/ideology; National power,Thailand (opposition); Thailand (opposition),Yes / HIIK intensity,HIIK 3,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,30.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,1,2023-02-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Thailand,Activists from Thailand,Not available,,No response justified (missing state attribution & breach of international law),,"['https://twitter.com/DuguinStephane/status/1625534088496009217', 'https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/', 'https://freedom.ilaw.or.th/en/report-parasite-that-smiles', 'https://www.reuters.com/technology/pegasus-phone-spyware-used-target-30-thai-activists-cyber-watchdogs-say-2022-07-18/', 'https://www.washingtonpost.com/technology/2022/07/17/pegasus-nso-thailand-apple/']"
1665,"Pro-Russian hacktivist group disrupted multiple organizations in Ukraine with ""Somnia"" ransomware on 11 November 2022","The pro-Russian hacktivist group named ""From Russia with Love"" or ""Z-Team"" infected multiple organizations in Ukraine with a new ransomware strain called ""Sonia"", encrypting the systems on 11 November 2022 and causing operational problems. The group has previously disclosed creating the Somnia ransomware on their Telegram channel. CERT-UA has attributed the attack to the hacktivist group and describes Somnia as a data-wiper malware as it does not provide the possibility of data decryption.",2022-11-01,2022-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,[['Not available']],['Ukraine'],"[['EUROPE', 'EASTEU']]",[['Unknown']],,['From Russia with Love (FRwL)/Z-Team/UAC-0118'],['Russia'],['Non-state-group'],['Criminal(s)'],2,2022-11-11; 2022-11-01,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attacker confirms,CERT-UA; From Russia with Love (FRwL)/Z-Team/UAC-0118,,Ukraine; Russia,From Russia with Love (FRwL)/Z-Team/UAC-0118; From Russia with Love (FRwL)/Z-Team/UAC-0118,Russia; Russia,Non-state-group; Non-state-group,Criminal(s); Hacktivist(s),"['https://www.bleepingcomputer.com/news/security/ukraine-says-russian-hacktivists-use-new-somnia-ransomware/', 'https://cert.gov.ua/article/2724253']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,External Remote Services,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,2.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.wired.com/story/ukraine-russia-wiper-malware/', 'https://www.bleepingcomputer.com/news/security/ukraine-says-russian-hacktivists-use-new-somnia-ransomware/', 'https://twitter.com/securityaffairs/status/1592290595309076480', 'https://twitter.com/hacks4pancakes/status/1592202195138908160', 'https://securityaffairs.co/wordpress/138496/hacking/somnia-ransomware-attacks-ukraine.html', 'https://twitter.com/M_Miho_JPN/status/1592502459821592579', 'https://twitter.com/JAMESWT_MHT/status/1592418378001813504', 'https://cert.gov.ua/article/2724253', 'https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-18th-2022-rising-operations/', 'https://twitter.com/Cyberknow20/status/1606396705548619776']"
1669,Unknown actors stole data from various Spanish state agencies using the communication network Punto Neutro Judicial of the judiciary starting in October 2022,"The General Council of the Judiciary (CGPJ) in Spain suffered a cyberattack on its Punto Neutro Judicial (PNJ) platform that connects judicial bodies with other government agencies in October 2022. El Diario reported on 11 November that attackers were able to hit the Treasury Information Services and exfiltrated information from half a million Spanish taxpayers. They also accessed networks of the General Police Directorate and obtained the IDs and addresses of 50,000 police officers. Initial findings from an investigation by the National Court revealed that the attackers had sought to identify the files of specific individuals with a public profile. ",2001-01-01,2022-10-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source),Data theft; Hijacking with Misuse,"[['Directorate-General of the Police (DGP; Spain)'], ['Spanish Tax Administration Agency (AEAT)'], ['Public Employment Service (PES; Spain)'], ['National Institute of Social Security (INSS; Spain)']]","['Spain', 'Spain', 'Spain', 'Spain']","[['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Police'], ['Civil service / administration'], ['Civil service / administration'], ['Civil service / administration']]",['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Not available,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,4.0,,0.0,Not available,0.0,euro,Not available,Cyber espionage; Human rights,; Civic / political rights,Not available,1,2022-10-20 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Spain,Juzgado Central de Instrucción de la Audiencia Nacional (ESP),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-16/', 'https://www.eleconomista.es/telecomunicaciones/noticias/12026256/11/22/Ciberataque-al-corazon-del-sistema-judicial-millones-de-datos-personales-en-riesgo.html', 'https://www.poderjudicial.es/cgpj/es/Poder-Judicial/Sala-de-Prensa/Archivo-de-notas-de-prensa/El-Punto-Neutro-Judicial--afectado-por-un-ciberataque-a-las-redes-de-las-Administraciones-Publicas-espanolas', 'https://www-eldiario-es.translate.goog/politica/hackeo-traves-judicial-roba-hacienda-datos-medio-millon-contribuyentes_1_9699143.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de', 'https://elpais.com/espana/2022-11-08/la-red-informatica-que-conecta-los-juzgados-con-instituciones-estatales-sufre-un-ciberataque.html', 'https://elpais.com/espana/2022-11-10/la-audiencia-nacional-investiga-el-ciberataque-a-una-red-de-telecomunicaciones-del-poder-judicial.html']"
1670,"Unknown actors gained access into the server of the Mexican Secretariat of Infrastructure, Communications and Transport (SICT) in October 2022","The Secretariat of Infrastructure, Communications and Transportation (SICT) made the announcement via Twitter on October 24, that it got hacked. The hack subsequently disrupted the Mexican transportation system because the ministry has stopped issuing new permits, license plates and driver’s licenses for commercial truck operators until Dec. 31, but it did not damage the agency’s systems, nor were citizen’s data compromised.",2022-10-01,2022-10-24,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,"[['Secretariat of Infrastructure, Communications and Transportation (SICT; Mexico)']]",['Mexico'],,[['State institutions / political system']],[['Government / ministries']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,Not available,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/cyberattack-disrupts-mexicos-transportation-system/', 'https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-16/', 'https://www.gob.mx/sct/prensa/informa-sict-que-software-malicioso-no-dano-sistemas-internos-ni-vulnero-datos-personales?idiom=es', 'https://twitter.com/SCT_mx/status/1584664267126558720?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1584664267126558720%7Ctwgr%5E01cb322c82e5ae2ed879fe07507a72b244f00b61%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.milenio.com%2Fnegocios%2Fsict-registra-ciberataque-activa-protocolo-vulnerabilidades']"
1676,Lazarus APT Attacks European and Latin American Organizations using DTrack backdoor in 2022,"North Korean APT Lazarus attacked multiple entities across Europe and Latin America, including government-related institutes, IT service providers, telecommunications companies, manufacturing, etc. with the DTrack backdoor. According to Kaspersky, Lazarus uses this backdoor since 2019. ",2022-01-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Hijacking without Misuse,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['Saudi Arabia', 'Brazil', 'Germany', 'Switzerland', 'Turkey', 'Mexico', 'United States', 'India', 'Italy']","[['ASIA', 'MENA', 'MEA', 'GULFC'], ['SOUTHAM'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'WESTEU'], ['ASIA', 'NATO', 'MEA'], [], ['NATO', 'NORTHAM'], ['ASIA', 'SASIA', 'SCO'], ['EUROPE', 'NATO', 'EU']]","[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science']]","[['Civil service / administration', 'Telecommunications', '', ''], ['Civil service / administration', 'Telecommunications', '', ''], ['Civil service / administration', 'Telecommunications', '', ''], ['Civil service / administration', 'Telecommunications', '', ''], ['Civil service / administration', 'Telecommunications', '', ''], ['Civil service / administration', 'Telecommunications', '', ''], ['Civil service / administration', 'Telecommunications', '', ''], ['Civil service / administration', 'Telecommunications', '', ''], ['Civil service / administration', 'Telecommunications', '', '']]","['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-11-16 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://securityaffairs.co/wordpress/138622/apt/dtrack-backdoor-targets-europe-latin-america.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,Not available,1-10,0.0,,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Sovereignty,,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://securityaffairs.co/wordpress/138622/apt/dtrack-backdoor-targets-europe-latin-america.html', 'https://securelist.com/dtrack-targeting-europe-latin-america/107798/', 'https://thehackernews.com/2022/11/north-korean-hackers-targeting-europe.html', 'https://research.checkpoint.com/2022/21st-november-threat-intelligence-report/', 'https://twitter.com/Cyber_O51NT/status/1639428701137035264']"
1680,The hacktivists group Belarusian Cyber-Partisans disrupted the computer systems of and stole information from the Russian General Radio Frequency Center (GRFC) in 2022,"The hacktivists group Belarusian Cyber-Partisans disrupted the computer systems of and stole information from the Russian General Radio Frequency Center (GRFC), which is part of Roskomnadzor (RKN), the Federal Service for Supervision of Communications, Information Technology and Mass Media. The activities lasted until November 2022, according to tweets of the hacktivist group itself that described the actions as a response to Roskomnadzor's role in censorship and surveillance of the political opposition in Russia.
The hacktivists said that they used software of Belarusian surveillance company Falcongaze to conduct the cyber-operation and announced plans to share material obtained in the operation with journalists. ",2022-10-01,2022-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,[['Russian General Radio Frequency Center (GRFC)']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['State institutions / political system']],[['Civil service / administration']],['Belarusian Cyber-Partisans'],['Belarus'],['Non-state-group'],['Hacktivist(s)'],1,2022-11-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Belarusian Cyber Partisans,,Belarus,Belarusian Cyber-Partisans,Belarus,Non-state-group,Hacktivist(s),"['https://twitter.com/cpartisans/status/1594397517684572161', 'https://twitter.com/cpartisans/status/1593634667147988993', 'https://t.me/cpartisans/980']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Exploit Public-Facing Application,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,0.0,None,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/evacide/status/1593649558269169665', 'https://twitter.com/cpartisans/status/1594397517684572161', 'https://twitter.com/cpartisans/status/1593634667147988993', 'https://tass.ru/obschestvo/16372881', 'https://twitter.com/campuscodi/status/1594699712996773888', 'https://therecord.media/belarusian-hacktivists-claim-to-breach-russias-internet-regulator/', 'https://t.me/cpartisans/980']"
1862,Russia-based SEABORGIUM targeted a variety of targets in the UK and other regions with spear-phishing campaign,"The UK National Cyber Security Centre warned of a successful spear-phishing campaign by Russia-based SEABORGIUM against a wide range of sectors including academia, defence and government organisations, NGOs, think-tanks, politicians, journalists, and activists in the UK and other regions. The campaign used open-source resources such as social media and professional networking platforms to conduct reconnaissance on targets. ",2022-01-01,2022-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['United Kingdom', 'United Kingdom', 'United Kingdom', 'United Kingdom', 'United Kingdom']","[['EUROPE', 'NATO', 'NORTHEU']]","[['Critical infrastructure'], ['Media'], ['Science'], ['State institutions / political system'], ['Social groups']]","[['Defence industry'], [''], [''], ['Government / ministries'], ['Advocacy / activists (e.g. human rights organizations)']]",['SEABORGIUM/Callisto Group/TA446/COLDRIVER'],['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-01-26 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,United Kingdom’s National Cyber Security Centre (NCSC),,United Kingdom,SEABORGIUM/Callisto Group/TA446/COLDRIVER,Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest'],Unknown,Unknown,,Unknown,,1,2023-01-26 00:00:00,State Actors: Preventive measures,Awareness raising,United Kingdom,UK National Cyber Security Centre (NCSC),No,,Phishing; Valid Accounts,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://twitter.com/lorenzofb/status/1623425549874888706', 'https://www.jpost.com/international/article-730929', 'https://www.govinfosecurity.com/russian-hackers-suspected-accessing-email-british-mp-a-21155', 'https://twitter.com/StewartMcDonald/status/1623224020949778432', 'https://www.bbc.com/news/uk-politics-64562832', 'https://therecord.media/british-cyber-agency-issues-warning-over-russian-and-iranian-espionage-campaigns/', 'https://securityaffairs.com/141393/apt/ncsc-warns-seaborgium-ta453-attacks.html', 'https://www.databreaches.net/ncsc-russian-and-iranian-hackers-targeting-uk-politicians-journalists/', 'https://www.rferl.org/a/britain-russia-hacking-group/32240999.html', 'https://twitter.com/BushidoToken/status/1618552720834846724', 'https://twitter.com/NCSC/status/1618539942170472449', 'https://twitter.com/RecordedFuture/status/1618612424923549696', 'https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest', 'https://thehackernews.com/2023/01/british-cyber-agency-warns-of-russian.html', 'https://twitter.com/Dennis_Kipker/status/1618933708815499265', 'https://twitter.com/unix_root/status/1618956739944013829', 'https://securityaffairs.com/141509/breaking-news/security-affairs-newsletter-round-404-by-pierluigi-paganini.html', 'https://www.microsoft.com/en-us/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/', 'https://twitter.com/BushidoToken/status/1623619447003947009']"
1689,Pro-Russian group Killnet took down the European Parliament website with a DDoS attack on 23 November 2022,The pro-Kremlin hacker group KillNet shut down the European Parliament's website on 23 November 2022. The takedown lasted for approximately one hour and was launched only a few hours after the Parliament had voted in favor of a resolution designating Russia as a state sponsor of terrorism. KillNet took responsibility for the attack on Telegram and linked the activity explicitly to the Parliament's declaration. The President of the European Parliament confirmed on Twitter that a cyber attack had taken place.,2022-11-23,2022-11-23,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by attacker,Disruption,[['European Parliament']],['EU (region)'],[['EU']],[['International / supranational organization']],,['Killnet'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2022-11-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,,Russia,Killnet,Russia,Non-state-group,Hacktivist(s),['https://t.me/killnet_reservs/3710'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-11-23 00:00:00,State Actors: Stabilizing measures,Statement by other ministers/members of parliament,EU (region),Roberta Metsola (President of the EU Parliament),No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,4.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,Not available,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/HackRead/status/1623358394613567488', 'https://twitter.com/RecordedFuture/status/1623519318150463489', 'https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html', 'https://therecord.media/killnet-ddos-hospitals-healthcare-russia', 'https://www.techrepublic.com/article/google-launches-project-shield/', 'https://twitter.com/Cyberwarzonecom/status/1595486137694687233', 'https://twitter.com/juschuetze/status/1595517029120966656', 'https://twitter.com/aselawaid/status/1595567502415007744', 'https://twitter.com/lukOlejnik/status/1595466951941591041', 'https://twitter.com/lukOlejnik/status/1595517657150799872', 'https://twitter.com/DigitalPeaceNow/status/1595512761664081928', 'https://twitter.com/ransomwaremap/status/1595481007507095572', 'https://www.kleinezeitung.at/politik/aussenpolitik/ukraine/6219169/Angriffe-auf-zivile-Ziele_Kurz-nach-RusslandVerurteilung_', 'https://www.elmundo.es/internacional/2022/11/23/637e3186fc6c837b508b45d5.html', 'https://www.govinfosecurity.com/russian-killnet-shuts-down-eu-parliament-website-ddos-a-20541', 'https://securityaffairs.co/wordpress/138906/hacktivism/killnet-ddos-european-parliament.html', 'https://www.bleepingcomputer.com/news/security/pro-russian-hacktivists-take-down-eu-parliament-site-in-ddos-attack/', 'https://www.securityweek.com/eu-parliament-website-attacked-after-meps-slam-russian-terrorism', 'https://therecord.media/european-parliament-faces-cyberattack-from-pro-russia-group-after-terrorism-declaration/', 'https://www.rferl.org/a/russia-state-sponsor-terrorism-european-parliament/32145200.html', 'https://t.me/killnet_reservs/3710', 'https://twitter.com/EP_President/status/1595443471518777345', 'https://twitter.com/jduch/status/1595433790809284614', 'https://www.bleepingcomputer.com/news/security/pro-russian-hacktivists-take-down-eu-parliament-site-in-ddos-attack/', 'https://www.politico.eu/article/cyber-attack-european-parliament-website-after-russian-terrorism/', 'https://twitter.com/laurenscerulus/status/1595614456826023936', 'https://www.kleinezeitung.at/politik/aussenpolitik/ukraine/6219393/We-are-Killnet_Cyberangriff-auf-EUParlament-nach-Votum-gegen-Russland', 'https://elpais.com/internacional/2022-11-23/el-parlamento-europeo-declara-a-rusia-como-estado-promotor-del-terrorismo.html?autoplay=1', 'https://www.hackread.com/killnet-european-parliament-ddos-attack/', 'https://www.politico.eu/article/cyber-attack-european-parliament-website-after-russian-terrorism/', 'https://www.euractiv.com/section/digital/news/ep-comes-under-russian-cyber-attack-hours-after-state-terrorism-vote/', 'https://www.spiegel.de/netzwelt/hacker-legen-website-des-eu-parlaments-lahm-a-db4f97c1-9a24-4b4e-978e-4e4e6383dcc0', 'https://www.derstandard.at/story/2000141140390/cyberangriff-auf-die-seite-des-eu-parlaments-wie-wird-eine', 'https://www.lefigaro.fr/flash-actu/le-site-du-parlement-europeen-cible-par-une-cyberattaque-apres-un-vote-sur-la-russie-20221123', 'https://www.wired.com/story/hacktivism-russia-ukraine-ddos/', 'https://www.govinfosecurity.com/russian-nuisance-hacking-group-killnet-targets-germany-a-21039', 'https://www.volkskrant.nl/nieuws-achtergrond/ziekenhuis-groningen-geraakt-door-pro-russische-hackers-geen-vitale-systemen-getroffen~b7becbaa/', 'https://therecord.media/ddos-denmark-us-russia-killnet/', 'https://twitter.com/securityaffairs/status/1621617739721752579', 'https://twitter.com/securityaffairs/status/1621511156430143490']"
1691,Likely China-linked group RedEcho has been targeting India's energy sector since 2020,"According to Recorded Future, a likely China-linked group named RedEcho has been targeting the Indian energy sector since mid-2020 by using infrastructure tracked by Recorded Future as AXIOMATICASYMPTOTE. The attacks occured in the context of the India-China border clashes that have been taking place since 5 May 2020, possibly indicating efforts to develop leverage through the pre-positioning of malware on strategic assets. RedEcho uses some TTPs that have been used before by other Chinese state-sponsored groups such as APT41 and Tonto Team. However, there is insufficient evidence to attribute the activities to an existing group, so the report attributes the activities to RedEcho. Recorded Future lists twelve targets of the group, which are mainly organisations in the power generation and transmission sector. However, targets in the maritime sector were also affected. Links to a power outage in Mumbai in October 2020 remain unsubstantiated. ",2020-01-01,2021-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,"[['Western Regional Load Despatch Centre (India)'], ['Telangana State Load Despatch Centre (India)'], ['North Eastern Regional Load Despatch Centre (India)'], ['Eastern Regional Load Despatch Centre (India)'], ['Power System Operation Corporation Limited (India)'], ['DTL Tikri Kalan (Mundka), Delhi Transco Ltd'], ['NTPC Kudgi STPP'], ['Southern Regional Load Despatch Centre (India)'], ['V. O. Chidambaranar Port'], ['Delhi State Load Despatch Centre (India)'], ['Mumbai Port Trust'], ['NTPC Limited']]","['India', 'India', 'India', 'India', 'India', 'India', 'India', 'India', 'India', 'India', 'India', 'India']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Energy'], ['Energy'], ['Energy'], ['Energy'], ['Energy'], ['Energy'], ['Energy'], ['Energy'], ['Transportation'], ['Energy'], ['Transportation'], ['Energy']]",['RedEcho'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2021-02-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Recorded Future,,United States,RedEcho,China,"Non-state actor, state-affiliation suggested",,['https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf'],Territory; International power,Territory; Resources; International power,China – India; China – India; China – India,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,12.0,1-10,1.0,None,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),International peace; Due diligence; Sovereignty,Prohibition of intervention; ; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.ironnet.com/blog/cyber-attacks-on-the-power-grid', 'https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf', 'https://therecord.media/redecho-group-parks-domains-after-public-exposure/', 'https://www.malwarebytes.com/blog/news/2021/03/chinas-redecho-accused-of-targeting-indias-power-grids', 'https://www.recordedfuture.com/from-coercion-to-invasion-the-theory-and-execution-of-china-cyber-activity']"
1693,The phones of Spain's prime minister Pedro Sanchez and defense minister Margarita Robles were compromised with Pegasus spyware in 2021,"The phones of Spain's prime minister Pedro Sanchez and defense minister Margarita Robles were compromised with Pegasus spyware from May to June 2021, the Spanish government revealed on 2 May 2022. Pedro Sanchez was the first sitting EU and NATO head of state confirmed to have been targeted with Pegasus spyware. ",2021-05-01,2021-06-01,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,"[['Pedro Sánchez (Prime Minister, Spain)'], ['Margarita Robles (Defence Minister; ESP)']]","['Spain', 'Spain']","[['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU']]","[['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries']]",['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,2,2022-05-02; 2022-05-10,State Actors: Stabilizing measures; State Actors: Executive reactions,Statement by other ministers/members of parliament; Removal from office,Spain; Spain,"Félix Bolaños (Minister of the Presidency, Relations with the Cortes and Democratic Memory, Spain); Spanish Government",No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,2.0,,0.0,None,0.0,euro,Not available,Cyber espionage; Sovereignty,State actors; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.politico.eu/article/pegasus-spyware-targeted-spanish-pm-pedro-sanchez-defense-minister/', 'https://twitter.com/perearagones/status/1521064638191910912', 'https://www.politico.eu/article/pegasus-hacking-spyware-spain-government-prime-minister-pedro-sanchez-margarita-robles-digital-espionage-crisis/', 'https://www.politico.eu/article/pegasus-use-5-eu-countries-nso-group-admit/', 'https://www.euronews.com/2022/05/10/pegasus-spyware-spain-s-intelligence-chief-dismissed-over-phone-hacking-scandal', 'https://elpais.com/internacional/2023-01-19/la-eurocamara-aprueba-un-resolucion-critica-con-marruecos-con-el-voto-en-contra-de-los-socialistas-espanoles.html']"
1694,The Spanish government is suspected to have conducted an extensive cyber-espionage operation against the Catalan independence movement using Pegasus spyware beginning in 2017,"The Spanish government is suspected to have conducted an extensive cyber-espionage operation against the Catalan independence movement using Pegasus spyware from 2017 until 2020, according to a technical report by CitizenLab. It states that it does not ""conclusively attributing the operations to a specific entity, but strong circumstantial evidence suggests a nexus with Spanish authorities"".
The cyber-espionage operation targeted 65 individuals. 52 spyware infections were observed. Among the victims are members of the European Parliament, former Catalan presidents, legislators, jurists, members of the civil society, and also some of their family members. 
The European Parliament launched an inquiry committee to investigate the use of the Pegasus spyware in April, that was already announced in March 2022. This cyber incident is the first time Pegasus spyware was used in Europe. Some of the later reconfirmed victims reported suspected surveillance of their phones as early as 2020.
The Spanish government as well launched an investigation into the conduct of Spain's National Intelligence Centre (CNI), which had contracted the use of Pegasus spyware. ",2017-01-01,2020-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,"Incident disclosed by victim; Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Data theft; Hijacking with Misuse,"[['Albert Botran (Member of the Congress of Deputies, Spain)'], ['Artur Mas (Former President of Catalonia, Spain)'], ['Andreu Van den Eynde (Lawyer, Spain)'], ['Dolors Mas (Businesswoman, Spain)'], ['Diana Riba (Member of European Parliament, Spain)'], ['Arnaldo Otegi (General Secretary, Euskal Herria Bildu, Spain)'], ['Albert Batet (Member of the Parliament of Catalonia, Spain)'], ['Alba Bosch'], ['Elena Jimenez (Òmnium Cultural, Spain)'], ['Antoni Comín (Member of European Parliament, Spain)'], ['Joan Matamala (Fundació Llibreria Les Voltes, Spain)'], ['Carles Riera (Member of the Parliament of Catalonia, Spain)'], ['Joaquim Jubert (Member of the Parliament of Catalonia, Spain)'], ['Jaume Alonso Cuevillas (Member of Parliament of Catalonia, Spain)'], ['Joan Ramon Casals (Former Member of the Parliament of Catalonia, Spain)'], ['Gonzalo Boye (Lawyer, Spain)'], ['David Bonvehi (Former Member of the Parliament of Catalonia, Spain)'], ['Elisenda Paluzie (President of Assemblea Nacional Catalana, Spain)'], ['Jordi Bosch (Òmnium Cultural, Spain)'], ['Joaquim Torra (Former President of Catalonia, Spain)'], ['Dr. Elias Campo (Director, August Pi i Sunyer Biomedical Research Institute (IDIBAPS), Spain)'], ['Josep Ma Ganyet (Professor, Spain)'], ['Jon Iñarritu (Member of the Congress of Deputies, Spain)'], ['Marcela Topor (Journalist, Spain)'], ['Jordi Sanchez (Former President Assemblea Nacional Catalana, Spain)'], ['Josep Maria Jové (Member of the Parliament of Catalonia, Spain)'], ['Marc Solsona (Former Member of the Parliament of Catalonia, Spain)'], ['David Madi (Businessman, Former advisor to President Artur Mas, Spain)'], ['Meritxell Serret (Member of the Parliament of Catalonia, Spain)'], ['Maria Cinta Cid (Professor, Spain)'], ['Meritxell Budo (Former Minister of the Presidency of Catalonia, Spain)'], ['Meritxell Bonet (Journalist, Spain)'], ['Jordi Baylina (Open-source Developer, Spain)'], ['Miriam Nogueras (Member of the Congress of Deputies, Spain)'], ['Pere Aragonès (President of Catalonia, Spain)'], ['Josep Costa (Former Member of the Parliament of Catalonia, Spain)'], ['Josep Rius (Junts per Catalunya, Spain)'], ['Marta Rovira (Former Member of the Parliament of Catalonia, Spain)'], ['Jordi Solé (Former Member of European Parlament, Spain)'], ['Marcel Mauri (Òmnium Cultural, Spain)'], ['Oriol Sagrera (Former Head of the Cabinet of the Presidency of the Parliament of Catalonia, Spain)'], ['Sergi Sabrià (Former Member of the Parliament of Catalonia, Spain)'], ['Sònia Urpí (Assemblea Nacional Catalana, Spain)'], ['Pol Cruz (European Parliament Assistant, Spain)'], ['Xavier Vendrell (Former Member of the Parliament of Catalonia, Spain)'], ['Josep Lluís Alay (Office Director of President Puigdemont and Professor of Asian History, Spain)'], ['Albano Dante Fachin (Journalist, Former Member of the Parliament of Catalonia, Spain)'], ['Not available']]","['Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Switzerland', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain', 'Spain']","[['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'WESTEU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU']]","[['State institutions / political system'], ['End user(s) / specially protected groups'], ['End user(s) / specially protected groups'], ['End user(s) / specially protected groups'], ['International / supranational organization'], ['State institutions / political system'], ['State institutions / political system'], ['Social groups'], ['Social groups'], ['International / supranational organization'], ['Social groups'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['End user(s) / specially protected groups'], ['State institutions / political system'], ['Social groups'], ['Social groups'], ['State institutions / political system'], ['Science'], ['Science'], ['State institutions / political system'], ['Media'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['End user(s) / specially protected groups'], ['State institutions / political system'], ['Science'], ['State institutions / political system'], ['Media'], ['End user(s) / specially protected groups'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['International / supranational organization'], ['Social groups'], ['State institutions / political system'], ['State institutions / political system'], ['Social groups'], ['International / supranational organization'], ['State institutions / political system'], ['Social groups', 'Science'], ['State institutions / political system', 'Media'], ['State institutions / political system', 'International / supranational organization', 'Social groups', 'End user(s) / specially protected groups', 'State institutions / political system']]","[['Legislative'], [''], [''], [''], [''], ['Political parties'], ['Legislative'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], [''], ['Advocacy / activists (e.g. human rights organizations)'], ['Legislative'], ['Legislative'], ['Legislative'], ['Legislative'], [''], ['Legislative'], ['Advocacy / activists (e.g. human rights organizations)'], ['Advocacy / activists (e.g. human rights organizations)'], ['Government / ministries'], [''], [''], ['Legislative'], [''], ['Legislative'], ['Legislative'], ['Legislative'], [''], ['Legislative'], [''], ['Government / ministries'], [''], [''], ['Legislative'], ['Government / ministries'], ['Legislative'], ['Political parties'], ['Legislative'], [''], ['Advocacy / activists (e.g. human rights organizations)'], ['Government / ministries'], ['Legislative'], ['Advocacy / activists (e.g. human rights organizations)'], [''], ['Legislative'], ['Advocacy / activists (e.g. human rights organizations)', ''], ['Legislative', ''], ['Government / ministries', '', 'Advocacy / activists (e.g. human rights organizations)', '', 'Legislative']]",['Centro Nacional de Inteligencia (CNI)'],['Spain'],['State'],,1,2022-04-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by third-party,CitizenLab,,Canada,Centro Nacional de Inteligencia (CNI),Spain,State,,"['https://www.theguardian.com/world/2020/jul/13/phone-of-top-catalan-politician-targeted-by-government-grade-spyware', 'https://www.europapress.es/nacional/noticia-torrent-maragall-comparan-watergate-presunto-espionaje-telefonos-20200715123213.html', 'https://www.theguardian.com/world/2020/jul/13/top-catalan-politician-says-alleged-attack-confirms-fears-about-spanish-state', 'https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/']",Autonomy; Subnational predominance; Secession,Autonomy; Secession,Spain (Catalan nationalists / Catalonia); Spain (Catalan nationalists / Catalonia),Yes / HIIK intensity,HIIK 3,3,2022-04-19; 2022-05-10; 2022-04-25,EU: Legislative reactions; State Actors: Executive reactions; State Actors: Legislative reactions,Parliamentary investigation committee; Removal from office; Parliamentary investigation committee,EU (region); Spain; Spain,European Parliament (EP); Spanish Government; Spanish Government,Yes,One,Exploit Public-Facing Application; Phishing,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",51-200,52.0,,0.0,None,0.0,euro,Direct (official members of state entities / agencies / units responsible),Cyber espionage; Human rights,State actors; ,Not available,0,,,,,,Cyber espionage; Human rights,; ,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.politico.eu/article/pegasus-spyware-targets-top-catalan-politicians-and-activists/', 'https://www.politico.eu/article/eus-vestager-brushes-off-spyware-threat/', 'https://twitter.com/perearagones/status/1521064638191910912', 'https://twitter.com/perearagones/status/1516012341162348547', 'https://www.theguardian.com/world/2020/jul/13/phone-of-top-catalan-politician-targeted-by-government-grade-spyware', 'https://www.theguardian.com/technology/2020/jul/28/whatsapp-confirms-catalan-politicians-phone-was-target-of-2019-attack', 'https://www.theguardian.com/world/2020/jul/16/spains-deputy-pm-urges-investigation-into-catalan-spyware-claims', 'https://www.europapress.es/nacional/noticia-torrent-maragall-comparan-watergate-presunto-espionaje-telefonos-20200715123213.html', 'https://www.theguardian.com/world/2020/jul/13/top-catalan-politician-says-alleged-attack-confirms-fears-about-spanish-state', 'https://www.theguardian.com/world/2020/jul/17/who-has-been-using-spyware-on-catalan-independence-campaigners', 'https://www.reuters.com/article/spain-politics-spyware/catalan-politician-suspects-was-target-of-state-phone-tapping-spokesman-says-idUKL5N2EL1OC', 'https://www.vice.com/en/article/pkyzxz/spain-nso-group-pegasus-catalonia', 'https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/', 'https://www.politico.eu/article/pegasus-use-5-eu-countries-nso-group-admit/', 'https://www.euronews.com/2022/04/25/spain-begins-investigation-into-catalonia-pegasus-spyware-allegations', 'https://www.euronews.com/2022/05/10/pegasus-spyware-spain-s-intelligence-chief-dismissed-over-phone-hacking-scandal', 'https://www.europarl.europa.eu/news/de/press-room/20220412IPR27112/ep-inquiry-committee-for-pegasus-and-other-spyware-launched', 'https://netzpolitik.org/2022/untersuchungsauschuss-zu-pegasus-skandal-spanien-wird-zum-problemfall-fuer-das-eu-parlament/', 'https://netzpolitik.org/2023/pegasus-eu-kommission-prueft-klagen-gegen-mitgliedslaender/']"
1699,Iranian state-sponsored hacking group MERCURY used Log4j 2 vulnerabilities against Israeli organizations in July 2022,"Iranian state-sponsored hacking group MERCURY used two Log4j vulnerabilities (CVE-2021-44228; CVE-2021-45046) in unpatched SysAid applications against Israeli organizations during 23-25 July 2022, according to a technical report by Microsoft.
Microsoft attributed this cyber incident with high confidence to MERCURY, also known as MuddyWater, which is affiliated with Iran's Ministry of Intelligence and Security (MOIS).
",2022-07-23,2022-07-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,[['Not available']],['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Unknown']],,"['MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069', 'Ministry of Intelligence and Security (MOIS; Iran)']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'State']",,1,2022-08-25; 2022-08-25; 2022-08-25; 2022-08-25,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Microsoft; Microsoft; Microsoft; Microsoft,,United States; United States; United States; United States,MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069; MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069; Ministry of Intelligence and Security (MOIS; Iran); Ministry of Intelligence and Security (MOIS; Iran),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State",,['https://www.microsoft.com/en-us/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application; External Remote Services,Not available,None,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,1.0,None,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-still-exploiting-log4j-bugs-against-israel/', 'https://lookingglasscyber.com/blog/threat-intelligence-insights/cyber-monitor-september22022/', 'https://www.microsoft.com/en-us/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations/']"
1701,North Korean state-sponsored hacker group Lazarus exploited Log4Shell vulnerability in South Korean targets in April 2022,"North Korean state-sponsored hacker group Lazarus exploited the Log4Shell vulnerability (CVE-2021-44228) in an unpatched VMware Horizon product to place the NukeSped backdoor into South Korean targets in April 2022, according to the technical report of South Korean IT-company AhnLab. 
In some cases, the hacker group also used the cryptocurrency malware JimMiner for monetary gains.",2022-04-01,2022-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking with Misuse,[['Not available']],"['Korea, Republic of']","[['ASIA', 'SCS', 'NEA']]",[['Unknown']],,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-05-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,AhnLab,,"Korea, Republic of","Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://asec.ahnlab.com/en/34461/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application; External Remote Services,Not available,None,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,3.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-vmware-servers-with-log4shell-exploits/', 'https://asec.ahnlab.com/en/34461/']"
1704,Pro-Russian hacktivist group Killnet targets Norway entities with DDoS Attack at the end of July 2022,"The Russian hacktivist group, NoName057, targeted Norway government sites in DDoS attacks that rendered Norwegian websites and online services inaccessible. According to NSM (National Security Authority) and media reporting, the group was later identified as the Killnet hacktivist group. IT-company Avast indicated in a report from September 6, that KillNet and NoName057 are actually two cooperating, but separate pro-Russian hacktivist groups. The cyber attacks coincided with ""the decision of Norwegian authorities to block Russian cargo to the Svalbard archipelago"" (an Arctic coal-mining settlement in the Barentsburg region, which Norway controls and allows other countries to access for natural resources); the donation of long-range rocket artillery (MLRS) to Ukraine; and Norway pushing for NATO membership for Finland and Sweden. The Telegram channel ""Legion – Cyber Spetsnaz RF"" published the websites targeted in the attack. The hacktivist group ""Legion"" is affiliated with Killnet. According to NoName057 ""some of the targeted Norwegian entities are Norway's national police, the state's public services portal, the NAV office site (immigration), the Altinn digital government document portal, and the UDI portal (immigration and traveling)."" One organization that is publicly known to have been impacted during the attack is: Norwegian Labour Inspection Authority. According to a Telegram channel, other websites that were claimed in the attack were: ""Norwegian Public Roads Administration, the Stander Consumer Bank, and a financial organization Sbanken Service."" Via social media (Twitter and Telegram), the group supposedly also leaked information when they ""provided links to breached data from the compromised websites...in an attempt to prove their successor hacking campaign.""
Although Norway's Prime Minister, Jonas Gahr Store, stated that he had no knowledge that ""significant damage"" occurred due to the attack. In response to the attack the director of Norway’s NSM, Sofie Nystrøm, released a statement and held a press conference. ",2022-07-29,2022-07-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source); Incident disclosed by attacker; Incident disclosed by authorities of victim state,Data theft & Doxing; Disruption,"[['Norwegian Police Service'], ['State Public Service Portal (Norway)'], ['NAV office site (Norway)'], ['Not available'], ['UDI portal (Norway)'], ['Altinn digital government document portal (Norway)']]","['Norway', 'Norway', 'Norway', 'Norway', 'Norway', 'Norway']","[['EUROPE', 'NATO', 'NORTHEU'], ['EUROPE', 'NATO', 'NORTHEU'], ['EUROPE', 'NATO', 'NORTHEU'], ['EUROPE', 'NATO', 'NORTHEU'], ['EUROPE', 'NATO', 'NORTHEU'], ['EUROPE', 'NATO', 'NORTHEU']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system'], ['State institutions / political system']]","[['Police'], ['Civil service / administration'], ['Civil service / administration'], [''], ['Civil service / administration'], ['Civil service / administration']]",['Killnet'],['Russia'],['Non-state-group'],['Criminal(s)'],3,2022-06-29; 2022-07-01; 2022-07-01; 2022-07-01; 2022-09-06,"Political statement / report (e.g., on government / state agency websites); Attribution given, type unclear; Attribution given, type unclear; Attribution given, type unclear; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; Media-based attribution; Attacker confirms; Attribution by receiver government / state entity; IT-security community attributes attacker,National Security Authority (NSM; NOR); National Security Authority (NSM) (Norway); National Security Authority (NSM) (Norway); National Security Authority (NSM) (Norway); Avast,,Norway; Norway; Norway; Norway; United States,Killnet; Killnet; Killnet; Killnet; NoName057(16),Russia; Russia; Russia; Russia; Not available,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,Criminal(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s),"['https://www.bleepingcomputer.com/news/security/russian-hacktivists-take-down-norway-govt-sites-in-ddos-attacks/', 'https://securityaffairs.co/wordpress/132765/hacking/legion-ddos-norway.html', 'https://www.computerweekly.com/news/252524358/Norway-has-NOK200m-plan-to-bolster-cyber-defences', 'https://www.thetechoutlook.com/news/technology/security/pro-russian-hacking-group-killnet-claimed-to-ddos-attack-three-norwegian-banking-websites/']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2022-06-29 00:00:00,State Actors: Preventive measures,Confidence and security-building Dialogues,Norway,National Security Authority (NSM) (Norway),No,,Not available,Data Exfiltration; Endpoint Denial of Service,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,8.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,,,Sovereignty,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html', 'https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/', 'https://decoded.avast.io/martinchlumecky/bobik/?utm_source=rss&utm_medium=rss&utm_campaign=bobik', 'https://intel471.com/blog/pro-russian-hacktivist-groups-target-ukraine-supporters', 'https://www.bleepingcomputer.com/news/security/russian-hacktivists-take-down-norway-govt-sites-in-ddos-attacks/', 'https://www.reuters.com/world/europe/norway-targeted-by-cyber-attack-security-agency-2022-06-29/', 'https://www.cnbc.com/2022/06/30/cyberattack-hits-norway-pro-russian-hacker-group-suspected.html', 'https://therecord.media/norway-accuses-pro-russian-hackers-of-launching-wave-of-ddos-attacks/', 'https://securityaffairs.co/wordpress/132765/hacking/legion-ddos-norway.html', 'https://www.computerweekly.com/news/252524358/Norway-has-NOK200m-plan-to-bolster-cyber-defences', 'https://thehill.com/policy/cybersecurity/3541585-norway-hit-with-cyberattack-temporarily-suspending-service/', 'https://www.securityweek.com/cyberattack-hits-norway-pro-russian-hacker-group-fingered', 'https://cybernews.com/news/pro-russian-hackers-blamed-for-a-cyberattack-on-norways-data-network/', 'https://www.thetechoutlook.com/news/technology/security/pro-russian-hacking-group-killnet-claimed-to-ddos-attack-three-norwegian-banking-websites/', 'https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801?mod=djemalertNEWS', 'https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/', 'https://therecord.media/ddos-denmark-us-russia-killnet/']"
1709,Chinese state-sponsored hacking group APT41 deployed the KeyPlug backdoor on high-profile victims in Asian countries beginning in late 2021,"Chinese state-sponsored hacking group APT41 deployed the KeyPlug backdoor on high-profile victims in Asian countries beginning in late 2021, as reported by Russian IT security company Kaspersky with medium confidence. ",2021-01-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,[['Not available']],['Asia (region)'],,[['Unknown']],,['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-11-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",[],Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,2.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,['https://securelist.com/apt-trends-report-q3-2022/107787/']
1715,North Korean state-sponsored hacker group Lazarus exploited VMWare Horizon vulnerability to infect unknown targets with MagicRAT,"The North Korean state-sponsored hacker group Lazarus exploited VMWare Horizon vulnerability to infect unknown targets with MagicRAT, as reported by Cisco Talos Intelligence with medium to high confidence. 
The infrastructure of MagicRat was also used to deploy TigerRAT, another malware attributed to Lazarus.",2022-01-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,[['Not available']],['Not available'],,[['Unknown']],,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-09-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cisco Talos Intelligence,,United States,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://blog.talosintelligence.com/lazarus-magicrat/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,2.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,Not available,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://decoded.avast.io/threatresearch/avast-q3-2022-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q3-2022-threat-report', 'https://blog.talosintelligence.com/lazarus-magicrat/', 'https://www.databreaches.net/north-korea-linked-hackers-behind-100-million-crypto-heist-fbi-says/', 'https://thehackernews.com/2023/01/north-korean-hackers-turn-to-credential.html']"
1716,Pro-Russian group Killnet claims DDoS attack against US-company Starlink in November 2022,"The Russian-affiliated hacktivist group Killnet claims responsibility for a DDoS attack against the satellite service provider Starlink in retaliation for its support of Ukraine following Russia's invasion. Trustwave researchers identified service outage reports from Starlink customers coinciding with the claims of the hacktivists. Various hacktivist groups that are known Killnet collaborators have also claimed to be participating in the attack, such as: Anonymous Russian, Msidstress, Radis, Mrai, and Halva.",2022-11-18,2022-11-18,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,[['Starlink']],['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Critical infrastructure']]","[['Telecommunications', 'Space']]","['Killnet', 'KillMilk', 'MSIDSTRESS', 'RADIS', 'Anonymous Russia', 'Mrai', 'Halva']","['Russia', 'Not available', 'Not available', 'Not available', 'Russia', 'Not available', 'Not available']","['Non-state-group', 'Unknown - not attributed', 'Unknown - not attributed', 'Unknown - not attributed', 'Non-state-group', 'Unknown - not attributed', 'Unknown - not attributed']","['Hacktivist(s)', '', '', '', 'Hacktivist(s)', '', '']",1,2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18; 2022-11-18,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet,,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; KillMilk; KillMilk; KillMilk; KillMilk; KillMilk; KillMilk; KillMilk; KillMilk; MSIDSTRESS; MSIDSTRESS; MSIDSTRESS; MSIDSTRESS; MSIDSTRESS; MSIDSTRESS; MSIDSTRESS; MSIDSTRESS; RADIS; RADIS; RADIS; RADIS; RADIS; RADIS; RADIS; RADIS; Anonymous Russia; Anonymous Russia; Anonymous Russia; Anonymous Russia; Anonymous Russia; Anonymous Russia; Anonymous Russia; Anonymous Russia; Mrai; Mrai; Mrai; Mrai; Mrai; Mrai; Mrai; Mrai; Halva; Halva; Halva; Halva; Halva; Halva; Halva; Halva,Russia; Russia; Russia; Russia; Not available; Not available; Not available; Not available; Russia; Russia; Russia; Russia; Not available; Not available; Not available; Not available; Russia; Russia; Russia; Russia; Not available; Not available; Not available; Not available; Russia; Russia; Russia; Russia; Not available; Not available; Not available; Not available; Russia; Russia; Russia; Russia; Not available; Not available; Not available; Not available; Russia; Russia; Russia; Russia; Not available; Not available; Not available; Not available; Russia; Russia; Russia; Russia; Not available; Not available; Not available; Not available,Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed; Non-state-group; Non-state-group; Unknown - not attributed; Unknown - not attributed,Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ; Hacktivist(s); ,['https://t.me/killnet_reservs/3565'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Due diligence,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.darkreading.com/threat-intelligence/killnet-gloats-ddos-attacks-starlink-whitehouse-gov', 'https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/killnet-claims-attacks-against-starlink-whitehousegov-and-united-kingdom-websites/', 'https://t.me/killnet_reservs/3565', 'https://www.darkreading.com/ics-ot/space-race-defenses-satellite-cyberattacks']"
1720,North Korean state-sponsored hacker group Lazarus stole $100 million from blockchain company Harmony on 24th June 2022,"North Korean state-sponsored hacker group Lazarus stole $100 million from blockchain company Harmony on 24th June 2022, states the British IT-company Elliptic on the basis of strong indications. 
On Jan. 23, the FBI confirmed this attribution, adding that a portion of over $60 million worth of Ethereum that has been converted to Bitcoin has been frozen in coordination with some of the virtual asset service providers. ",2022-06-24,2022-06-24,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Hijacking with Misuse,[['Harmony']],['United States'],"[['NATO', 'NORTHAM']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,2,2023-01-23; 2022-06-29,"Political statement / report (e.g., on government / state agency websites); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity; IT-security community attributes attacker,Federal Bureau of Investigation (FBI); Elliptic,,United States; United Kingdom,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110); Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","; Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://hub.elliptic.co/analysis/the-100-million-horizon-hack-following-the-trail-through-tornado-cash-to-north-korea/', 'https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-apt38-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft']",Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,7.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,> 10 Mio - 100 Mio,100000000.0,dollar,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.wired.com/story/sinbad-crypto-mixer-north-korean-hackers/', 'https://www.govinfosecurity.com/south-korea-sanctions-pyongyang-hackers-a-21193', 'https://therecord.media/binance-huobi-freeze-some-cryptocurrency-stolen-in-100-million-harmony-hack/', 'https://twitter.com/Dinosn/status/1617871299250126855', 'https://twitter.com/ericgeller/status/1617884932117872640', 'https://twitter.com/securityaffairs/status/1617892979309711361', 'https://twitter.com/ryanaraine/status/1617911577621200897', 'https://twitter.com/juanandres_gs/status/1617911614833070081', 'https://twitter.com/Cyber_O51NT/status/1617915698189340677', 'https://twitter.com/InfoSecSherpa/status/1617915840632066049', 'https://twitter.com/zackwhittaker/status/1617904976017383424', 'https://www.justice.gov/opa/pr/justice-department-investigation-leads-takedown-darknet-cryptocurrency-mixer-processed-over-3', 'https://www.databreaches.net/justice-department-investigation-leads-to-takedown-of-darknet-cryptocurrency-mixer-chipmixer/', 'https://cyberscoop.com/police-shut-down-cryptocurrency-mixer-chipmixer/', 'https://cyberscoop.com/north-korean-hackers-cloud-mining-cyrptocurrency/', 'https://www.wired.com/story/north-korea-apt43-crypto-mining-laundering/', 'https://therecord.media/north-korea-accused-of-orchestrating-100-million-harmony-crypto-hack/', 'https://hub.elliptic.co/analysis/the-100-million-horizon-hack-following-the-trail-through-tornado-cash-to-north-korea/', 'https://therecord.media/fbi-investigating-100-million-theft-from-blockchain-company-harmony/', 'https://www.cyberscoop.com/cryptocurrency-hacks-2022/', 'https://twitter.com/campuscodi/status/1615692241116225536', 'https://securityaffairs.com/141266/apt/harmony-horizon-bridge-lazarus-apt.html', 'https://thehackernews.com/2023/01/fbi-says-north-korean-hackers-behind.html', 'https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-apt38-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft', 'https://www.certik.com/resources/blog/2QRuMEEZAWHx0f16kz43uC-harmony-incident-analysis', 'https://twitter.com/cz_binance/status/1614887319177428992', 'https://twitter.com/MistTrack_io/status/1617521823067025408', 'https://twitter.com/zachxbt/status/1614771861266792449', 'https://therecord.media/north-korean-hackers-use-fake-job-offers-salary-bumps-as-lure-for-crypto-theft/', 'https://securityaffairs.com/141325/apt/ta444-turns-credential-harvesting-activity.html', 'https://cyberscoop.com/north-korean-cryptocurrency-hackers-education-government/', 'https://twitter.com/securityaffairs/status/1618371896277598209', 'https://twitter.com/chuksjonia/status/1618101629840142336', 'https://www.wired.com/story/meduza-russia-outlaw-security-roundup/', 'https://securityaffairs.com/141509/breaking-news/security-affairs-newsletter-round-404-by-pierluigi-paganini.html', 'https://www.cisa.gov/uscert/ncas/alerts/aa22-108a', 'https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft', 'https://www.govinfosecurity.com/banner-year-for-north-korean-cryptocurrency-hacking-a-21075', 'https://www.darkreading.com/ics-ot/lazarus-group-rises-again-gather-intelligence-energy-healthcare-firms', 'https://therecord.media/hackers-linked-to-north-korea-targeted-indian-medical-org-energy-sector/', 'https://twitter.com/RecordedFuture/status/1621646826360250370', 'https://twitter.com/RecordedFuture/status/1621646796219883520']"
1722,China-linked hacker group UNC4191 gained access to private and public entities located in the Philippines beginning in September 2021,"China-linked hacker group UNC4191 gained access to private and public sector entities located in the Philippines for intelligence collection purposes related to China's political and commercial interests beginning in September 2021, according to a technical report by Mandiant. 
The not further specified public and private sector entities were predominantly targeted through branches in the Philippines, including for organizations headquartered in other states. 
The hacker group leveraged USB devices to initially infect the given networks leveraging three new malware families (MISTCLOAK, DARKDEW, and BLUEHAZE). 
",2021-09-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Hijacking without Misuse,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['United States', 'Northeast Asia (region)', 'Philippines', 'Europe (region)', 'Oceania (region)', 'Southeast Asia (region)']","[['NATO', 'NORTHAM'], [], ['ASIA', 'SCS', 'SEA'], [], [], []]","[['Unknown'], ['Unknown'], ['Unknown'], ['Unknown'], ['Unknown'], ['Unknown']]",,['UNC4191'],['China'],['Unknown - not attributed'],,1,2022-11-28 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,,United States,UNC4191,China,Unknown - not attributed,,['https://securityaffairs.co/wordpress/139097/apt/unc4191-used-usb-devices.html'],International power,Territory; Resources; International power,Vietnam et al. – China (South China Sea); Vietnam et al. – China (South China Sea); Vietnam et al. – China (South China Sea),Yes / HIIK intensity,HIIK 2,0,,,,,,No,,Replication Through Removable Media,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,1.0,Not available,Not available,Not available,0.0,1-10,5.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.hackread.com/hackers-usb-drives-malware-attack/', 'https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia', 'https://twitter.com/unix_root/status/1597858467947184129', 'https://thehackernews.com/2022/11/chinese-cyber-espionage-hackers-using.html', 'https://www.securityweek.com/self-replicating-malware-used-chinese-cyberspies-spreads-usb-drives', 'https://securityaffairs.co/wordpress/139097/apt/unc4191-used-usb-devices.html', 'https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia', 'https://twitter.com/Mandiant/status/1598742797603016713']"
1725,Iranian hacktivist group Black Reward deleted 250 TB of data and stole confidential information from Iranian Fars News Agency in November 2022,"Iranian hacktivist group Black Reward deleted 250 TB of data and stole confidential information from Iranian Fars News Agency on 25 November 2022, according to a Telgram post of the group. 
The Iranian Fars News Agency disputed the extent of the hack and said that only information and news created on 23 November 2022 was destroyed. 
The confidential information contained the bulletins and directives sent by the Iranian Fars News Agency to the office of the Supreme Leader Ali Khamenei, based on accounts from the hacktivists. The cache of stolen data reportedly includes a an alleged missive from Supreme Leader Ali Khamenei dated 30 November that orders a smear campaign against a well-known Sunni scholar. 
Following the hack, the hacktivists released a video through the compromised Twitter account of the news agency's manager Habib Torkashvand, which allegedly shows one of the economic editors of the news agency in a sexual act.
On 4 December 2022, Black Reward published an audio file from the Iranian pro-regime Coalition Council of Islamic Revolution Forces, which appears to show the secretary of the council admitting to the accidental killing of women and children during a bloody crackdown in the southeastern city of Zahedan on September 30.
",2022-11-25,2022-11-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,[['Fars News Agency']],"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Media']],,['Black Reward'],"['Iran, Islamic Republic of']",['Non-state-group'],['Hacktivist(s)'],1,2022-11-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Black Reward,,"Iran, Islamic Republic of",Black Reward,"Iran, Islamic Republic of",Non-state-group,Hacktivist(s),['https://t.me/black_reward/149'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Exfiltration; Data Destruction,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,10.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,None,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.rferl.org/a/iran-irgc-commander-warns-province-red-lines/32339011.html', 'https://www.hackread.com/fars-news-agency-website-iran-hacked/', 'https://www.databreaches.net/iran-blames-israel-for-fars-news-agency-hack/', 'https://www.rferl.org/a/iran-sunni-cleric-discrediting-leaked-document/32157807.html', 'https://www.jns.org/iran-blames-israel-for-fars-news-agency-hack/', 'https://telegram.me/s/farsna', 'https://www.iranintl.com/en/202211269743', 'https://t.me/black_reward/149', 'https://www.rferl.org/a/iran-official-admits-women-children-killed-protests/32162594.html', 'https://www.securityweek.com/iran-arrests-news-agency-deputy-after-reported-cyberattack', 'https://www.rferl.org/a/iran-rights-security-forces-closing-roads-zahedan-protests/32230871.html']"
1732,Unknown hackers destroyed data in networks of Russian city halls and courts using new malware CryWiper in the fall of 2022,"Unknown hackers disguised the previously unknown destructive CryWiper malware as ransomware with the intention to delete data in networks of Russian city halls and courts in the fall of 2022, according to Kaspersky in a Russian blogpost. 
Igor Bederov, IT-security expert at T.Hunter, told the Russian newspaper Izvestia that this cyber incident is shaped by the current geopolitical context in which foreign hackers are encouraged to attack Russian targets. ",2022-09-01,2022-12-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,[['Not available']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system', 'State institutions / political system']]","[['Judiciary', 'Civil service / administration']]",['Not available'],['Not available'],['Not available'],,1,2022-12-01 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,,,,,['https://securelist.ru/novyj-troyanec-crywiper/106114/'],System / ideology; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Destruction,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,Day (< 24h),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,0.0,Not available,0.0,euro,Not available,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.bleepingcomputer.com/news/security/new-crywiper-data-wiper-targets-russian-courts-mayor-s-offices/', 'https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/', 'https://securityaffairs.co/wordpress/139237/malware/crywiper-wiper.html', 'https://www.hackread.com/crywiper-masquerading-as-ransomware-to-target-russian-courts/', 'https://arstechnica.com/information-technology/2022/12/never-before-seen-malware-is-nuking-data-in-russias-courts-and-mayors-offices/', 'https://twitter.com/campuscodi/status/1598592947037020162', 'https://securelist.ru/novyj-troyanec-crywiper/106114/', 'https://iz.ru/1433190/ivan-chernousov/stiratelnyi-pocherk-gosstruktury-atakoval-novyi-virus-shifrovalshchik', 'https://research.checkpoint.com/2022/5th-december-threat-intelligence-report/', 'https://thehackernews.com/2022/12/russian-courts-targeted-by-new-crywiper.html', 'https://www.darkreading.com/threat-intelligence/wiper-disguised-fake-ransomware-targets-russian-orgs', 'https://therecord.media/data-wiping-malware-hits-russian-courts-city-halls/', 'https://twitter.com/unix_root/status/1599776859734134786', 'https://twitter.com/cybersecboardrm/status/1599755194081894401', 'https://twitter.com/lukOlejnik/status/1599703247497101313', 'https://www.schneier.com/blog/archives/2022/12/crywiper-data-wiper-targeting-russian-sites.html', 'https://arstechnica.com/information-technology/2022/12/effective-fast-and-unrecoverable-wiper-malware-is-popping-up-everywhere/', 'https://arstechnica.com/staff/2022/12/the-20-most-read-stories-on-ars-technica-in-2022/', 'https://twitter.com/780thC/status/1618575901230497792']"
1736,Chinese state-sponsored hacking group APT41 stole $20 million in US Covid relief benefits from state governments beginning in mid-2020,"Chinese state-sponsored hacking group APT41 stole $20 million in US Covid relief benefits from state governments beginning in mid-2020, according to the US Secret Service. Agency officials and threat intelligence professionals noted that it remained unclear whether the group was undertaking these operations for their personal gain or at the direction of the Chinese government. At least one industry representative pointed out that they had not previously observed Chinese state-sponsored actors to target government money, a step they would consider an escalation.
",2020-06-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Hijacking with Misuse,[['Not available']],['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2022-12-05; 2022-12-05,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.); Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",IT-security community attributes attacker; Attribution by receiver government / state entity,,,United States; United States,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044; APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China; China,"Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,['https://www.nbcnews.com/tech/security/chinese-hackers-covid-fraud-millions-rcna59636'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,9.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,1-10,1.0,> 10 Mio - 100 Mio,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.jpost.com/international/article-724136', 'https://www.nbcnews.com/tech/security/chinese-hackers-covid-fraud-millions-rcna59636', 'https://www.nbcnews.com/tech/security/chinese-hackers-covid-fraud-millions-rcna59636', 'https://twitter.com/jeffstone500/status/1599765350379573248', 'https://twitter.com/Mandiant/status/1599841538166689800', 'https://twitter.com/M_Miho_JPN/status/1599786636866654208', 'https://www.independent.co.uk/tech/china-hackers-steal-covid-relief-b2239703.html', 'https://twitter.com/Dennis_Kipker/status/1600172551086276614', 'https://www.foxnews.com/us/chinese-hackers-exploited-us-covid-relief-funds-millions-secret-service-claims', 'https://www.heise.de/news/USA-Von-China-gestuetzte-Cyberkriminelle-sollen-Coronahilfsgeld-gestohlen-haben-7367393.html', 'https://www.wired.com/story/attacks-us-electrical-grid-security-roundup/', 'https://www.darkreading.com/application-security/tiktok-banned-on-govt-devices-will-private-sector-follow-suit', 'https://www.wired.com/story/most-dangerous-people-on-the-internet-2022/']"
1737,Pro-Russian hacker group Killnet takes down Italian state police website with DDoS attacks in May 2022,"The pro-Russian hacker group Killnet shut down the website of the Italian state police for several hours on 16 May 2022. The group claimed responsibility for the attack via Telegram, referring to previous reports that the Italian police had prevented DDoS attacks by Killnet against Eurovision. However, the group denies responsibility for those attacks. In addition, the group declared war on a total of 10 countries.",2022-05-16,2022-05-16,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,[['Polizia di Stato']],['Italy'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Police']],['Killnet'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2022-05-16 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,,Russia,Killnet,Russia,Non-state-group,Hacktivist(s),['https://t.me/killnet_reservs/1342'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Endpoint Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,None,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/ultimenotizie/status/1526190731995492352', 'https://t.me/killnet_reservs/1342', 'https://www.cybersecurity360.it/nuove-minacce/hacker-filo-russi-buttano-giu-il-sito-della-polizia-di-stato-italiana/', 'https://www.breakinglatest.news/health/russian-hackers-attack-the-site-of-the-state-police-now-open-war-on-10-countries-2/', 'https://www.ansa.it/sito/notizie/tecnologia/tlc/2022/05/16/ucraina-hacker-russi-attaccano-sito-polizia-e-annunciano-guerra-globale-_067d9784-ec13-4907-82df-8093e902c24f.html', 'https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html', 'https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/']"
1751,Chinese state-sponsored hackers gained access to the network of Amnesty International Canada in October 2022,"Chinese state-sponsored hackers gained access to the network of Amnesty International Canada for espionage purposes in October 2022, according to the IT security company Secureworks that the NGO brought on for forensic assistance.
Amnesty International Canada announced in a press release that no donor or membership data had been exfiltrated. ",2022-10-05,2022-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by victim,Hijacking without Misuse,[['Amnesty International (Canada)']],['Canada'],"[['NATO', 'NORTHAM']]",[['Social groups']],[['Advocacy / activists (e.g. human rights organizations)']],['Not available'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2022-10-05 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Secureworks,,United States,,China,"Non-state actor, state-affiliation suggested",,['https://www.amnesty.ca/news/news-releases/cyber-breach-statement/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,None,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.cbc.ca/news/politics/amnesty-international-canada-cyber-attack-china-1.6674788', 'https://www.washingtonpost.com/world/amnesty-international-canada-says-it-was-hacked-by-beijing/2022/12/05/2d256324-74fe-11ed-a199-927b334b939f_story.html', 'https://www.bleepingcomputer.com/news/security/amnesty-international-canada-breached-by-suspected-chinese-hackers/', 'https://therecord.media/amnesty-international-breach-linked-to-chinese-government-investigation-finds/', 'https://www.databreaches.net/amnesty-international-canada-hit-by-cyberattack-out-of-china-investigators-say/', 'https://www.amnesty.ca/news/news-releases/cyber-breach-statement/']"
1757,Iran-aligned hacking group Agrius deployed Apostle and DEADWOOD wipers against Israeli targets beginning in 2020,"The hacking group Agrius deployed Apostle and DEADWOOD wipers against Israeli targets from 2020 to 2021, according to IT security company SentinelOne. 
The intiators masked their wipers as ransomware, suggesting a focus on sabotage. 
DEADWOOD was previously attributed to APT33, an Iranian state-sponsored hacking group - an indication, as SentinelOne observed, that APT33 and Agrius may share resources.",2020-01-01,2021-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,[['Not available']],['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Unknown']],,['Agrius'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2021-05-25 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,SentinelOne,,United States,Agrius,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://assets.sentinelone.com/sentinellabs/evol-agrius#page=1'],System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,Exploit Public-Facing Application,Disk Wipe,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,7.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",Not available,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://assets.sentinelone.com/sentinellabs/evol-agrius#page=1', 'https://therecord.media/new-iranian-threat-actor-targets-israel-with-wipers-disguised-as-ransomware/', 'https://twitter.com/SentinelOne/status/1624465790882783240']"
1779,Cyberattack on Portuguese military resulting in theft and doxing of NATO documents in 2022,"The Armed Forces General Staff agency of Portugal (EMGFA) allegedly suffered a prolonged and undetected cyberattack which resulted in NATO documents being stolen and sold on the dark web. The documents were discovered by American cyber-intelligence agents and notified US authorities at the US Embassy in Lisbon. The National Security Office (GNS) and Portugal’s national cybersecurity center immediately reacted to the threat by deploying a team of experts to EMGFA to investigate the defence agency's network. The stolen documents were acquired through specially programmed bots that probed the network and were trained to discover and detect precisely this type of information. The leak of the documents is of “extreme gravity” and might impact the NATO alliance by creating distrust between members. The EMGFA computers are air-gapped and the data was exfiltrated via standard non-scure lines. This mean that the first assumpt is that the military agency might have ""broken its operational security rules at some point."" No official statement has been released yet by Portuguese officials. However, members of parliament have requested the chairman of the parliamentary defense committee, Marcos Perestrello, to schedule hearings as soon as possible. The Attorney General's Office confirmed that an investigation has been opened on the cyberattack and that it will be ""led by the public prosecutor’s office of the Central Department of Investigation and Prosecution (DCIAP).” A statement by the Defence Ministry conveyed that ""the investigations are conducted by the National Security Office, 'with which the ministry of defence and the armed forces work in close coordination.'”",2022-01-01,,Not available,,Incident disclosed by media (without further information on source); Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,[['Armed Forces General Staff Agency of Portugal (EMGFA)']],['Portugal'],"[['EUROPE', 'NATO', 'EU']]",[['State institutions / political system']],[['Military']],['Not available'],['Not available'],['Unknown - not attributed'],,1,,,,,,,,,Unknown - not attributed,,[],International power,Not available,,Not available,,1,2022-09-14 00:00:00,EU member states: Stabilizing measures,Statement by other ministers/members of parliament,Portugal,Ministry of Defence (PRT),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,Not available,0.0,Not available,0.0,euro,Not available,Cyber espionage,,Not available,1,2022-09-14 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Portugal,Central Department of Investigation and Prosecution (DCIAP),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://securityaffairs.co/wordpress/135480/data-breach/nato-docs-stolen-from-portugal.html', 'https://www.bleepingcomputer.com/news/security/classified-nato-documents-stolen-from-portugal-now-sold-on-darkweb/', 'https://research.checkpoint.com/2022/12th-september-threat-intelligence-report/', 'https://www.euractiv.com/section/politics/short_news/portugal-investigates-dark-web-sale-of-classified-nato-documents/']"
1785,Anonymous defaced the Russian locomotive manufacturing website in May 2022,"The hacktivist group Anonymous defaced a Russian locomotive manufacturing website with a picture of a dead Ukrainian child on May 13, 2022. Additionally, the message ""While many Russian children have fun, others in Ukraine are killed by Putin"" was displayed on the website.",2022-05-13,2022-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,[['locomotive.org']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Anonymous'],['Not available'],['Non-state-group'],['Hacktivist(s)'],1,2022-05-13 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,,Anonymous,,Non-state-group,Hacktivist(s),['https://web.archive.org/web/20220513113705/http://www.locomotive.org.ru/catalog.php?id=3&type=1'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,None,0.0,euro,None/Negligent,,,Not available,0,,,,,,Not available,,,,"['https://twitter.com/Anonymous_Link/status/1526129754734215168', 'https://www.thetechoutlook.com/news/technology/security/anonymous-collective-defaced-russian-locomotive-manufacturing-website-with-ukrainian-children-corpse/', 'https://web.archive.org/web/20220513113705/http://www.locomotive.org.ru/catalog.php?id=3&type=1', 'https://twitter.com/Anonymous_Link/status/1525077145013219328?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1525077145013219328%7Ctwgr%5E4d30c90147b06648fe92299d2362639f523005f4%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.thetechoutlook.com%2Fnews%2Ftechnology%2Fsecurity%2Fanonymous-collective-defaced-russian-locomotive-manufacturing-website-with-ukrainian-children-corpse%2F']"
1786,City council of Ukrainian city Lviv is attacked in May 2022 and data was stolen and published,"On 13 May 2022, the internet networks and services of the Lviv City Council were attacked. This was announced by the city's mayor, Andriy Sadowyj, one day after the cyberattack on Facebook. He suspected Russian actors behind the attack and pointed out that only a small amount of services and computers had been disabled, but most of them had already been restored. Later, Deputy Mayor Andriy Moskalenko announced that parts of the city's working data had been stolen and published on ""enemy"" Telegram channels.


",2022-05-13,2022-05-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft & Doxing; Disruption,[['Lviv City Council']],['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Civil service / administration']],['Not available'],['Russia'],['Not available'],,2,2022-05-14; 2022-05-15,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity; Attribution by receiver government / state entity,Andriy Sadowyj (Mayor of Lviv; UKR); Andriy Moskalenko (Deputy Mayor of Lviv; UKR),,Ukraine; Ukraine,,Russia; Russia,,,"['https://www.facebook.com/andriy.sadovyi/posts/572784957542945', 'https://www.facebook.com/andriy.moskalenko/posts/7327235234013340']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,9.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,None,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.facebook.com/andriy.sadovyi/posts/572784957542945', 'https://www.facebook.com/andriy.moskalenko/posts/7327235234013340', 'https://city-adm.lviv.ua/news/society/security/291547-khakery-namahalys-zlamaty-internet-merezhi-ta-servisy-merii-lvova', 'https://city-adm.lviv.ua/news/government/291555-naslidky-kiberataky-na-lviv-vykradeno-chastynu-danykh', 'https://www.radiosvoboda.org/a/news-lviv-kiberataka-meriya/31851752.html', 'https://imi.org.ua/en/news/work-data-partially-stolen-in-a-cyber-attack-on-the-lviv-city-council-website-i45579']"
1790,Cyber-espionage group Cloud Atlas gained acess to various sectors in Europe and Southeast Asia beginning in May 2019,"Cyber-espionage group Cloud Atlas gained acess into various sectors - ministries, diplomatic entitities, industrial targets, research entities - in various regions - Europe, Eastern Europe, Southeast Asia - for espionage purposes beginning in May 2019, according to technical reports of Check Point Research and Russia-based Positive Technologies. (The US Treasury Department sanctioned Positive Technology on 21 April 2021 over the company's alleged support to the FSB.) 
At the end of 2021, Cloud Atlas targeted especially government, diplomatic, research and industrial entities in Russia and Belarus as well as unspecified targets on the Crimean Peninsula and in Luhansk and Donetzk. 
Against this backdrop, the threat intelligence reports link the activities to the increase in tensions between Russia and Ukraine in the run-up and following Russia's large-scale invasion of Ukraine on 24 February 2022.",2019-05-01,2021-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['Ukraine', 'Southeast Asia (region)', 'Europe (region)', 'Russia', 'Eastern Europe', 'Belarus']","[['EUROPE', 'EASTEU'], [], [], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], [], ['EUROPE', 'EASTEU', 'CSTO']]","[['Unknown'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'State institutions / political system'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'State institutions / political system'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'State institutions / political system'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'State institutions / political system'], ['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Science', 'State institutions / political system']]","[[''], ['Government / ministries', '', 'Other (e.g., embassies)'], ['Government / ministries', '', 'Other (e.g., embassies)'], ['Government / ministries', '', '', 'Other (e.g., embassies)'], ['Government / ministries', '', 'Other (e.g., embassies)'], ['Government / ministries', '', '', 'Other (e.g., embassies)']]",['Inception Framework/Cloud Atlas/Blue Odin/G0100'],['Not available'],['Unknown - not attributed'],,2,2022-12-09; 2022-12-09,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Check Point Research; Positive Technologies,,Israel; Russia,Inception Framework/Cloud Atlas/Blue Odin/G0100; Inception Framework/Cloud Atlas/Blue Odin/G0100,,Unknown - not attributed; Unknown - not attributed,,"['https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/', 'https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,0.0,None,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/', 'https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/', 'https://twitter.com/Cyber_O51NT/status/1639428701137035264']"
1797,Anonymous and IT Army of Ukraine target Russian Banks in September 2022,"Anonymous and the IT Army of Ukraine claim that they targeted several Russian banks in a wave of cyber attacks in September 2022, including: Central Bank of Russia, MKBan, Gazprombank, Moscow Credit Bank, Sovkombank.  During the attack, bank customers were unable to send and receive payments, access their personal accounts, access mobile banking, or withdraw ATM funds. The pro-Ukrainian hacktivist group, IT Army of Ukraine, claimed to leak stolen documents from Central Bank of Russia (2.6 GB) on November 3, 2022 which contained 27,000 files. It cannot plausibly be assessed whether the leaked files have been obtained during the attacks in September. ",2022-08-29,2022-09-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,"[['Credit Bank of Moscow'], ['MKBank'], ['Sovkombank'], ['Gazprombank'], ['Central Bank of Russia']]","['Russia', 'Russia', 'Russia', 'Russia', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['State institutions / political system', 'Critical infrastructure']]","[['Finance'], ['Finance'], ['Finance'], ['Finance'], ['Other (e.g., embassies)', 'Finance']]","['Anonymous', 'IT Army of Ukraine']","['Not available', 'Ukraine']","['Non-state-group', 'Non-state-group']","['Hacktivist(s)', 'Hacktivist(s)']",1,2022-09-10; 2022-09-10; 2022-09-10; 2022-09-10; 2022-09-10; 2022-09-10; 2022-09-10; 2022-09-10,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms; Attacker confirms,Anonymous; Anonymous; Anonymous; Anonymous; IT Army of Ukraine; IT Army of Ukraine; IT Army of Ukraine; IT Army of Ukraine,,,Anonymous; Anonymous; IT Army of Ukraine; IT Army of Ukraine; Anonymous; Anonymous; IT Army of Ukraine; IT Army of Ukraine,Not available; Ukraine; Not available; Ukraine; Not available; Ukraine; Not available; Ukraine,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s),"['https://therecord.media/ukrainian-hacktivists-claim-to-leak-trove-of-documents-from-russias-central-bank/', 'https://www.fonetech.cz/hackeri-z-anonymous-sestrelili-dalsi-dve-ruske-banky-lide-nemohou-vybirat-z-bankomatu-ani-posilat-platby/', 'https://twitter.com/Anonymous_Link/status/1568542301554630656']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,Russia,,No,,Not available,Network Denial of Service,None,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,No justification under IL,,,,Sovereignty,,No response justified (missing state attribution & breach of international law),,"['https://therecord.media/ukrainian-hacktivists-claim-to-leak-trove-of-documents-from-russias-central-bank/', 'https://www.fonetech.cz/hackeri-z-anonymous-sestrelili-dalsi-dve-ruske-banky-lide-nemohou-vybirat-z-bankomatu-ani-posilat-platby/', 'https://twitter.com/Anonymous_Link/status/1568542301554630656', 'https://twitter.com/NewAnon0ps/status/1569072038865772544', 'https://euromaidanpress.com/2022/09/12/ukraines-it-army-paralized-2400-russian-resources-in-2-weeks/', 'https://www.pravda.com.ua/eng/news/2022/09/12/7367111/', 'https://odessa-journal.com/digital-attacks-from-the-it-army-more-than-2400-paralyzed-online-resources-in-2-weeks/']"
1800,Chinese-speaking hacker group MirrorFace gained access to and stole information of Japanese political entities beginning in June 2022,"The Chinese-speaking hacker group MirrorFace gained access to and stole documents and emails from Japanese political entities for espionage purposes in late June and July 2022, according to a technical report by IT security company ESET. 
MirrorFace targeted members of a specific political party through spearphishing in the run-up to the elections for the House of Councillors, the upper chamber of Japan's parliament, that took place on 10 July 2022. 
MirrorFace deployed the group's proprietary LODEINFO backdoor and the previously unknown credential stealer MirrorStealer. Code overlaps with LODEINFO had previously led Kaspersky to attribute related intrusions to APT10 with high confidence. In its assessment, ESET acknowledges these potential links but continuous to track the group as a separate activity cluster.",2022-06-29,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['Japan'],"[['ASIA', 'SCS', 'NEA']]",[['State institutions / political system']],[['Political parties']],['MirrorFace'],['China'],['Unknown - not attributed'],,1,2022-12-14 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,MirrorFace,China,Unknown - not attributed,,['https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/'],International power,Unknown,,Unknown,,0,,,,,,No,,Phishing,Data Exfiltration; Data Encrypted for Impact,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,None,0.0,euro,Not available,Cyber espionage,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/', 'https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/', 'https://twitter.com/ESETresearch/status/1602983166498770944', 'https://twitter.com/ESETresearch/status/1602983170751750144', 'https://www.bleepingcomputer.com/news/security/hackers-target-japanese-politicians-with-new-mirrorstealer-malware/', 'https://securityaffairs.co/wordpress/139698/apt/mirrorface-apt-group-targets-japan.html', 'https://thehackernews.com/2022/12/researchers-uncover-mirrorface-cyber.html', 'https://www.securityweek.com/chinese-cyberspies-targeted-japanese-political-entities-ahead-elections', 'https://twitter.com/securityaffairs/status/1603468611770847253', 'https://www.darkreading.com/attacks-breaches/chinese-apt-group-mirrorface-interferes-japanese-elections', 'https://www.welivesecurity.com/videos/mirrorface-aims-high-value-targets-japan-week-security-tony-anscombe/', 'https://twitter.com/DarkReading/status/1603827006625415185', 'https://twitter.com/Dinosn/status/1603799083675779073', 'https://twitter.com/securityaffairs/status/1604075791926665218', 'https://securitymea.com/2023/02/09/eset-threat-reports-on-russian-invasions-impact-on-digital-threats/']"
1801,Unnamed subcluster of Iranian state-sponsored hacker group TA453 compromised a close affiliate of former US National Security Advisor John Bolton with KORG malware,"An unnamed subcluster of Iranian state-sponsored hacker group TA453 compromised a close affiliate of former US National Security Advisor John Bolton with KORG malware, according to a technical report by Proofpoint. 
Proofpoint had previously linked TA453 activities to strategic interests of the Intelligence Organization of the Islamic Revolutionary Guard Corps (IRGC-IO). In its analysis, Proofpoint identifies an evolution in the group's focus on phishing academics, researchers, diplomats, dissidents, journalists, and human rights advocates towards support for kinetic operations. Impersonating or spoofing trusted connections, the group has sought to initiate real world meetings as a setup for kidnapping attempts. In view of this nexus to on-the-ground operations, Proofpoint assesses with medium confidence TA453 may be assisting other state entities, including Iran's Quds Force, the IRGC branch responsible for covert operations. ",,2022-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,[['Not available']],['United States'],"[['NATO', 'NORTHAM']]",[['Unknown']],,"['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059', 'Islamic Revolutionary Guard Corps (IRGC)']","['Iran, Islamic Republic of', 'Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested', 'State']",,1,2022-12-14; 2022-12-14; 2022-12-14; 2022-12-14,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker; IT-security community attributes attacker,Proofpoint; Proofpoint; Proofpoint; Proofpoint,,United States; United States; United States; United States,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059; Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059; Islamic Revolutionary Guard Corps (IRGC); Islamic Revolutionary Guard Corps (IRGC),"Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of; Iran, Islamic Republic of","Non-state actor, state-affiliation suggested; State; Non-state actor, state-affiliation suggested; State",,['https://www.proofpoint.com/us/blog/threat-insight/ta453-refuses-be-bound-expectations'],System / ideology; International power,System/ideology; International power,"EU, USA et. al –  Russia; EU, USA et. al –  Russia",Unknown,,0,,,,,,No,,Phishing,Not available,Required,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,None,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://therecord.media/iran-linked-cyberspies-expand-targeting-to-medical-researchers-travel-agencies/', 'https://www.cyberscoop.com/iran-ta453-charming-kitten-phosphorus-hacking-bolton/', 'https://www.proofpoint.com/us/blog/threat-insight/ta453-refuses-be-bound-expectations', 'https://twitter.com/DigitalPeaceNow/status/1603045899411722241', 'https://www.databreaches.net/iran-linked-charming-kitten-espionage-gang-bares-claws-to-pollies-power-orgs/']"
1802,Threat activity group UNC4166 gained access to and stole information from Ukrainian government networks beginning in mid-July 2022,"The threat activity group UNC4166 gained access to and stole information from Ukrainian government networks from 13 July 2022 to at least 28 November 2022, according to a technical report by threat intelligence company Mandiant. 
UNC4166 distributed trojanized Windows 10 installers via torrent sites in a supply-chain attack. 
Mandiant has not yet associated UNC4166 with a specific threat actor or sponsor but notes overlaps in the victimology with GRU-affiliated groups that conducted wiper attacks following Russia's invasion of Ukraine. ",2022-07-13,2022-11-28,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Government / ministries']],['UNC4166'],['Not available'],['Unknown - not attributed'],,1,2022-12-15 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,,United States,UNC4166,,Unknown - not attributed,,['https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Supply Chain Compromise,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,None,0.0,euro,Not available,Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.bleepingcomputer.com/news/security/ukrainian-govt-networks-breached-via-trojanized-windows-10-installers/', 'https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government', 'https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government', 'https://twitter.com/JohnHultquist/status/1603411638736101377', 'https://twitter.com/ericgeller/status/1603464919050952704', 'https://thehackernews.com/2022/12/trojanized-windows-10-installer-used-in.html', 'https://therecord.media/new-supply-chain-attack-targeted-ukrainian-government-networks/', 'https://twitter.com/RecordedFuture/status/1603820762963525634', 'https://twitter.com/M_Miho_JPN/status/1604143678888751104', 'https://www.schneier.com/blog/archives/2022/12/trojaned-windows-installer-targets-ukraine.html']"
1805,Russian state-sponsored hacker group Fancy Bear gained access to a US satellite communications provider in early 2022,"Russian state-sponsored hacker group Fancy Bear gained access to a US satellite communications provider in early 2022, according to a presentation by Cybersecurity and Infrastructure Security Agency's (CISA) incident response analyst MJ Emanuel at the CYBERWARCON cybersecurity conference on 10 November 2022. 
The hacker group seemingly exploited a 2018 vulnerability in an unpatched Virtual Private Network (VPN).",2022-01-01,2022-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by authorities of victim state,Hijacking without Misuse,[['Not available']],['United States'],"[['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Critical infrastructure']]","[['Telecommunications', 'Space']]","['Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)']",['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-11-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,"MJ Emanuel (Cybersecurity and Infrastructure Security Agency (CISA), United States)",,United States,"Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007 (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)",Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.cyberscoop.com/apt28-fancy-bear-satellite/'],International power,International power,,Unknown,,0,,,,,,No,,External Remote Services,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,None,0.0,euro,Direct (official members of state entities / agencies / units responsible),Space law; International telecommunication law; Sovereignty,; ; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.cyberscoop.com/apt28-fancy-bear-satellite/', 'https://twitter.com/DigitalPeaceNow/status/1603770675646398465', 'https://twitter.com/CyberScoopNews/status/1603803185986125831', 'https://twitter.com/piret_ccdcoe/status/1603823359661416453', 'https://twitter.com/BushidoToken/status/1603770828331556864', 'https://twitter.com/switch_d/status/1604147528731181057', 'https://twitter.com/Cyber_O51NT/status/1604326436315099136', 'https://twitter.com/noelle_cowling/status/1604364091480498177', 'https://twitter.com/CyberScoopNews/status/1604890252505919489', 'https://twitter.com/CyberScoopNews/status/1604858927216488449', 'https://twitter.com/CyberScoopNews/status/1607809246074179584', 'https://cyberscoop.com/solarium-commission-space-systems-critical-infrastructure/']"
1807,Hacking group UAC-0142 compromised Ukrainian battle management system Delta in December 2022,"An unidentified hacking group compromised the real-time battle management system Delta used by Ukraine's armed forces for situational awareness about enemy activity and defensive manoeuvres.
A spokesperson for the Defense Technology Innovation and Development Center of the Ukrainian Ministry of Defense, which developed the platform in collaboration with the Ministry of Digital Transformation and international partners, confirmed the breach to The Record.
The Ukrainian CERT had previously warned about suspicious activity directed against Delta users, tracked as threat cluster UAC-0142. The intruding group sought to use two tools designed for data theft, FateGrab and StealDeal, with no public indication of success. The attack coincided with a presentation of Delta at the NATO headquarters during the same week, on 13 and 14 December in Brussels. The spokesperson of the Innovation Department noted the incident had been detained in the preparation stage. ",2022-12-15,2022-12-15,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,[['Delta']],['Ukraine'],"[['EUROPE', 'EASTEU']]",[['State institutions / political system']],[['Military']],['UAC-0142'],['Not available'],['Unknown - not attributed'],,1,2022-12-18 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Attribution by receiver government / state entity,CERT-UA,,Ukraine,UAC-0142,,Unknown - not attributed,,['https://cert.gov.ua/article/3349703'],Unknown,Unknown,,Unknown,,1,2022-12-20 00:00:00,State Actors: Stabilizing measures,Statement by other ministers/members of parliament,,Defense Technology Innovation and Development Center of the Ukrainian Ministry of Defense,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,None,0.0,euro,Not available,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/3xp0rtblog/status/1604899693389090827', 'https://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html', 'https://www.securityweek.com/ukraines-delta-military-intelligence-program-targeted-hackers', 'https://therecord.media/military-operations-software-in-ukraine-was-breached-by-russian-hackers/', 'https://cert.gov.ua/article/3349703', 'https://twitter.com/securityaffairs/status/1605339909983608832', 'https://twitter.com/Cyber_O51NT/status/1605025954736136192', 'https://thehackernews.com/2022/12/ukraines-delta-military-system-users.html', 'https://twitter.com/switch_d/status/1605553669767938048']"
1808,"The hacker group Raspberry Robin and the malware of the same name gained access to networks of Latin American, European and Australian telecommunications companies and governments in September 2022","The hacker group Raspberry Robin and the malware of the same name gained access to networks of Latin American, European and Australian telecommunications companies and governments in September 2022, according to Trend Micro.
What is special about this cyber incident is that the malware is obfuscated behind many layers and triggers a fake payload once the malware is detected. 
The motivation of the hacking group ranges from data theft to cyber espionage. ",2022-09-01,2022-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,"[['Not available'], ['Not available'], ['Not available']]","['Australia', 'Europe (region)', 'South America']","[['OC'], [], []]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries'], ['Government / ministries']]",['Raspberry Robin'],['Not available'],['Unknown - not attributed'],,1,2022-12-20 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,,Japan,Raspberry Robin,,Unknown - not attributed,,['https://www.trendmicro.com/en%5Fus/research/22/l/raspberry-robin-malware-targets-telecom-governments.html'],International power,Unknown,,Unknown,,0,,,,,,No,,Hardware Additions,Data Exfiltration,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",11-50,0.0,11-20,0.0,None,0.0,euro,Not available,Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.bleepingcomputer.com/news/security/raspberry-robin-worm-drops-fake-malware-to-confuse-researchers/', 'https://thehackernews.com/2022/12/raspberry-robin-worm-strikes-again.html', 'https://www.trendmicro.com/en%5Fus/research/22/l/raspberry-robin-malware-targets-telecom-governments.html', 'https://securityaffairs.co/wordpress/139964/breaking-news/raspberry-robin-targets-telecom-governments.html', 'https://twitter.com/securityaffairs/status/1606655598140997632', 'https://twitter.com/Dinosn/status/1606708841235750912', 'https://securityaffairs.co/wordpress/139988/breaking-news/security-affairs-newsletter-round-399-by-pierluigi-paganini.html', 'https://www.darkreading.com/threat-intelligence/raspberry-robin-worm-highly-complex-upgrade', 'https://thehackernews.com/2023/01/raspberry-robin-worm-evolves-to-attack.html', 'https://therecord.media/financial-institutions-in-portugal-and-spain-targeted-by-new-raspberry-robin-malware/']"
1809,Multiple threat actors accessed the networks of the Foreign Affairs Office of an ASEAN member and exported data,"Multiple threat actors accessed the networks of the Foreign Affairs Office of an ASEAN member and exported data from the mailboxes of targeted officials. According to a report by Elastic Security Labs, the actors used a backdoor Elastic named ""SiestaGraph"" in the still ongoing operation. ",2022-11-01,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Foreign Affairs Office (ASEAN member country)']],['Not available'],,[['State institutions / political system']],[['Government / ministries']],['Not available'],['Not available'],['Not available'],,1,2022-12-16; 2022-12-16,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Elastic Security Labs; Elastic Security Labs,,Netherlands; United States,,,,,['https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry?utm_source=substack&utm_medium=email'],International power,Not available,,Not available,,0,,,,,,No,,Exploit Public-Facing Application,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,None,0.0,euro,Not available,Cyber espionage,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry?utm_source=substack&utm_medium=email', 'https://twitter.com/SentinelOne/status/1626259782402457600', 'https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/', 'https://therecord.media/middle-east-telecoms-espionage-sentinelone-microsoft-google-dropbox/']"
1813,Hacker group PLAY carried out a ransomware attack on the Belgian city of Antwerp on 6 December 2022,"Hacker group PLAY carried out a ransomware attack on the Belgian city of Antwerp on 6 December 2022, Het Laatste Nieuws reported first. 
The impact and nature of this ransomware attack remain unclear. HLN's initial media report on the morning of Dec. 6 states that the ransomware attack knocked out a variety of community services by hacking servers from IT service provider Digipolis from December 5 to December 6. 
On 6 December vice minister-president of the Flemish government and Flemish Minister for Living Together and Domestic Administration Bart Somers said that he ""now wants to release 1.25 million euros for emergency incidents such as these in Antwerp."" 
On December 11, the hacker group PLAY adds the city of Antwerp to its list of victims on its website. They claim to have stolen 557 gigabytes of data, this includes personal information, passports and more, and announce to publish this data on December 19 if the ransom demand is not paid. 
The following day, ITdaily reports that data from the city of Antwerp has been encrypted, disrupting a variety of municipal services such as libraries, museums, schools. 
On December 19 and before, the mayor of Antwerp Bart de Wever confirmed at a press conference that about 500 gigabytes of data had been stolen. However, he also says that the disruption of the city of Antwerp is not due to the hacker group, but to the city's security measures. The person in charge of the city of Antwerp even reveals that the stolen data is not personal information, as claimed by the hacker group, but login data and documents related to the city's personnel and construction projects. ",2022-12-05,2022-12-06,"Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft; Ransomware,[['City of Antwerp']],['Belgium'],"[['EUROPE', 'EU', 'NATO', 'WESTEU']]",[['State institutions / political system']],[['Civil service / administration']],['PLAY'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2022-12-11 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,PLAY,,,PLAY,,Non-state-group,Criminal(s),['https://twitter.com/BrettCallow/status/1602139287155347456'],Unknown,Not available,,Not available,,1,2022-12-06 00:00:00,State Actors: Stabilizing measures,Statement by other ministers/members of parliament,Belgium,"Bart Somers (Vice minister-president of the Flemish government and Flemish minister for Living Together and Domestic Administration, Belgium)",No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Minor,4.0,Not available,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,,0.0,Not available,0.0,euro,None/Negligent,Human rights,,Not available,1,2022-12-06 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Belgium,"Kristof Aerts (Official at the Public Prosecutor's office in Antwerp, Belgium)",Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.bleepingcomputer.com/news/security/antwerps-city-services-down-after-hackers-attack-digital-partner/', 'https://twitter.com/ransomwaremap/status/1600121283064184832', 'https://www.bleepingcomputer.com/news/security/play-ransomware-claims-attack-on-belgium-city-of-antwerp/', 'https://therecord.media/play-ransomware-group-claims-responsibility-for-antwerp-attack-as-second-belgian-city-confirms-new-incident/', 'https://www.malwarebytes.com/blog/news/2022/12/play-ransomware-attacks-government-agencies-and-their-providers', 'https://therecord.media/antwerp-denies-negotiating-ransomware-payment-as-city-disappears-from-leak-site/', 'https://twitter.com/cahlberg/status/1604885201544282113', 'https://www.malwarebytes.com/blog/news/2022/12/play-ransomware-group-claims-to-have-stolen-h-hotel-data', 'https://www.vrt.be/vrtnws/nl/2022/12/12/nieuwe-cyberaanval/', 'https://bartsomers.be/nieuws/bart-somers-wil-war-room-voor-lokale-besturen-die-slachtoffer-zijn-van-cyberaanvallen/?lid=6249', 'https://twitter.com/BartSomers/status/1602317525336850432?ref_src=twsrc%5Etfw', 'https://www.vrt.be/vrtnws/fr/2022/12/12/apres-anvers-c_est-au-tour-de-la-ville-de-diest-detre-visee-par/', 'https://bartsomers.be/nieuws/bart-somers-roept-lokale-besturen-op-om-cyber-audit-te-laten-doen/?lid=6249', 'https://m.standaard.be/cnt/dmf20221206_93860773', 'https://m.standaard.be/cnt/dmf20221206_93860773', 'https://www.gva.be/cnt/dmf20221218_93646922', 'https://www.vrt.be/vrtnws/nl/2022/12/19/bart-de-wever-over-hacking-antwerpse-stadsdiensten-tot-nu-geen/', 'https://itdaily.be/nieuws/security/cyberaanval-antwerpen-opgeeist-557-gb-aan-data-gestolen/', 'https://twitter.com/BrettCallow/status/1602139287155347456', 'https://twitter.com/alexandradarch/status/1600220828892770304', 'https://www.hln.be/antwerpen/rusthuizen-schakelen-over-op-pen-en-papier-na-massale-cyberaanval-op-antwerpse-stadsdiensten~a24d88fa/', 'https://www.bleepingcomputer.com/news/security/rackspace-confirms-play-ransomware-was-behind-recent-cyberattack/', 'https://therecord.media/play-ransomware-group-claims-attack-on-arnold-clark-one-of-britains-largest-car-dealerships/', 'https://twitter.com/BushidoToken/status/1624763921054703618']"
1814,Iranian hacker group Moses Staff hacked and controlled dozens of Israeli CCTV cameras since 2021,"Iranian hacker group Moses Staff hacked and controlled dozens of Israeli CCTV cameras to monitor senior Israeli officials since 2021, according to an investigative report of Israeli broadcaster Kan. 
The hacker group uploaded footage of Israel's Rafael defense contractor factory in Haifa, of the cities Jerusalem and Tel Aviv and of a terror attack in Jerusalem on 24 November 2022. ",2021-01-01,2022-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,[['Not available']],['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Moses Staff'],"['Iran, Islamic Republic of']",['Non-state-group'],['Hacktivist(s)'],2,2022-12-19; 2022-11-24,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution; Attacker confirms,Israeli Public Broadcasting Corporation (IPBC); Moses Staff,,"Israel; Iran, Islamic Republic of",Moses Staff; Moses Staff,"Iran, Islamic Republic of; Iran, Islamic Republic of",Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),"['https://t.me/moses_staff_se_15/209', 'https://www.timesofisrael.com/report-iran-hacked-israeli-cameras-a-year-ago-defense-officials-knew-didnt-act/', 'https://twitter.com/kann_news/status/1604906102084505601?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1604906102084505601%7Ctwgr%5E3258288abd4410203c842f7e69bd61c23d20ccf3%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.timesofisrael.com%2Freport-iran-hacked-israeli-cameras-a-year-ago-defense-officials-knew-didnt-act%2F']",System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Yes / HIIK intensity,HIIK 3,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,11-50,0.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/HackRead/status/1596247056234020867', 'https://www.timesofisrael.com/liveblog_entry/iranians-hacked-major-israeli-security-organization-to-get-footage-of-jerusalem-attack/', 'https://t.me/moses_staff_se_15/209', 'https://www.hackread.com/moses-staff-hackers-jerusalem-footage/', 'https://twitter.com/Cyber_O51NT/status/1605529844749463553', 'https://securityaffairs.co/wordpress/139934/hacking/iranian-group-hacked-israeli-cctv-cameras.html', 'https://www.haaretz.com/israel-news/security-aviation/2022-12-23/ty-article-magazine/.premium/revealed-the-israeli-firm-selling-dystopian-hacking-capabilities/00000185-0bc6-d26d-a1b7-dbd739100000', 'https://twitter.com/securityaffairs/status/1606392422665265170', 'https://twitter.com/securityaffairs/status/1606292867248332800', 'https://www.timesofisrael.com/report-iran-hacked-israeli-cameras-a-year-ago-defense-officials-knew-didnt-act/', 'https://twitter.com/kann_news/status/1604906102084505601?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1604906102084505601%7Ctwgr%5E3258288abd4410203c842f7e69bd61c23d20ccf3%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.timesofisrael.com%2Freport-iran-hacked-israeli-cameras-a-year-ago-defense-officials-knew-didnt-act%2F', 'https://www.haaretz.com/israel-news/security-aviation/2022-12-26/ty-article-magazine/this-dystopian-cyber-firm-could-have-saved-mossad-assassins-from-exposure/00000185-0bc6-d26d-a1b7-dbd739100000', 'https://www.haaretz.com/israel-news/security-aviation/2022-12-26/ty-article-magazine/.premium/this-dystopian-cyber-firm-could-have-saved-mossad-assassins-from-exposure/00000185-0bc6-d26d-a1b7-dbd739100000']"
1815,Hacker group STEPPY#KAVACH infected targets associated with the Indian government beginning in 2021,"Hacker group STEPPY#KAVACH infected targets associated with the Indian government to exfiltrate Kavach files beginning in 2021, according to IT security company Securonix.
Kavach is an authentication system used by Indian government officials. 
The hacker group STEPPY#KAVACH shows many commonalities with the Pakistani hacker group SideCopy and the Pakistani state-sponsored hacker group Transparent Tribe.",2021-01-01,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,[['Not available']],['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['STEPPY#KAVACH'],['Not available'],['Unknown - not attributed'],,1,2022-12-22 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Securonix,,United States,STEPPY#KAVACH,,Unknown - not attributed,,['https://www.securonix.com/blog/new-steppykavach-attack-campaign/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,2.0,No system interference/disruption,Not available,Not available,0.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://thehackernews.com/2022/12/researchers-warn-of-kavach-2fa-phishing.html', 'https://www.securonix.com/blog/new-steppykavach-attack-campaign/']"
1816,Financially-motivated hacker group BlueNoroff compromised a company employee in the United Arab Emirates beginning in September 2022,"Financially-motivated hacker group BlueNoroff compromised an employee in the sales department of a home financing company with likely Japan connections in the United Arab Emirates beginning on 2 September 2022, according to IT security company Kaspersky. 
BlueNoroff is known to be a subgroup of the notorious state-sponsored hacking group Lazarus. 
What stands out in this cyber incident is the circumvention of the Mark-of-the-Web flag by using different file types. 
Kaspersky claims with low confidence that the hacker group is interested in Japanese-related targets due to the Japanese spoofing websites and file names. ",2022-09-02,2022-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,[['Not available']],['United Arab Emirates'],"[['ASIA', 'MENA', 'MEA', 'GULFC']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,"['Bluenoroff/APT38/Stardust Chollima/G0082 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-12-27 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Kaspersky,,Russia,"Bluenoroff/APT38/Stardust Chollima/G0082 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://securelist.com/bluenoroff-methods-bypass-motw/108383/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,Not available,1-10,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://thehackernews.com/2022/12/bluenoroff-apt-hackers-using-new-ways.html', 'https://securelist.com/bluenoroff-methods-bypass-motw/108383/', 'https://www.securityweek.com/north-korean-hackers-created-70-fake-bank-venture-capital-firm-domains', 'https://twitter.com/Dinosn/status/1608173665547583488', 'https://twitter.com/obiwan666/status/1608181359079743488']"
1817,Hacktivist group Anonymous defaces the websites of China's Ministry of Emergency Management and Mino Space in October 2022,"According to Taiwan News, on 29 October 2022, the hacktivist group Anonymous defaced the websites of China's Ministry of Emergency Management and Mino Space, a private commercial satellite company based in Beijing. The hack can be traced back to the deletion of activity on the Wikipedia entry about Anonymous member Cyber Anakin by alleged Chinese operatives in late September. Cyber Anakin had previously hacked government websites, agricultural management systems, coal mine safety interfaces, nuclear power plant interfaces, and satellite interfaces as part of ""Operation Wrath of Anakin: No Time to Die"". The extensive entries on the hacktivist were reduced to a few paragraphs in October, citing alleged POV violations, failed verifications and unreliable sources.",2022-10-29,2022-10-29,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,"[['Mino Space'], ['Ministry of Emergency Management (China)']]","['China', 'China']","[['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO'], ['ASIA', 'SCS', 'EASIA', 'NEA', 'SCO']]","[['Critical infrastructure'], ['State institutions / political system']]","[['Space'], ['Government / ministries']]",['Anonymous'],['Not available'],['Non-state-group'],['Hacktivist(s)'],1,2022-10-29 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Anonymous,,,Anonymous,,Non-state-group,Hacktivist(s),['https://web.archive.org/web/20221029025947/http://120.52.31.152:8000/file/049f1bc0-117f-430d-9184-fb8f53e7519c.pdf'],System / ideology; Cyber-specific,Unknown,,Unknown,,0,,,,,,No,,Not available,Defacement,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://intrusiontruth.wordpress.com/2022/12/24/no-limits-relationship-chinas-state-hackers-scoop-up-intelligence-on-ukraine-and-russia/', 'https://www.taiwannews.com.tw/en/news/4703442', 'https://web.archive.org/web/20221029025947/http://120.52.31.152:8000/file/049f1bc0-117f-430d-9184-fb8f53e7519c.pdf', 'https://www.itworldcanada.com/post/anonymous-hacks-chinas-emergency-management-website', 'https://www.taipeitimes.com/News/taiwan/archives/2022/11/02/2003788129', 'https://web.archive.org/web/20221029024120/http://120.52.31.152:8000/file/b0d66768-0140-4060-9a2d-b4cd37db7ef3.png', 'https://web.archive.org/web/20221029024204/http://120.52.31.152:8000/file/e1c0337d-ddc9-4729-b3ea-d92a72a8b399.png', 'https://web.archive.org/web/20221029024536/http://120.52.31.152:8000/file/66e7706b-e7b1-450d-99df-57f901e10f6d.png', 'https://web.archive.org/web/20221029024250/http://120.52.31.152:8000/file/1c0cc1ac-b7f7-4d0b-8a8c-c387ec99038d.png', 'https://web.archive.org/web/20221029024701/http://120.52.31.152:8000/file/70b600c6-6c52-4d20-a832-c55ef3eac4ab.png', 'https://web.archive.org/web/20221029051732/https://urlscan.io/result/bc8aa3fc-02f8-4e16-bbb9-aa663c366af3/compare']"
1818,Ukrainian IT Army disrupted Alfa Bank and Raiffeisenbank in Russia in November 2022,"The Ukrainian hacktivist group IT Army disrupted the Alfa Bank and Raiffeisenbank in Russia on 7 November, according to their announcement on Twitter that day. 
Forbes Russia reported on the same day that customers of these two banks were not able to access their portfolios. 
On November 3, the same hacker group announced that they had stolen data from the Russian Central Bank. ",2022-11-07,2022-11-07,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,"[['Alfa Bank'], ['Raiffeisenbank']]","['Russia', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['Critical infrastructure'], ['Critical infrastructure']]","[['Finance'], ['Finance']]",['IT Army of Ukraine'],['Ukraine'],['Non-state-group'],['Hacktivist(s)'],1,2022-11-07 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,IT Army of Ukraine,,Ukraine,IT Army of Ukraine,Ukraine,Non-state-group,Hacktivist(s),['https://t.me/itarmyofukraine2022/855'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Service Stop,Not available,False,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Not available,0.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Due diligence,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.govinfosecurity.com/army-ukraine-targets-russian-banks-a-20443', 'https://t.me/itarmyofukraine2022/855', 'https://www.forbes.ru/investicii/480812-v-rabote-prilozenij-dla-investorov-rajffajzenbanka-i-al-fa-banka-proizosli-sboi']"
1819,Russian hacktivist group Digital Revolution breached documents from a contractor for the Russian FSB in 2019 and leaked them in 2020,"In March 2020, BBC Russia reports on the publication of a dozen documents from a Russian Federal Security Service (FSB) contractor by the hacktivist group Digital Revolution. The documents revealed the FSB's effort to obtain an Internet of Things (IoT) botnet system called Fronton. The documents were breached as early as April 2019, according to Digital Revolution. This system can be used to carry out DDoS attacks. The cyber intelligence firm Nisos reports in 2022 that the system can also be used to coordinate and disseminate disinformation in social media. ",2019-04-01,2019-04-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by media (without further information on source); Incident disclosed by attacker,Data theft & Doxing,,['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['Digital Revolution'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2020-03-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Digital Revolution,,Russia,Digital Revolution,Russia,Non-state-group,Hacktivist(s),['https://www.bbc.com/russian/news-51951933'],System / ideology; National power; Cyber-specific,System/ideology; National power,Russia (opposition); Russia (opposition),Yes / HIIK intensity,HIIK 3,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.bbc.com/russian/news-51951933', 'https://www.cyberscoop.com/fronton-ddos-coordinated-inauthentic-behavior-fsb/', 'https://www.nisos.com/blog/fronton-botnet-report/', 'https://meduza.io/en/feature/2020/03/19/russia-s-internet-knockout-punch', 'https://www.zdnet.com/article/hackers-breach-fsb-contractor-and-leak-details-about-iot-hacking-project/', 'https://therecord.media/treasury-department-hits-russian-disinformation-operators-with-sanctions/']"
1820,Pro-Russian group Killnet takes down Italian airports' websites with DDoS attacks in May 2022,"On 20 May 2022, the websites of six Italian airports were taken down with DDoS attacks. On Telegram, the pro-Russian hacker collective Killnet took responsibility for the attacks and justified them with the political actions of the Italian government. ",,,,,,,,"['Italy', 'Italy', 'Italy', 'Italy', 'Italy', 'Italy']","[['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Transportation'], ['Transportation'], ['Transportation'], ['Transportation'], ['Transportation'], ['Transportation']]",,,,,1,,,,,,,,,,,['https://t.me/killnet_reservs/1411'],,,,,,0,,,,,,,,,,,False,,,,,,0,,,,0.0,,,,0.0,,0.0,,0.0,euro,,,,,0,,,,,,,,,,"['https://t.me/killnet_reservs/1411', 'https://www.cybertechwiz.com/killnet-takes-down-milan-airport-websites/', 'https://www.archyworldys.com/russian-hackers-attacked-the-linate-malpensa-and-orio-al-serio-websites/', 'https://www.milanotoday.it/attualita/attacco-hacker-linate-malpensa.html', 'https://milano.repubblica.it/cronaca/2022/05/21/news/attacco_hacker_di_nuovo_operativi_siti_linate_malpensa_orio_al_serio_killnet-350527552/', 'https://milano.repubblica.it/cronaca/2022/05/20/news/attacco_hacker_linate_malpensa_orio_al_serio_killnet-350429486/', 'https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html', 'https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/']"
1822,Anonymous declares war on the pro-Russian hacker group Killnet and leaks their user database in May 2022,"On 23 May 2022, the hacker collective Anonymous announced on Twitter that it had hacked and published Killnet's user database of email addresses and passwords in order to disrupt their activities, as part of Anonymous #OpRussia. Just two days earlier, Anonymous declared war on Killnet in a tweet and also announced that Killnet's official website (killnet.ru) had been taken offline. The motive is believed to be the jointly published alert by the cybersecurity authorities of the UK, the US, Canada, New Zealand and Australia, against attacks on organisations outside Ukraine by pro-Russian hackers. Killnet was among the groups named in the advisory. ",2022-05-01,2022-05-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,[['Killnet']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Social groups']],[['Hacktivist']],['Anonymous'],['Not available'],['Non-state-group'],['Hacktivist(s)'],1,2022-05-23 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous,,,Anonymous,,Non-state-group,Hacktivist(s),"['https://twitter.com/AnonOpsSE/status/1528631617023102976', 'https://twitter.com/YourAnonTV/status/1528775651079094275?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1528775651079094275%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fain.ua%2F2022%2F05%2F25%2Fanonymous-oprylyudnyly-dani-prokremlivskyh-hakeriv-killnet%2F']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,,,Not available,0,,,,,,Not available,,,,"['https://www.cisa.gov/uscert/ncas/alerts/aa22-110a', 'https://twitter.com/YourAnonOne/status/1528048043647434752', 'https://twitter.com/AnonOpsSE/status/1528631617023102976', 'https://twitter.com/YourAnonTV/status/1528775651079094275?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1528775651079094275%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fain.ua%2F2022%2F05%2F25%2Fanonymous-oprylyudnyly-dani-prokremlivskyh-hakeriv-killnet%2F', 'https://twitter.com/YourAnonOne/status/1528048327295631361', 'https://www.hackread.com/anonymous-cyber-warfare-pro-russia-hacker-group-killnet/', 'https://metro.co.uk/2022/05/23/anonymous-declares-cyber-war-against-pro-russian-hacker-group-killnet-16691642/', 'https://www.secureblink.com/cyber-security-news/anonymous-broke-out-a-cyberattack-against-pro-russian-group-killnet']"
1823,Anonymous-linked group AgainstTheWest hacks Russian energy company Gazprom and leaks its database in March 2022,"On 4 March 2022, Anonymous announced on Twitter that the Anonymous-linked hacker group AgainstTheWest had hacked the Russian majority state-owned energy company Gazprom and leaked its database. The data published on ""anonfiles"" includes details about the company's source code and WellPro projects.  ",2022-03-01,2022-03-04,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Data theft & Doxing,[['Gazprom']],['Russia'],"[['EUROPE', 'EASTEU', 'CSTO', 'SCO']]",[['Critical infrastructure']],[['Energy']],['Anonymous'],['Not available'],['Non-state-group'],['Hacktivist(s)'],1,2022-03-04 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Anonymous,,,Anonymous,,Non-state-group,Hacktivist(s),['https://twitter.com/YourAnonTV/status/1499874976362635268?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1499874976362635268%7Ctwgr%5E2cb2af4b73fa6ab681843f8d116ec91a7d8db853%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.thecybersecuritytimes.com%2Fatw-hackers-linked-to-anonymous-breached-into-russian-energy-giant%2F'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://twitter.com/YourAnonTV/status/1499874976362635268?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1499874976362635268%7Ctwgr%5E2cb2af4b73fa6ab681843f8d116ec91a7d8db853%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.thecybersecuritytimes.com%2Fatw-hackers-linked-to-anonymous-breached-into-russian-energy-giant%2F', 'https://www.thecybersecuritytimes.com/atw-hackers-linked-to-anonymous-breached-into-russian-energy-giant/']"
1824,LockBit launched ransomware attack against the Port of Lisbon Administration on Christmas Day 2022,"<<<Only relevant in case of politicization, since the incident was reported in 2022>>>   The ransomware gang LockBit claimed to have deployed its ransomware suite against the Administration of the Port of Lisbon on 25 December. The port authority acknowledged an incident, stating that the port's operations remained unaffected. Portugal's National Cybersecurity Center and the Judicial Police are monitoring the situation. A week after the initial attack, the port's website continued to be offline. LockBit purported to have stolen a range of data, including financial reports, audits, budgets, contracts, cargo and ship logs, crew details, personally identifiable information of customers, and other internal documents and email communication. The group shared a sample from this trove, the authenticity of which has not been independently verified, and announced to release all files obtained on 18 January unless its ransom demand of over $1,5 Million is not met. ",2022-12-25,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Disruption; Ransomware,[['Port of Lisbon Administration']],['Portugal'],"[['EUROPE', 'NATO', 'EU']]",[['Critical infrastructure']],[['Transportation']],['LockBit'],['Russia'],['Non-state-group'],['Criminal(s)'],1,2022-12-25 00:00:00,"Self-attribution in the course of the attack (e.g., via defacement statements on websites)",Attacker confirms,Lockbit,,,LockBit,Russia,Non-state-group,Criminal(s),['https://twitter.com/RecordedFuture/status/1608637018892042241'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,3,Moderate - high political importance,3.0,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/securityaffairs/status/1627792579977744389', 'https://therecord.media/porto-portugal-water-utility-cyberattack-lockbit/', 'https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-blackcat-and-royal-dominate-the-ransomware-scene-ransomware-in-q4-2022', 'https://twitter.com/Cyberknow20/status/1608378016069193729', 'https://twitter.com/InfoSecSherpa/status/1608585688005361664', 'https://twitter.com/cahlberg/status/1608576192873115648', 'https://securityaffairs.com/140137/cyber-crime/lockbit-group-port-of-lisbon.html', 'https://twitter.com/securityaffairs/status/1608824451373895680', 'https://twitter.com/Cyber_O51NT/status/1608967638109286400', 'https://twitter.com/cahlberg/status/1608648682991386627', 'https://twitter.com/RecordedFuture/status/1608637018892042241', 'https://twitter.com/securityaffairs/status/1609236738333102080', 'https://twitter.com/Dinosn/status/1609085524299640838', 'https://twitter.com/VessOnSecurity/status/1609100631062548481', 'https://twitter.com/ransomwaremap/status/1610247831444688896', 'https://twitter.com/SteffenHeyde/status/1610226392012320771', 'https://www.malwarebytes.com/blog/business/2023/04/top-5-cyberthreats-facing-msps-and-vars-in-2023']"
1825,Suspected cyberattack against the public administration and utilities of the German city of Potsdam December 2022,"The local administration of the city of Potsdam took its servers offline on 29 December, in response to suspicious activity on its networks. As a result of the precautionary measure, authorities can currently not handle email communications via the usual channels and the software to process citizen requests, such as passport applications, cannot be accessed.
On the day after, Potsdam's municipal utilities also decided to shut down outbound Internet connections and email communications to investigate and mitigate a possible cyberattack. No ransom demands were received.",2022-12-29,,"Attack on (inter alia) political target(s), politicized",,,Hijacking without Misuse,[['Municipal Administration of Potsdam (Germany)']],['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Civil service / administration']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,2,2022-12-30; 2023-01-06,EU member states: Stabilizing measures; EU member states: Stabilizing measures,Statement by other ministers/members of parliament; Statement by other ministers/members of parliament,Germany; Germany,Matti Karstedt (Digital policy spokesman of the FDP; Germany); Christian Haase (Member of the German Parliament; CDU),No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/SteffenHeyde/status/1608607060182331395', 'https://www.heise.de/news/Verdacht-auf-Cyberangriff-Potsdamer-Verwaltung-ist-schon-wieder-offline-7444608.html', 'https://www.spiegel.de/netzwelt/web/hackerangriff-auch-die-stadtwerke-potsdam-schalten-internetdienste-ab-a-349ee521-df3b-499d-8f86-066f5c7f3c1e', 'https://www.spiegel.de/netzwelt/potsdam-schaltet-nach-moeglicher-cyberattacke-seine-internetserver-ab-a-5703d9d1-dff1-4a63-9c5d-6a0005ee632d', 'https://twitter.com/Dennis_Kipker/status/1610272615704440832', 'https://twitter.com/Dennis_Kipker/status/1615762770049499142', 'https://twitter.com/secIT_DE/status/1617232779145785344', 'https://kpv.de/blog/christian-haase-mdb-kommunen-brauchen-bessere-unterstuetzung-bei-der-abwehr-von-cyberattacken/', 'https://twitter.com/Dennis_Kipker/status/1623655370613825537']"
1826,Ransomware attack disrupts Italian municipality of Sarno via contractor on 27 December 2022,"A ransomware attack disrupted the computer systems of the town hall of the Italian municipality of Sarno on 27 December. 
The attack was directed against the servers of technology provider Advanced System, which manages the town hall systems and is supporting more than 1000 Italian municipalities in the collection of taxes and asset revenue management. ",2022-12-27,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,"[['Advanced Systems (Italy)'], ['Municipality of Sarno (Italy)']]","['Italy', 'Italy']","[['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system']]","[[''], ['Civil service / administration']]",['Phobos'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2022-12-29 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,Red Hot Cyber,,Italy,Phobos,,Non-state-group,Criminal(s),[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,5.0,Days (< 7 days),Not available,1-10,1.0,,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/securityaffairs/status/1608606338229362690', 'https://www.salernotoday.it/cronaca/hacker-comune-sarno-28-dicembre-2022.html', 'https://www.redhotcyber.com/post/lazienda-italiana-advanced-system-colpita-dal-ransomware-lo-avverte-lazienda-con-un-comunicato-stampa/']"
1827,APT41 gains access to the systems of a German company from the financial sector in March 2021 by exploiting ProxyLogon,"The Chinese APT41, which is considered state-sponsored, exploited the ""ProxyLogon"" vulnerability chain to gain access to the system of an unnamed German company from the financial sector in March 2021. After a year of inactivity, the group penetrated the system again in March 2022. Although this vulnerability had been patched in the meantime, the backdoor had not been removed prior to this, which made a new intrusion possible. Ransom notes were found on some of the company's servers. However, an encryption of the data could be prevented by Microsoft Defender for Endpoint (MDE).",2021-03-01,2022-03-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,[['Not available']],['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Critical infrastructure']],[['Finance']],['APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\xa0Winnti Umbrella/G0044'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-12-24 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,DCSO,,Germany,APT41/BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) < Winnti Umbrella/G0044,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application,Not available,None,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Not available,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,['https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1']
1828,"UNC4210, a suspected cluster of Russian APT Turla, targeted Ukrainian organizations with ANDROMEDA malware starting in December 2021","Threat intelligence company Mandiant reported attacks by a possible team of Russian APT Turla, tracked as cluster UNC4210, targeting Ukrainian organizations. In December 2021, the operation began with the insertion of a USB stick at an organization in Ukraine that had ANDROMEDA malware installed. The threat actors had taken over expired command and control domains of ANDROMEDA, a trojan widely in use by criminal groups at the beginning of the 2010s, to deploy their custom tools to carefully selected victims. In September 2022, after months of inactivity, a self-extracting WinRAR archive containing the JavaScript-based reconnaissance utility KOPILUWAK was executed at least seven times between 6 and 8 September. On 8 September, the QUIETCANARY backdoor was downloaded twice on a host and used 15 minutes later by the threat actor to compress, stage, and exfiltrate data. Only files created after 1 January 2021 were exfiltrated in this process.",2021-12-01,2022-09-08,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['Ukraine'],"[['EUROPE', 'EASTEU']]",[['Unknown']],,['UNC4210 < Turla/Waterbug/Venomous Bear/Snake/Uroburos'],['Russia'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2023-01-05 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,,United States,UNC4210 < Turla/Waterbug/Venomous Bear/Snake/Uroburos,Russia,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.mandiant.com/resources/blog/turla-galaxy-opportunity'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Replication Through Removable Media,Data Exfiltration; System Shutdown/Reboot,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.wired.com/story/russia-turla-fsb-usb-infection/', 'https://www.mandiant.com/resources/blog/turla-galaxy-opportunity', 'https://twitter.com/BushidoToken/status/1611110012985741313', 'https://twitter.com/Mandiant/status/1611062487788490769', 'https://www.darkreading.com/attacks-breaches/russia-turla-apt-hijacks-andromeda-usb-infections', 'https://www.cyberscoop.com/ukraine-turla-russia-cyberattacks/', 'https://www.securityweek.com/russian-turla-cyberspies-leveraged-other-hackers-usb-delivered-malware', 'https://twitter.com/Cyber_O51NT/status/1611169304720068608', 'https://twitter.com/780thC/status/1611314916698296320', 'https://twitter.com/craiu/status/1611265494039805952', 'https://twitter.com/CyberScoopNews/status/1611397116731052033', 'https://twitter.com/CyberScoopNews/status/1611383589316317185', 'https://thehackernews.com/2023/01/russian-turla-hackers-hijack-decade-old.html', 'https://twitter.com/M_Miho_JPN/status/1611634615713947649']"
1829,Anonymous Cuba disrupted the websites of at least seven faculties at the University of Havana on 1 January 2023,"Anonymous Cuba disrupted the websites of at least seven departments at the University of Havana, on 1 January 2023, according to a Twitter post of the hacktivist collective. 
The hackers inserted photos on the websites showing violent scenes of security forces cracking down on protestors, alongside a caricature published by the exile newspaper Diario de Cuba, anti-regime slogans, and demands for political prisoners to be released.",2023-01-01,2023-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,"[['Faculty of Geography - University of Havana'], ['Faculty of Psychology - University of Havana'], ['Faculty of Arts and Letters - University of Havana'], ['Faculty of Accounting and Finance - University of Havana'], ['Faculty of Economics - University of Havana'], ['Faculty of Tourism - University of Havana'], ['Faculty of Physics - University of Havana']]","['Cuba', 'Cuba', 'Cuba', 'Cuba', 'Cuba', 'Cuba', 'Cuba']",,"[['Science'], ['Science'], ['Science'], ['Science'], ['Science'], ['Science'], ['Science']]",,['Anonymous Cuba'],['Cuba'],['Non-state-group'],['Hacktivist(s)'],1,2023-01-02; 2023-01-02,"Self-attribution in the course of the attack (e.g., via defacement statements on websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attacker confirms,Anonymous Cuba; Anonymous Cuba,,Cuba; Cuba,Anonymous Cuba; Anonymous Cuba,Cuba; Cuba,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),['https://twitter.com/LARESISTENCIAC2/status/1609701763095093250'],System / ideology,System/ideology; National power,Cuba (social protests); Cuba (social protests),Yes / HIIK intensity,HIIK 3,0,,,,,,No,,Not available,Defacement,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-22/', 'https://diariodecuba.com/cuba/1672663402%5F44364.html', 'https://twitter.com/LARESISTENCIAC2/status/1609701763095093250']"
1830,Unknown actors gained limited access to the communication channels of Petrópolis City Hall in Brazil on 27 December 2022,"Unknown actors hijacked the communication channels of the city hall of Petrópolis and gained limited access on 27 December 2022, as reported by the city hall. Officials clarified that the data accessed by the cybercriminals is in the public domain and that no sensitive data was affected. The municipal government filed a police report with the police station for the ""Suppression of Computer Crimes"". ",2022-12-27,2022-12-27,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,[['Petrópolis City Hall']],['Brazil'],[['SOUTHAM']],[['State institutions / political system']],[['Civil service / administration']],['Not available'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2023-01-03 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Department of Technology (DETEC) of Municipal Government of Petropolis,,Brazil,,,Non-state-group,Criminal(s),['https://www.securityreport.com.br/destaques/prefeitura-de-petropolis-sofre-ataque-cibernetico/#.Y70wGhWZPD6'],Not available,Not available,,Not available,,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/ransomwaremap/status/1610582254266322950', 'https://www.facebook.com/petropolis.pmp/photos/a.109536130434945/1003713331017216/', 'https://www.securityreport.com.br/destaques/prefeitura-de-petropolis-sofre-ataque-cibernetico/#.Y70wGhWZPD6', 'https://www.petropolis.rj.gov.br/pmp/index.php/imprensa/noticias/item/19687-a-prefeitura-informa-que-foi-alvo-de-um-ataque-hacker-nesta-ter%C3%A7a-feira-27-12.html']"
1834,Dark Pink APT targeted state and corporate organizations in the Asia-Pacific and Europe since mid-2021,"In an eponymous cyber-operation, a newly-discovered APT group named Dark Pink was observed by Group-IB Global to have launched a series of successful malware and spearphishing campaigns against government, military, and corporate entities predominantly based in the Asia-Pacific (APAC) region. Initial attacks date back to at least June 2022, with some indications that the group may have been active as early as May 2021. 
The group likely operates out of the APAC region. Group-IB analysis acknowledges earlier reporting by Chinese cybersecurity researchers at the Anheng Information Shadows Hunting Lab from early January 2023, which tracked overlapping TTPs in a similar target space under the label Saaiwc Group. According to Singapore-headquartered Group-IB Global, which split from its Russia-based parent company in July 2022 to maintain international business accounts in light of sanctions against Russia and the company itself, Dark Pink's objectives are primarily corporate espionage and data theft.",2021-06-01,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft & Doxing; Hijacking with Misuse,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['Cambodia', 'Indonesia', 'Malaysia', 'Philippines', 'Vietnam', 'Bosnia and Herzegovina', 'Vietnam']","[['ASIA', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['ASIA', 'SCS', 'SEA'], ['EUROPE', 'BALKANS', 'WBALKANS'], ['ASIA', 'SCS', 'SEA']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system'], ['Social groups'], ['State institutions / political system'], ['Social groups']]","[['Government / ministries'], ['Government / ministries'], ['Military'], ['Military'], ['Religious'], ['Government / ministries'], ['Other social groups']]",['Dark Pink'],['Not available'],['Unknown - not attributed'],,1,2023-01-11 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Group-IB,Group-IB,Singapore,Dark Pink,,Unknown - not attributed,,['https://blog.group-ib.com/dark-pink-apt'],International power,Unknown,,Unknown,,0,,,,,,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,7.0,1-10,6.0,Not available,0.0,euro,Not available,Human rights; Sovereignty; Aid and development,"Economic, social and cultural rights; ; ",Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-january-2023/', 'https://thehackernews.com/2023/01/dark-pink-apt-group-targets-governments.html', 'https://www.bleepingcomputer.com/news/security/new-dark-pink-apt-group-targets-govt-and-military-with-custom-malware/', 'https://www.cyberscoop.com/dark-pink-hacking-campaign-southeast-asia/', 'https://blog.group-ib.com/dark-pink-apt', 'https://ti.dbappsecurity.com.cn/blog/articles/2023/01/06/saaiwcgroup/', 'https://blog.group-ib.com/dark-pink-apt', 'https://www.securityweek.com/sophisticated-dark-pink-apt-targets-government-military-organizations', 'https://www.hackread.com/espionage-meets-color-dark-pink-apt-group/', 'https://twitter.com/Dinosn/status/1613417183639371779', 'https://twitter.com/cahlberg/status/1613604530968461333', 'https://twitter.com/CyberScoopNews/status/1615151628037890048', 'https://twitter.com/Cyber_O51NT/status/1634223241752645637', 'https://thehackernews.com/2023/03/kamikakabot-malware-used-in-latest-dark.html', 'https://securityaffairs.com/143415/apt/dark-pink-apt-south-asia.html', 'https://www.govinfosecurity.com/dark-pink-apt-group-very-likely-back-in-action-a-21426']"
1835,"Denmark`s central bank and seven other private banks have been targeted with a DDoS attack on January 10, 2023 by pro-Russian hacktivist group NoName057(16)","According to Denmark`s central bank, its systems have been targeted by a DDoS attack on January 10, 2023. Apart from a short disruption of the bank`s website, no critical services or consumer data have been affected, according to a spokesperson. Additionally, seven other private banks from Denmark, such as Jyske Bank and Sydbank, were also affected. Only two days after the attack, the IT company SentinelOne states that the attack was carried out by the pro-Russian hacktivist group NoName057(16) that also claimed responsibility itself before. ",2023-01-10,2023-01-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,"[['National Bank (Denmark)'], ['Skjern Bank'], ['Sydbank'], ['Jyske Bank'], ['Ringkjøbing Landbobank'], ['Sparekassen Sjælland-Fyn'], ['Djurslands Bank'], ['Kreditbanken (Denmark)']]","['Denmark', 'Denmark', 'Denmark', 'Denmark', 'Denmark', 'Denmark', 'Denmark', 'Denmark']","[['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU'], ['EUROPE', 'NATO', 'EU', 'NORTHEU']]","[['State institutions / political system', 'Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Other (e.g., embassies)', 'Finance'], ['Finance'], ['Finance'], ['Finance'], ['Finance'], ['Finance'], ['Finance'], ['Finance']]",['NoName057(16) '],['Not available'],['Non-state-group'],['Hacktivist(s)'],2,2023-01-12; 2023-01-10,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Self-attribution in the course of the attack (e.g., via defacement statements on websites)",IT-security community attributes attacker; Attacker confirms,SentinelOne; NoName057(16),,United States; Not available,NoName057(16) ; NoName057(16),,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),['https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-01-31 00:00:00,State Actors: Preventive measures,Awareness raising,Denmark,Centre for Cyber Security (CFCS) Denmark,No,,Not available,Network Denial of Service,None,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,8.0,,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,Not available,,"['https://news.postimees.ee/7709620/cyber-attacks-against-estonian-state-institutions-companies-continued-in-january', 'https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-january-2023/', 'https://twitter.com/nicoleperlroth/status/1612870760514871298', 'https://politiken.dk/indland/art9159659/Ingen-grund-til-frygt-hos-bankkunder-efter-cyberangreb', 'https://politiken.dk/indland/art9159018/Syv-banker-var-ramt-af-nedbrud-efter-hackerangreb', 'https://www.reuters.com/technology/denmarks-central-bank-website-hit-by-cyberattack-2023-01-10/', 'https://www.cyberscoop.com/russia-hacktivist-noname-github-ddos/', 'https://therecord.media/pro-russia-hackers-use-telegram-github-to-attack-czech-presidential-election/', 'https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/', 'https://twitter.com/SentinelOne/status/1613927507429924866', 'https://twitter.com/TomHegel/status/1613989241263898624', 'https://www.bankinfosecurity.com/danish-banks-targets-pro-russian-ddos-hacking-group-a-20902', 'https://www.hackread.com/github-disables-pages-ddos-noname05716/', 'https://twitter.com/SentinelOne/status/1615437803495497728', 'https://therecord.media/ddos-denmark-us-russia-killnet/', 'https://twitter.com/Cybersikkerhed/status/1620377909860143104?ref%5Fsrc=twsrc%5Etfw', 'https://twitter.com/cahlberg/status/1620591103572590592']"
1836,Chinese threat actors exploited FortiOS vulnerability to use BOLDMOVE backdoor to penetrate an European government and African managed service provider (MSP) since October 2022,"A Chinese threat actor with ties to the Chinese state compromised a European government network and an African managed service provider using a previously undisclosed vulnerability in the operating system of Fortinet's security solutions (CVE-2022-42475), including firewall and VPN products, according to the vendor and IT-company Mandiant. 
Fortinet publicly reported the vulnerability on 12 December 2022, noting that the vulnerability allows for the remote execution of commands and had been exploited in the wild.
On January 19, 2023, IT security firm Mandiant picked up and completed the cyber incident by Fortinet, which had already been disclosed in rudimentary form. In it, Mandiant attributes this cyber incident with low confidence to Chinese threat actors with ties to the People's Republic of China. Specifically, it is said to be a continuation of Chinese cyber espionage. 
For exploitation, the hackers used the Linux variant of the BOLDMOVE backdoor, tailored to the given FortiOS vulnerability. ",2022-10-01,,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,"[['Not available'], ['Not available']]","['Africa', 'Europe (region)']",,"[['Critical infrastructure'], ['State institutions / political system']]","[['Telecommunications'], ['Government / ministries']]",['Not available'],['China'],['State'],,1,2023-01-19 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Mandiant,,China,,China,State,,['https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw'],International power,Unknown,,Unknown,,0,,,,,,Yes,One,External Remote Services,Not available,None,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Cyber espionage,State actors,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.darkreading.com/endpoint/exploit-code-released-critical-fortinet-rce-bug', 'https://www.bleepingcomputer.com/news/security/fortinet-govt-networks-targeted-with-now-patched-ssl-vpn-zero-day/', 'https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd', 'https://www.fortiguard.com/psirt/FG-IR-22-398', 'https://thehackernews.com/2023/01/fortios-flaw-exploited-as-zero-day-in.html', 'https://securityaffairs.com/140721/hacking/fortinet-ssl-vpn-cve-2022-42475-attacks.html', 'https://therecord.media/fortinet-warns-of-hackers-targeting-governments-through-vpn-vulnerability/', 'https://twitter.com/Cyber_O51NT/status/1613704607791972353', 'https://twitter.com/securityaffairs/status/1613917509161308162', 'https://twitter.com/securityaffairs/status/1613775747428093952', 'https://twitter.com/securityaffairs/status/1615651911528779777', 'https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw', 'https://twitter.com/JohnHultquist/status/1616129443919020055', 'https://twitter.com/780thC/status/1616163230400790528', 'https://twitter.com/Mandiant/status/1616128859711193141', 'https://twitter.com/_marklech_/status/1616095757664411649', 'https://thehackernews.com/2023/01/new-chinese-malware-spotted-exploiting.html', 'https://www.bleepingcomputer.com/news/security/new-boldmove-linux-malware-used-to-backdoor-fortinet-devices/', 'https://securityaffairs.com/141052/hacking/fortios-ssl-vpn-zero-day.html', 'https://www.securityweek.com/chinese-hackers-exploited-fortinet-vpn-vulnerability-zero-day', 'https://www.govinfosecurity.com/fortinet-vpn-flaw-shows-pitfalls-security-appliances-a-20990', 'https://www.databreaches.net/chinese-north-korean-hackers-continue-exploiting-zero-day-vulnerabilities/', 'https://twitter.com/Dinosn/status/1616351247237545986', 'https://twitter.com/securityaffairs/status/1616386978014023680', 'https://twitter.com/cybersecboardrm/status/1616427887413940225', 'https://twitter.com/Dinosn/status/1616324056235610112', 'https://twitter.com/campuscodi/status/1616502495139999747', 'https://therecord.media/suspected-chinese-hackers-exploit-vulnerability-in-fortinet-devices/', 'https://www.hackread.com/backdoor-fortios-chinese-0-day/', 'https://twitter.com/nicoleperlroth/status/1616806144357310464', 'https://twitter.com/daveaitel/status/1616793080908201990', 'https://twitter.com/thegrugq/status/1616779906142318592', 'https://twitter.com/SteffenHeyde/status/1616863120089022464', 'https://twitter.com/nicoleperlroth/status/1616810970302615552', 'https://research.checkpoint.com/2023/23rd-january-threat-intelligence-report/', 'https://twitter.com/cahlberg/status/1617286816830492672', 'https://twitter.com/HackRead/status/1617099879498522625', 'https://twitter.com/securityaffairs/status/1617111134435442688', 'https://twitter.com/cahlberg/status/1616966637143343104', 'https://socradar.io/malicious-actors-in-dark-web-december-2022-ransomware-landscape/', 'https://www.mandiant.com/resources/blog/zero-days-exploited-2022', 'https://securityaffairs.com/143798/apt/2022-zero-day-exploitation.html', 'https://www.darkreading.com/attacks-breaches/attackers-probing-zero-day-vulns-edge-infrastructure']"
1842,Pro-Russian hacker group NoName057(16) targeted websites of Czech presidential candidates with DDoS attacks in January 2023,"In January 2023, the websites of candidates Petr Pavel and Tomáš Zima running for the 2023 Czech presidential elections were targeted with DDoS attacks. Zima's website was first attacked on 11 January and again on 13 January. On the latter date, expanded to Pavel's website. The pro-Russian hacker group NoName057(16) claimed responsibility for the attacks on Telegram. The websites of the non-profit organisation Hlídač státu and the Czech Ministry of Foreign Affairs were also targeted, although the latter unsuccessfully. The group initiated a DDoS collaborator payment program, paying people for launching DDoS-attacks. ",2023-01-11,2023-01-13,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,"[['Tomáš Zima'], ['Petr Pavel'], ['Hlídač státu']]","['Czech Republic', 'Czech Republic', 'Czech Republic']","[['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'EASTEU']]","[['State institutions / political system'], ['State institutions / political system'], ['Social groups']]","[['Election infrastructure / related systems'], ['Election infrastructure / related systems'], ['Advocacy / activists (e.g. human rights organizations)']]",['NoName057(16)'],['Russia'],['Unknown - not attributed'],,5,2023-01-13; 2023-01-11; 2023-01-13; 2023-01-12; 2023-01-13,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attacker confirms; Attacker confirms; Attacker confirms; IT-security community attributes attacker,"Marek Vala (National Cyber and Information Security Agency, Czech Republic); NoName057(16); NoName057(16); NoName057(16); Pavel Klimes (Avast Threat Labs, Czech Republic)",,Czech Republic; Not available; Not available; Not available; Czech Republic,NoName057(16); NoName057(16) ; NoName057(16) ; NoName057(16) ; NoName057(16),Russia; Not available; Not available; Not available; Not available,Unknown - not attributed; Non-state-group; Non-state-group; Non-state-group; Non-state-group,; Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s),"['https://domaci.hn.cz/c1-67159580-hackersky-utok-tesne-pred-volbami-weby-pavla-a-zimy-napadla-ruska-skupina', 'https://t.me/noname05716/1478', 'https://t.me/noname05716/1469', 'https://t.me/noname05716/1494', 'https://t.me/noname05716/1492', 'https://t.me/noname05716/1489']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-01-13 00:00:00,EU member states: Stabilizing measures,Statements by foreign ministers,Czech Republic,Mariana Wernerová (Spokeswoman of the Czech Foreign Ministry),No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,3.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/780thC/status/1613507889649303552', 'https://twitter.com/RecordedFuture/status/1613610743483465743', 'https://www.securityweek.com/pro-russian-group-ddos-ing-governments-critical-infrastructure-ukraine-nato-countries', 'https://twitter.com/SentinelOne/status/1613927507429924866', 'https://twitter.com/securityaffairs/status/1613911726193270786', 'https://twitter.com/TomHegel/status/1613989241263898624', 'https://twitter.com/cahlberg/status/1613833812311425027', 'https://domaci.hn.cz/c1-67159580-hackersky-utok-tesne-pred-volbami-weby-pavla-a-zimy-napadla-ruska-skupina', 'https://t.me/noname05716/1478', 'https://t.me/noname05716/1469', 'https://t.me/noname05716/1494', 'https://t.me/noname05716/1492', 'https://t.me/noname05716/1489', 'https://www.hackread.com/github-disables-pages-ddos-noname05716/', 'https://twitter.com/SentinelOne/status/1615437803495497728', 'https://research.checkpoint.com/2023/23rd-january-threat-intelligence-report/', 'https://decoded.avast.io/threatresearch/avast-q4-2022-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q4-2022-threat-report', 'https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-january-2023/', 'https://socradar.io/dark-web-profile-noname05716/']"
1843,Unknown attackers disrupted the technological platform SICA of Venezuelan National Superintendence of Agri-Food Management (SUNAGRO) in January 2023,"Unknown attackers disrupted the technological platform SICA (Sistema Integral De Control Agroalimentario) which monitors the production chain of agricultural produce and is operated by the Venezuelan National Superintendence of Agri-Food Management (SUNAGRO), during 11-13 January 2023, according to SUNAGRO. ",2023-01-11,2023-01-13,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Disruption,[['National Superintendence of Agri-Food Management (SUNAGRO)']],['Venezuela'],[['SOUTHAM']],[['State institutions / political system']],[['Civil service / administration']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),Not available,none,none,2,Moderate - high political importance,2.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-23/', 'https://twitter.com/SunagroOficial/status/1613248963238322177?ref%5Fsrc=twsrc%5Etfw', 'https://twitter.com/SunagroSucre/status/1613731262962753541']"
1850,Chinese APT Playful Taurus likely spied on Iranian Government Institutions in mid-to-late 2022,"Chinese APT Playful Taurus (aka APT15) was observed by Unit42 to be the likely attacker behind cyber espionage against Iranian government institutions, including the foreign ministry, and a natural resource organization. The operations is suspected to be part of a cyber espionage campaign against Iran, which intensified during July and December 2022, with initial infiltrations reaching back further.",2022-07-01,2022-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft,"[['Not available'], ['Not available'], ['Ministry of Foreign Affairs (Iran)']]","['Iran, Islamic Republic of', 'Iran, Islamic Republic of', 'Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA']]","[['Unknown'], ['State institutions / political system'], ['State institutions / political system']]","[[''], ['Government / ministries'], ['Government / ministries']]",['Ke3chang/Vixen Panda/APT 15'],['China'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2023-01-18 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Palo Alto Networks Unit 42,Palo Alto Networks,United States,Ke3chang/Vixen Panda/APT 15,China,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://unit42.paloaltonetworks.com/playful-taurus/'],International power,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application,Data Exfiltration,None,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",,0.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-january-2023/', 'https://thehackernews.com/2023/01/iranian-government-entities-under.html', 'https://unit42.paloaltonetworks.com/playful-taurus/', 'https://twitter.com/780thC/status/1615799936846598149', 'https://twitter.com/ericgeller/status/1615721331428917249', 'https://twitter.com/campuscodi/status/1616502495139999747']"
1851,Russian state-sponsored hacker group Sandworm sought to sabotage the Ukrainian National News Agency Ukrinform using CaddyWiper on 17 January 2023,"The Russian state-sponsored hacker group Sandworm, which is linked to the military intelligence service GRU, sought to disrupt the Ukrainian National News Agency Ukrinform using CaddyWiper on 17 January 2023, according to the Ukrainian Computer Emergency Response Team (CERT-UA). The incident caused ""certain destructive effects"" on the network but fell short of interfering with the news agency's operational processes. For a brief period, the attack appears to have disrupted a Ukrainian government press briefing on the threat of Russian cyberattacks on 17 January 2023, which resumed shortly. On 27 January 2023, the CERT-UA announces that a total of five samples of malware have been found on the network. In addition to CaddyWiper, the malware samples are ZeroWipe, SDelete, AwfulShred and BidSwipe.",2023-01-17,2023-01-17,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by victim,Disruption; Hijacking with Misuse,[['National News Agency of Ukraine (Ukrinform)']],['Ukraine'],"[['EUROPE', 'EASTEU']]",[['Media']],,"['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2023-01-18 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,CERT-UA,,Ukraine,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,['https://cip.gov.ua/ua/news/ukrinform-mogli-atakuvati-khakeri-z-ugrupuvannya-sandworm-pov-yazanogo-z-rosiiskim-gru-poperedni-dani-doslidzhennya-cert-ua'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Destruction,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Armed conflict; Sovereignty,Civic / political rights; ; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.bleepingcomputer.com/news/security/ukraine-links-data-wiping-attack-on-news-agency-to-russian-hackers/', 'https://cip.gov.ua/en/news/kiberataka-ne-zmogla-zupiniti-robotu-informaciinogo-agentstva-ukrinform', 'https://cip.gov.ua/ua/news/ukrinform-mogli-atakuvati-khakeri-z-ugrupuvannya-sandworm-pov-yazanogo-z-rosiiskim-gru-poperedni-dani-doslidzhennya-cert-ua', 'https://twitter.com/DigitalPeaceNow/status/1615453594458939393', 'https://twitter.com/dsszzi/status/1615986288745652238', 'https://twitter.com/VessOnSecurity/status/1615995338543833089', 'https://twitter.com/snlyngaas/status/1615886353216180224', 'https://twitter.com/BushidoToken/status/1616437713900544000', 'https://twitter.com/campuscodi/status/1616502495139999747', 'https://twitter.com/nicoleperlroth/status/1616804670856388608', 'https://www.youtube.com/watch?v=j_Afg77IjaU', 'https://t.me/UkraineMediaCenterKyiv/4223', 'https://cyberscoop.com/sandworm-wiper-ukraine-russia-military-intel/', 'https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/', 'https://therecord.media/sandworm-swiftslicer-malware-ukraine-russia-eset/', 'https://twitter.com/CyberScoopNews/status/1619044030154940417', 'https://twitter.com/RecordedFuture/status/1619109632882135040', 'https://twitter.com/CyberScoopNews/status/1619019403890233349', 'https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html', 'https://twitter.com/M_Miho_JPN/status/1619590150522294272', 'https://cert.gov.ua/article/3718487', 'https://research.checkpoint.com/2023/30th-january-threat-intelligence-report/', 'https://securityaffairs.com/141561/cyber-warfare-2/sandworm-apt-uses-5-wipers.html', 'https://twitter.com/securityaffairs/status/1620071040285310977', 'https://twitter.com/DarkReading/status/1620558295672012807', 'https://twitter.com/Cyber_O51NT/status/1620571509596229632', 'https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html', 'https://www.malwarebytes.com/blog/news/2023/02/a-week-in-security-january-30-february-5', 'https://www.darkreading.com/attacks-breaches/russia-sandworm-apt-swarm-wiper-attacks-ukraine', 'https://www.bleepingcomputer.com/news/security/ukraine-says-russian-hackers-backdoored-govt-websites-in-2021/', 'https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months', 'https://twitter.com/Cyber_O51NT/status/1629280661474508801', 'https://twitter.com/780thC/status/1629087842516320256', 'https://blogs.microsoft.com/on-the-issues/2023/03/15/russia-ukraine-cyberwarfare-threat-intelligence-center/', 'https://www.rferl.org/a/russian-hackers-ukraine-cyberattacks-microsoft/32319995.html', 'https://www.jpost.com/international/article-734447', 'https://cyberscoop.com/russian-hackers-ukraine-cyberattacks/', 'https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html', 'https://www.welivesecurity.com/2023/03/30/eset-research-podcast-year-fighting-rockets-soldiers-wipers-ukraine/']"
1852,Elements of Kazakhstan's intelligence services are suspected of having hacked the website of news outlet Ulysmedia.kz to publish private information on 18 January 2023,"Elements of Kazakhstan's intelligence services are suspected of having hacked the website of the independent Kazakh news organization Ulysmedia and to have published personal information on 18 January 2023, according to the editor-in-chief of the news agency Samal Ibrayeva. Personal data of Ibrayeva and private pictures of her and her family were posted on the website of the news outlet. The incident led Ulysmedia to suspend its website. In an interview with Azattyk, the Kazakh branch of Radio Free Europe/ Radio Liberty, Ibrayeva expressed doubt that the activities could have occured ""without the participation of the special services"", noting the lack of any response by the National Security Committee of the Republic of Kazakhstan (NSC) to threats and attacks against journalists of Ulysmedia and other Kazakh outlets over the last six months.",2023-01-18,2023-01-18,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by victim,Disruption; Hijacking with Misuse,"[['Ulysmedia'], ['Samal Ibrayeva (Editor-in-chief of Ulysmedia, Kazakhstan)']]","['Kazakhstan', 'Kazakhstan']","[['ASIA', 'CSTO', 'SCO'], ['ASIA', 'CSTO', 'SCO']]","[['Media'], ['Media']]",,['National Security Committee of the Republic of Kazahkstan (NSC)'],['Kazakhstan'],['State'],,1,2023-01-18 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,"Samal Ibrayeva (Editor-in-chief of Ulysmedia, Kazakhstan)",,Kazakhstan,National Security Committee of the Republic of Kazahkstan (NSC),Kazakhstan,State,,['https://www.azattyq.org/a/32228814.html'],System / ideology; National power,System/ideology; National power,Kazakhstan (opposition); Kazakhstan (opposition),Unknown,,3,2023-01-20; 2023-01-20; 2023-01-20,EU member states: Stabilizing measures; State Actors: Stabilizing measures; State Actors: Stabilizing measures,Statement by other ministers/members of parliament; Statement by other ministers/members of parliament; Statement by other ministers/members of parliament,EU (region); United Kingdom; United States,Delegation of the European Union to the Republic of Kazakhstan ; British Embassy Astana; U.S. Embassy to Kazakhstan,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights,Civic / political rights,Not available,0,,,,,,Human rights,Civic / political rights,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.rferl.org/a/kazakhstan-editor-meat-box-children-intimidation/32261983.html', 'https://www.rferl.org/a/kazakh-website-ylysmedia-hacked-ibraeva/32229461.html', 'https://www.azattyq.org/a/32228814.html', 'https://www.rferl.org/a/kazakhstan-attacks-journalists-united-states-britain-european-union/32232741.html']"
1854,The cyber subgroup APT-C-23 of the Palestinian terrorist organization Hamas penetrated computers and mobile devices of senior Israeli officials since July 2021,"APT-C-23, one of the two main subgroups of Hamas' cyber warfare division, managed to trick senior members of Israeli law enforcement, defense, and emergency service organization into downloading malware onto their computers or mobile devices using sexually charged fake Facebook profiles, IT security firm Cybereason confirms with moderate-high confidence. 
The goal of the Arabic-speaking hacking group was to gather sensitive information. To do so, they used two previously unknown malware packages, Barb(ie) Downloader and BardWire Backdoor. ",2021-07-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,"[['Not available'], ['Not available']]","['Israel', 'Israel']","[['ASIA', 'MENA', 'MEA'], ['ASIA', 'MENA', 'MEA']]","[[], ['State institutions / political system', 'State institutions / political system', 'State institutions / political system']]","[[], ['Government / ministries', 'Military', 'Police']]",['APT-C-23'],['Palestine'],['Non-state-group'],['Terrorist(s)'],1,2022-04-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Cybereason,,United States,APT-C-23,Palestine,Non-state-group,Terrorist(s),['https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials'],System / ideology; Secession,Resources; Secession,Israel (Hamas et al.); Israel (Hamas et al.),Yes / HIIK intensity,HIIK 4,0,,,,,,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,['https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials']
1855,Criminal hackers breached the networks of Canadian power generation and distribution company Qulliq Energy Corporation (QEC) beginning on 15 January 2023 ,"Criminal hackers are suspected to have breached the networks of Canadian power generation and distribution company Qulliq Energy Corporation (QEC) beginning on 15 January 2023. The incident disrupted computer systems on the administrative side, including the ability to process credit card payments. Operations related to energy supply remained unaffected. Investigations into whether information was stolen are ungoing. P.J. Akeeagok, the premier of the affected Canadian province of Nunavut, characterized the attack as criminal and authorized technical government support. ",2023-01-15,2023-01-01,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,[['Qulliq Energy Corporation (QEC)']],['Canada'],"[['NATO', 'NORTHAM']]",,,['Not available'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2023-01-19 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,"P.J. Akeeagok (Premier of Nunavut, Canada)",,Canada,,,Non-state-group,Criminal(s),['https://gov.nu.ca/executive-and-intergovernmental-affairs/news/premier-comments-qec-cyber-security-incident'],Unknown,Not available,,Not available,,1,2023-01-19 00:00:00,State Actors: Stabilizing measures,Statement by head of state/head of government,Canada,P.J. Akeeagok (Premier of Nunavut; Canada),No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,; ,Not available,1,2023-01-19 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Canada,Royal Canadian Mounted Police (RCMP),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://therecord.media/dragos-ransomware-report-2022-ics-ot-lockbit/', 'https://therecord.media/cyberattack-on-nunavut-energy-supplier-limits-company-operations/', 'https://gov.nu.ca/executive-and-intergovernmental-affairs/news/premier-comments-qec-cyber-security-incident', 'https://gov.nu.ca/news/qulliq-energy-corporation-impacted-cybersecurity-incident', 'https://www.databreaches.net/ca-qulliq-energy-stops-short-of-labelling-cyberattack-another-nunavut-ransomware-incident/', 'https://therecord.media/encino-energy-cyberattack-alleged-data-leak-alphv/']"
1858,Hacker group Kasablanka targeted various Russian state institutions from September to December 2022,"The Kasablanka group targeted various Russian state institutions - including the Ministry of Foreign Communications of the Astrakhan Region and the Federal Agency for the Commonwealth of Independent States Affairs, Compatriots Living Abroad, and International Humanitarian Cooperation (Rossotrudnichestvo) - from September to December 2022, the Chinese IT security firm Qi-Anxin concludes with medium confidence.
This attribution finding is based on the use of Loda RAT malware, which is deemed to be custom-built. Considering possibilities to reverse-engineer the tool, Qi-Anxin did not rule out an attempted false-flag operation. ",2022-09-01,2022-12-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,"[['Ministry of Public Administration, Information Technology and Communications of Astrakhan Region'], ['Federal Agency for the Commonwealth of Independent States Affairs, Compatriots Living Abroad, and International Humanitarian Cooperation (Rossotrudnichestvo)'], ['Not available']]","['Russia', 'Russia', 'Russia']","[['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO']]","[['State institutions / political system'], ['State institutions / political system'], ['State institutions / political system']]","[['Civil service / administration'], ['Civil service / administration'], ['Government / ministries']]",['Kasablanka Group'],['Not available'],['Unknown - not attributed'],,1,2023-01-17 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Qi An Xin Technology Group,,China,Kasablanka Group,,Unknown - not attributed,,['https://ti.qianxin.com/blog/articles/Kasablanka-Group-Probably-Conducted-Compaigns-Targeting-Russia/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,2,Moderate - high political importance,2.0,Minor,3.0,No system interference/disruption,Not available,1-10,0.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/Arkbird_SOLG/status/1615443145524666385', 'https://ti.qianxin.com/blog/articles/Kasablanka-Group-Probably-Conducted-Compaigns-Targeting-Russia/']"
1859,Swiss security researcher Maia Arson Crimew obtained a copy of the US No Fly List via an unprotected server of US airline CommuteAir in January 2023,"Swiss security researcher Maia Arson Crimew identified an unprotected Jenkins server operated by the US airline CommuteAir during the week of 9 January, according to a blog post on her website. Project files stored on this development server contained login information to Amazon Web Services (AWS) infrastructure used by the airline. On the AWS servers, Crimew discovered records that an airliine representative confirmed were a 2019 copy of the US No Fly List, containing more than 1.5 million entries.
The No Fly List, maintained by the Terrorist Screening Center (TSC) within the FBI, includes individuals prohibited from traveling on commercial flights within, into or out of the United States. 
The Swiss hacker made data from the No Fly List available to journalists upon request via the whistleblower platform DDoS Secrets.
Republican Congressman Dan Bishop, a member of the House Committee on Homeland Security, demanded an enquiry into why the copy of the No Fly List was not better protected. ",2023-01-09,2023-01-15,"Attack on non-political target(s), politicized",,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,[['CommuteAir']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Transportation']],['Maia Arson Crimew'],['Switzerland'],['Individual hacker(s)'],,1,2023-01-19 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Maia Arson Crimew,,Switzerland,Maia Arson Crimew,Switzerland,Individual hacker(s),,['https://maia.crimew.gay/posts/how-to-hack-an-airline/'],Unknown,Unknown,,Unknown,,1,2023-01-21 00:00:00,State Actors: Stabilizing measures,Statement by other ministers/members of parliament,United States,"Dan Bishop (Republican Congressman, USA)",No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Air law,Civic / political rights; ,Not available,0,,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,US Transportation Security Administration (TSA),Not available,,Not available,,"['https://www.nrc.nl/nieuws/2023/01/24/tientallen-nederlanders-staan-op-no-flylist-van-de-fbi-onder-wie-laura-h-en-tanja-nijmeijer-a4155161', 'https://therecord.media/congressman-coming-for-answers-after-no-fly-list-hack/', 'https://securityaffairs.com/141230/data-breach/no-fly-list-on-unsecured-server.html', 'https://twitter.com/securityaffairs/status/1617965634897448961', 'https://twitter.com/securityaffairs/status/1617803102740176898', 'https://twitter.com/securityaffairs/status/1617801612034199555', 'https://maia.crimew.gay/posts/how-to-hack-an-airline/', 'https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/', 'https://portswigger.net/daily-swig/deserialized-web-security-roundup-catastrophic-cyber-events-another-t-mobile-breach-more-lastpass-problems', 'https://securityaffairs.com/141509/breaking-news/security-affairs-newsletter-round-404-by-pierluigi-paganini.html', 'https://therecord.media/no-fly-list-breach-tsa-domestic-airlines-warning/', 'https://www.hackread.com/video-marketing-software-animker-data-leak/']"
1860,Unknown actors gained access to networks of at least two organizations of the US Federal Civilian Executive Branch through the malicious use of legitimate remote monitoring and management software in mid-June and mid-September 2022,"The US Cybersecurity and Infrastructure Security Agency (CISA) warned of the malicious use of legitimate remote monitoring and management (RMM) software in January 2023. The alert notes the deployment of RMM tools by unknown actors against networks of at least two unnamed organizations within the US federal civilian executive branch (FCEB) in mid-June 2022 and mid-September 2022. Both incidents were initiated by phishing emails that faciliated the download of RMM software. With active access to compromised systems, the attackers convinced the recipients to check their bank accounts, providing the attackers with an opportunity to fabricate fake account summaries. These manipulated summaries showed made-up refunds to make victims believe they had been reimbursed too much money.
Victims were requested to ""correct"" this and pay the difference to the attackers. CISA pointed to the scam observed in these two incidents as indications of potential financial motives, while noting that the access developed as part of the campaign could also be used for other malicious purposes.",2022-06-01,2022-09-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking with Misuse,[['Not available']],['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],['Not available'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2023-01-25 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,Cybersecurity and Infrastructure Security Agency (CISA),,United States,,,Non-state-group,Criminal(s),['https://www.cisa.gov/uscert/ncas/alerts/aa23-025a'],Unknown,Not available,,Not available,,1,2023-01-25 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Phishing,Data Manipulation,Not available,False,Not available,Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,2.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://therecord.media/cisa-says-federal-agencies-attacked-in-refund-scam-through-remote-management-software/', 'https://www.cisa.gov/uscert/ncas/alerts/aa23-025a', 'https://thehackernews.com/2023/01/us-federal-agencies-fall-victim-to.html', 'https://cyberscoop.com/cisa-federal-agency-refund-scam-remote-software/', 'https://twitter.com/campuscodi/status/1618917036448694272', 'https://twitter.com/SentinelOne/status/1619002761974091778']"
1861,FBI infiltrated and dismantled ransomware group Hive beginning in July 2022,"In a press conference on 26 January 2023, US Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy US Attorney General Lisa Monaco announced that US law enforcement had infiltrated the ransomware group Hive beginning in July 2022 and had now dismantled it. 
The investigation into the group's operations is still ongoing, yet officials at the joint press event announced that the intervention managed to stop Hive from extorting over $130 million from over 300 victims by securing encryption keys.
The US Department of Justice, in cooperation with the German Federal Criminal Police, the Dutch National High Tech Crime Unit and other law enforcement agencies from a total of 13 countries, seized the ransomware outfit's websites and a variety of associated servers.
Against this backdrop, the US State Department reiterated that it is offering a reward of up to 10 million USD for information linking Hive to a foreign government under its Rewards for Justice program regarding foreign malicious cyber activity against US critical infrastructure, which was first announced in July 2021.",2022-07-01,2023-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on non-political target(s), politicized",,Incident disclosed by authorities of victim state,Data theft & Doxing; Hijacking with Misuse,[['Hive (Ransomware Group)']],['Not available'],,[['Social groups']],[['Criminal']],['Not available'],['United States'],['State'],,1,2023-01-26; 2023-01-26; 2023-01-26,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites)",Attacker confirms; Attacker confirms; Attacker confirms,"Merrick Garland (Attorney General, United States); Christopher Wray (Director of the Federal Bureau of Investigation, United States); Lisa Monaco (Deputy Attorney General, United States)",,United States; United States; United States,,United States; United States; United States,State; State; State,,"['https://twitter.com/TheJusticeDept/status/1618693732743651363', 'https://twitter.com/FBI/status/1618637314972086272', 'https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant']",Cyber-specific,Not available,,Not available,,1,2023-01-26 00:00:00,State Actors: Stabilizing measures,Statement by other ministers/members of parliament,United States,Merrick B. Garland (Attorney General; USA),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,5.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,Not available,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights; Sovereignty,; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.malwarebytes.com/blog/business/2023/02/ransomware-in-february-2023', 'https://socradar.io/why-ransomware-groups-switch-to-rust-programming-language/', 'https://twitter.com/Dennis_Kipker/status/1623655370613825537', 'https://twitter.com/Dinosn/status/1624253493371367425', 'https://www.malwarebytes.com/blog/news/2023/01/hive-ransomware-infrastructure-taken-down', 'https://telecom.economictimes.indiatimes.com/news/us-infiltrates-big-ransomware-gang-we-hacked-the-hackers/97362416', 'https://www.darkreading.com/vulnerabilities-threats/hive-ransomware-gang-loses-honeycomb', 'https://www.darkreading.com/ics-ot/the-doj-disruption-of-the-hive-ransomware-group-is-a-short-lived-win', 'https://twitter.com/DarkReading/status/1630603955670507521', 'https://twitter.com/DigitalPeaceNow/status/1630705797964390401', 'https://twitter.com/DigitalPeaceNow/status/1630705797964390401', 'https://www.lawfareblog.com/biden-harris-administration-releases-new-national-cybersecurity-strategy', 'https://www.darkreading.com/threat-intelligence/police-raid-alleged-core-members-of-doppelpaymer-ransomware-gang', 'https://cyberscoop.com/doppelpaymer-ransomware-gang-europol-raid/', 'https://twitter.com/nicoleperlroth/status/1633871105701343233', 'https://securityaffairs.com/141374/cyber-crime/hive-ransomware-leak-site-seized.html', 'https://cyberscoop.com/fbi-europol-hive-ransomware-group/', 'https://therecord.media/we-hacked-the-hackers-doj-fbi-take-down-hive-ransomware-after-spending-months-inside-gang-systems/', 'https://www.databreaches.net/hive-ransomwares-infrastructure-seized-law-enforcement-hacked-the-hackers/', 'https://www.databreaches.net/developing-hives-leak-site-seized/', 'https://thehackernews.com/2023/01/hive-ransomware-infrastructure-seized.html', 'https://twitter.com/CyberScoopNews/status/1618665069457408002', 'https://twitter.com/vxunderground/status/1618735957905399809', 'https://twitter.com/iblametom/status/1618636574576762888', 'https://twitter.com/securityaffairs/status/1618691549747093504', 'https://twitter.com/securityaffairs/status/1618654659140554760', 'https://twitter.com/ryanaraine/status/1618645526689513474', 'https://twitter.com/TheJusticeDept/status/1618693732743651363', 'https://twitter.com/TheJusticeDept/status/1618642033475723266', 'https://twitter.com/vxunderground/status/1618637541728743425', 'https://twitter.com/iblametom/status/1618633273160372225', 'https://twitter.com/snlyngaas/status/1618625807299272704', 'https://twitter.com/CryptoInsane/status/1618716691873284097', 'https://twitter.com/JaneFrankland/status/1618751567775125504', 'https://twitter.com/Cyberknow20/status/1618705284826034179', 'https://twitter.com/switch_d/status/1618718766061297685', 'https://twitter.com/darktracer_int/status/1618620256901271552', 'https://twitter.com/ido_cohen2/status/1618601828786274308', 'https://twitter.com/Bing_Chris/status/1618644695126794242', 'https://twitter.com/zackwhittaker/status/1618644680492855309', 'https://twitter.com/snlyngaas/status/1618632775598497792', 'https://twitter.com/InfoSecSherpa/status/1618667345756704769', 'https://twitter.com/chuksjonia/status/1618637845698342913', 'https://twitter.com/cahlberg/status/1618748557875634176', 'https://twitter.com/WSJCyber/status/1618658354905096192', 'https://twitter.com/jeffstone500/status/1618640814317662214', 'https://twitter.com/SentinelOne/status/1618687307586093056', 'https://twitter.com/unix_root/status/1618666829752242187', 'https://twitter.com/snlyngaas/status/1618655560118976513', 'https://twitter.com/lukOlejnik/status/1618656989583921153', 'https://www.diepresse.com/6243466/strafverfolgern-gelingt-schlag-gegen-hackergruppe-hive', 'https://www.sueddeutsche.de/wirtschaft/hacker-hive-polizei-ransomware-1.5739999', 'https://tarnkappe.info/artikel/cyberangriff/hive-ransomware-group-hacker-netzwerk-zerschlagen-264221.html', 'https://jyllands-posten.dk/international/usa/ECE14903518/usa-nedlaegger-hjemmeside-brugt-til-afpresning-for-700-millioner-kroner/', 'https://twitter.com/Dinosn/status/1618694222714109952', 'https://www.reuters.com/world/us/announcement-posted-hive-ransomware-groups-site-says-it-has-been-seized-by-fbi-2023-01-26/', 'https://twitter.com/FBI/status/1618637314972086272', 'https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant', 'https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-disruption-hive-ransomware-variant', 'https://www.justice.gov/opa/speech/attorney-general-merrick-b-garland-delivers-remarks-disruption-hive-ransomware-variant', 'https://www.europol.europa.eu/media-press/newsroom/news/cybercriminals-stung-hive-infrastructure-shut-down', 'https://twitter.com/RFJ_USA/status/1618658902626779136', 'https://therecord.media/ransomware-experts-laud-hive-takedown-but-question-impact-without-arrests/', 'https://www.techrepublic.com/article/fbi-takes-down-hive-ransomware-group/', 'https://nakedsecurity.sophos.com/2023/01/27/hive-ransomware-servers-shut-down-at-last-says-fbi/', 'https://twitter.com/aselawaid/status/1618782536469221377', 'https://twitter.com/AlexMartin/status/1618970835422961665', 'https://www.lawfareblog.com/justice-department-thwarts-hive-ransomware-scheme', 'https://twitter.com/securityaffairs/status/1618904278625849346', 'https://www.hackread.com/hive-ransomware-gang-disrupted-site-seized/', 'https://twitter.com/Cyber_O51NT/status/1618800047839391744', 'https://twitter.com/CyberScoopNews/status/1618796790815547393', 'https://twitter.com/hackerfantastic/status/1619120472154836993', 'https://twitter.com/HackRead/status/1618943365508386817', 'https://twitter.com/_r_netsec/status/1619035786942488577', 'https://twitter.com/LisaForteUK/status/1618964276512710660', 'https://twitter.com/cahlberg/status/1619122051033497600', 'https://twitter.com/UK_Daniel_Card/status/1618866236716355585', 'https://twitter.com/NSA_CSDirector/status/1618778557853077507', 'https://twitter.com/RecordedFuture/status/1619109684421742592', 'https://twitter.com/TonyaJoRiley/status/1618962048750346241', 'https://twitter.com/CyberScoopNews/status/1618976249514463232', 'https://twitter.com/cahlberg/status/1619084779382788096', 'https://twitter.com/TheJusticeDept/status/1619074452481777677', 'https://twitter.com/SentinelOne/status/1619002761974091778', 'https://www.abc.es/internacional/fbi-hive-ciberchantajistas-hackers-20230127091246-nt.html', 'https://www.elmundo.es/tecnologia/2023/01/26/63d2fcbffc6c83ea348b4584.html', 'https://securityaffairs.com/141491/cyber-crime/crooks-mimicking-lockbit-gang.html', 'https://www.wired.com/story/meduza-russia-outlaw-security-roundup/', 'https://twitter.com/chuksjonia/status/1619124899099951104', 'https://twitter.com/RecordedFuture/status/1619347106841624576', 'https://twitter.com/Cyberknow20/status/1619124446987706370', 'https://twitter.com/mruef/status/1619742440092467202', 'https://www.cybersecasia.net/news/fbi-seizes-servers-of-the-notorious-hive-ransomware-threat-group', 'https://twitter.com/WSJCyber/status/1620129094628171788', 'https://twitter.com/nicoleperlroth/status/1620088484966064128', 'https://twitter.com/snlyngaas/status/1620414277818679296', 'https://twitter.com/DigitalPeaceNow/status/1620546530875957248', 'https://twitter.com/DigitalPeaceNow/status/1620806681134354432', 'https://cyberscoop.com/russian-ransomware-ryuk-guilty/', 'https://www.databreaches.net/more-lawsuits-filed-over-knox-college-ransomware-attack/', 'https://socradar.io/whats-next-for-cybercrime-ecosystem-after-genesis-market-takedown/']"
1864,Iran-based TA453 targeted a variety of targets in the UK and other regions with spearphishing campaign,"The UK National Cyber Security Centre warned of a successful spearphishing campaign by the Iran-based actor TA453 against a wide range of sectors including academia, defence and government organisations, NGOs, think-tanks, politicians, journalists and activists in the UK and other regions. The campaign used open-source resources such as social media and professional networking platforms to establish trust with targets. In serveral cases, TA453 also sent a malicious link disguised as a Zoom invitation to targets. In at least one instance, the attackers set up a Zoom call with the target and shared a malicious URL in the chat.",2022-01-01,2022-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]",['United Kingdom'],"[['EUROPE', 'NATO', 'NORTHEU']]","[['State institutions / political system'], ['Critical infrastructure'], ['Science'], ['Social groups'], ['Media']]","[['Government / ministries'], ['Defence industry'], [''], ['Advocacy / activists (e.g. human rights organizations)'], ['']]",['Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2022-01-26 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,United Kingdom’s National Cyber Security Centre (NCSC),,United Kingdom,Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest'],Unknown,Unknown,,Unknown,,1,2023-01-26 00:00:00,State Actors: Preventive measures,Awareness raising,United Kingdom,UK National Cyber Security Centre (NCSC),No,,Phishing; Valid Accounts,Data Exfiltration,Required,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://therecord.media/british-cyber-agency-issues-warning-over-russian-and-iranian-espionage-campaigns/', 'https://securityaffairs.com/141393/apt/ncsc-warns-seaborgium-ta453-attacks.html', 'https://www.databreaches.net/ncsc-russian-and-iranian-hackers-targeting-uk-politicians-journalists/', 'https://www.rferl.org/a/britain-russia-hacking-group/32240999.html', 'https://twitter.com/BushidoToken/status/1618552720834846724', 'https://twitter.com/NCSC/status/1618539942170472449', 'https://twitter.com/RecordedFuture/status/1618612424923549696', 'https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest', 'https://thehackernews.com/2023/01/british-cyber-agency-warns-of-russian.html', 'https://twitter.com/Dennis_Kipker/status/1618933708815499265', 'https://twitter.com/unix_root/status/1618956739944013829', 'https://securityaffairs.com/141509/breaking-news/security-affairs-newsletter-round-404-by-pierluigi-paganini.html', 'https://www.microsoft.com/en-us/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/', 'https://www.wired.com/story/iran-cyber-army-protests-disinformation/']"
1863,Pro-Russian hacktivists group Killnet disrupted the websites of German private and state entitites on 25 January 2023,"#GermanyRIP: The pro-Russian hacktivists group Killnet disrupted websites of German private sector entities, including banks and airports, as well as state organizations in reaction to the German government's decision to send Leopard 2 main battle tanks to Ukraine, according to the Telegram posts of the hackers themselves. 
According to the German Federal Office for Information Security, which monitors information security, the attack caused some minor outages, but was otherwise of limited impact. Both Killnet and German security authorities named the specific targets of this DDoS attack. A complete list of the organizations experiencing disruptions as a result of the attack has not yet been shared publicly.
IT company Cado Security published a summary of DDoS attacks on January 25, 2023, the day they occurred. This report states that Killnet and other hacktivist groups, even as far as Anonymous Sudan, claimed DDoS attacks on behalf of GermanyRIP. Cado Security was also unable to say anything about the extent to which these were successful. 
In Baden-Württemberg's state parliament, the Social Democratic Party of Germany (SPD) and the Free Democratic Part (FDP) parliamentary groups put questions to Interior Minister Thomas Strobl after it became known that the state police website was also affected by the DDoS attacks. SPD MP Sascha Binder wanted to know exactly which areas were affected and the extent of the disruption. The spokesman for digitization of the FDP/DVP parliamentary group, Daniel Karrais, demanded that the Minister of the Interior put all cybersecurity measures against external and internal threats to the test.",2023-01-25,2023-01-25,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker; Incident disclosed by attacker,Disruption,"[['State Police of Baden-Württemberg'], ['Not available'], ['Not available']]","['Germany', 'Germany', 'Germany']","[['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['State institutions / political system'], ['Critical infrastructure', 'Critical infrastructure'], ['State institutions / political system', 'State institutions / political system']]","[['Police'], ['Finance', 'Transportation'], ['Government / ministries', 'Police']]",['Killnet'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2023-01-25 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,,Russia,Killnet,Russia,Non-state-group,Hacktivist(s),"['https://t.me/killnet_k_hacker/246', 'https://t.me/killnet_k_hacker/247', 'https://t.me/killnet_k_hacker/248', 'https://t.me/killnet_k_hacker/249', 'https://t.me/killnet_k_hacker/258']",System / ideology; National power; Territory; Resources,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-01-26 00:00:00,State Actors: Stabilizing measures,Statement by other ministers/members of parliament,Germany,"Sascha Binder (Member of State Parliament of Baden-Württemberg, Germany)",No,,Not available,Network Denial of Service,None,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,7.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://twitter.com/AlexMartin/status/1618241194135523328', 'https://twitter.com/JanLemnitzer/status/1618335682732388354', 'https://www.sueddeutsche.de/politik/hacker-angriff-russland-1.5739287', 'https://twitter.com/Cyber_O51NT/status/1618430237473398786', 'https://twitter.com/DarkReading/status/1618708034687049733', 'https://www.reuters.com/world/europe/russian-hacktivists-briefly-knock-german-websites-offline-2023-01-25/', 'https://t.me/killnet_k_hacker/246', 'https://t.me/killnet_k_hacker/247', 'https://t.me/killnet_k_hacker/248', 'https://t.me/killnet_k_hacker/249', 'https://t.me/killnet_k_hacker/258', 'https://www.govinfosecurity.com/russian-nuisance-hacking-group-killnet-targets-germany-a-21039', 'https://twitter.com/campuscodi/status/1618917036448694272', 'https://twitter.com/LisaForteUK/status/1619077445264769024', 'https://www.welt.de/politik/deutschland/article243475517/Laut-Medienbericht-Erneut-Cyberangriff-auf-Internetangebot-des-Bundestags.html', 'https://twitter.com/Dennis_Kipker/status/1618931074318622720', 'https://securityaffairs.com/141513/hacktivism/killnet-targets-germany.html', 'https://www.cadosecurity.com/leopard-tank-announcement-prompts-cyber-retaliation/', 'https://www.govinfosecurity.com/hhs-aha-warn-surge-in-russian-ddos-attacks-on-hospitals-a-21050', 'https://twitter.com/Cyber_O51NT/status/1619928084945440769', 'https://twitter.com/stefan_hessel/status/1619991033777119233', 'https://www.nrc.nl/nieuws/2023/01/30/website-gronings-ziekenhuis-crasht-door-aanval-pro-russische-hackersgroep-a4155683', 'https://therecord.media/ddos-denmark-us-russia-killnet/', 'https://twitter.com/Cyber_O51NT/status/1620564963072032769', 'https://twitter.com/Dennis_Kipker/status/1621187722210689025', 'https://www.swr.de/swraktuell/baden-wuerttemberg/hacker-angriff-polizei-bw-100.html', 'https://therecord.media/passion-botnet-customizable-pro-russia-hackers/', 'https://twitter.com/securityaffairs/status/1621617739721752579', 'https://twitter.com/securityaffairs/status/1621511156430143490', 'https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html', 'https://twitter.com/cahlberg/status/1621670609032806400', 'https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html', 'https://twitter.com/securityaffairs/status/1627734553778442240', 'https://www.darkreading.com/ics-ot/german-government-airports-banks-hit-killnet-ddos-attacks']"
1639,Russian spies are suspected of hacking into the personal phone of former british prime minister Liz Truss,"Russian spies are suspected of having hacked into the personal phone of former British Prime Minister Liz Truss while she was serving as Foreign Secretary, according to anonymous sources cited by The Mail on Sunday. 
The incident was discovered during the Conservative Party leadership election that ran from13 July to 5 September 2022, following the resignation of then British Prime Minister Boris Johnson. Johnson and Cabinet Secretary Simon Case were immediately informed and decided to keep the incident secret. 
The attackers are believed to have gained access to top-secret exchanges with key international partners as well as private conversations concerning arm shipments to Ukraine and disputes within the Conservative Party.
Earlier, on 1 October, The Mail on Sunday reported that the phone number in use by Ms. Truss at the time of the compromise had been listed by a US-registered website aggregating stolen personal information that is accessible for as little as £6.49. The database also included the phone numbers of 25 other UK cabinet ministers.",2022-01-01,2022-09-05,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack on (inter alia) political target(s), politicized",,Incident disclosed by media (without further information on source),Data theft,"[['Liz Truss (Secretary of State for Foreign, Commonwealth and Development Affairs, United Kingdom)']]",['United Kingdom'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],['Not available'],['Russia'],['State'],,1,2022-10-29 00:00:00,"Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)",Media-based attribution,,,United Kingdom,,Russia,State,,['https://www.dailymail.co.uk/news/article-11368619/Liz-Trusss-personal-phone-hacked-Putins-spies-secret-details-negotiations.html'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),International peace; Sovereignty,Prohibition of intervention; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://securityaffairs.co/wordpress/137826/intelligence/liz-truss-phone-hacked.html', 'https://www.dailymail.co.uk/news/article-11368619/Liz-Trusss-personal-phone-hacked-Putins-spies-secret-details-negotiations.html', 'https://www.kleinezeitung.at/politik/aussenpolitik/6209233/Britische-ExPremierministerin_Mobiltelefon-von-Truss-wurde', 'https://www.securityweek.com/calls-uk-probe-reported-hacking-liz-trusss-phone', 'https://therecord.media/uk-government-confirms-its-intel-agency-is-helping-to-defend-ukraine/', 'https://www.cbsnews.com/news/liz-truss-phone-hack-claim-uk-cybersecurity/', 'https://www.lefigaro.fr/international/le-telephone-de-liz-truss-pirate-par-des-hackers-russes-l-ex-premiere-ministre-britannique-de-nouveau-dans-la-tourmente-20221101', 'https://elpais.com/tecnologia/2022-11-24/candid-wuest-si-alguien-apaga-ucrania-probablemente-haya-una-respuesta-y-eso-no-interesa-porque-todos-los-paises-son-vulnerables.html', 'https://www.independent.co.uk/news/uk/politics/gillian-keegan-twitter-hack-elon-musk-cryptocurrency-b2251493.html']"
1688,Pro-Russian hacktivist group Killnet disrupted the website of Prince William on 22 November 2022,"Pro-Russian hacktivist group Killnet disrupted the website of Prince William on 22 November 2022, according to a Telegram post by the group. The hacktivists stated that they conducted this attack because of Britain's supply of high-precision missiles to Ukraine. These claims remain unverified.
",2022-11-22,2022-11-22,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,[['Website of The Duke and Duchess of Cambridge - Prince of Wales']],['United Kingdom'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],['Killnet'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2022-11-22 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,,Russia,Killnet,Russia,Non-state-group,Hacktivist(s),"['https://www.hackread.com/pro-russian-killnet-uk-ddos-attacks/', 'https://t.me/s/killnet_reservs']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Armed conflict,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.hackread.com/pro-russian-killnet-uk-ddos-attacks/', 'https://t.me/s/killnet_reservs', 'https://www.darkreading.com/threat-intelligence/killnet-gloats-ddos-attacks-starlink-whitehouse-gov', 'https://twitter.com/DarkReading/status/1597950076000804866', 'https://www.darkreading.com/threat-intelligence/killnet-gloats-ddos-attacks-starlink-whitehouse-gov', 'https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/killnet-claims-attacks-against-starlink-whitehousegov-and-united-kingdom-websites/', 'https://www.malwarebytes.com/blog/news/2023/02/a-week-in-security-february-6-12']"
1868,Pro-Russian hacktivist group Killnet disrupted at least 14 hospitals in the United States in January 2023,"The pro-Russian hacktivist group Killnet is suspected to be responsible for disrupting at least 14 hospitals in the United States using DDoS attacks in late January, according to national adviser for cybersecurity and risk at the American Hospital Association (AHA) John Riggi.",2023-01-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,"[['Buena Vista Regional Medical Center'], ['Abrazo Health'], ['Anaheim Regional Medical Center'], ['Michigan Medicine'], ['Atlanticare'], ['Huntsville Hospital'], ['Jefferson Health'], ['Duke University Hospital'], ['Heart of the Rockies Regional Medical Center'], ['Cedars-Sinai Medical Center'], ['Atrium Health'], ['Hollywood Presbyterian Medical Center'], ['University of Pittsburgh Medical Center'], ['Stanford Health Care']]","['United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States', 'United States']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Health'], ['Health'], ['Health'], ['Health'], ['Health'], ['Health'], ['Health'], ['Health'], ['Health'], ['Health'], ['Health'], ['Health'], ['Health'], ['Health']]",['Killnet'],['Russia'],['Non-state-group'],['Hacktivist(s)'],3,2023-01-30; 2023-01-30; 2023-01-30; 2023-01-30; 2023-01-30; 2023-01-30; 2023-01-28; 2023-01-30,"Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker; Receiver attributes attacker; Receiver attributes attacker; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attacker confirms; Attacker confirms," US Department of Health and Human Services; John Riggi (National Advisor for Cybersecurity and Risk of American Hospital Association, United States); Health Sector Cyber Security Coordination Center (HC3);  US Department of Health and Human Services; John Riggi (National Advisor for Cybersecurity and Risk of American Hospital Association, United States); Health Sector Cyber Security Coordination Center (HC3); Killnet; Killnet",,United States; United States; United States; United States; United States; United States; Russia; Russia,Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet; Killnet,Russia; Russia; Russia; Russia; Russia; Russia; Russia; Russia,Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s); Hacktivist(s),"['https://www.govinfosecurity.com/hhs-aha-warn-surge-in-russian-ddos-attacks-on-hospitals-a-21050', 'https://www.aha.org/system/files/media/file/2023/01/hc3-tlp-clear-analyst-note-pro-russian-hacktivist-group-killnet-threat-to-hph-sector-1-30-23.pdf', 'https://t.me/killnet_reservs/4977', 'https://t.me/killnet_reservs/5028']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-02-07 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://twitter.com/HackRead/status/1623358394613567488', 'https://www.govinfosecurity.com/hhs-aha-warn-surge-in-russian-ddos-attacks-on-hospitals-a-21050', 'https://www.aha.org/system/files/media/file/2023/01/hc3-tlp-clear-analyst-note-pro-russian-hacktivist-group-killnet-threat-to-hph-sector-1-30-23.pdf', 'https://t.me/killnet_reservs/4977', 'https://therecord.media/ddos-denmark-us-russia-killnet/', 'https://securityaffairs.com/141598/hacktivism/killnet-ddos-us-healthcare.html', 'https://www.databreaches.net/hc3-analyst-note-pro-russian-hacktivist-group-killnet-threat-to-hph-sector-2/', 'https://twitter.com/BlackBerrySpark/status/1620537202382983173', 'https://twitter.com/Dennis_Kipker/status/1620499064684154882', 'https://twitter.com/securityaffairs/status/1620335610887278593', 'https://twitter.com/Cyber_O51NT/status/1620564963072032769', 'https://twitter.com/alexfrudolph/status/1620269739888218113', 'https://twitter.com/M_Miho_JPN/status/1620334652186836993', 'https://twitter.com/DigitalPeaceNow/status/1620546530875957248', 'https://t.me/killnet_reservs/5028', 'https://www.darkreading.com/ics-ot/killnet-pro-russia-hacktivist-group-support-influence-grows', 'https://twitter.com/cahlberg/status/1620591103572590592', 'https://twitter.com/780thC/status/1621104394350784513', 'https://therecord.media/tallahassee-hospital-diverting-patients-canceling-non-emergency-surgeries-after-cyberattack/', 'https://twitter.com/RecordedFuture/status/1621646458259750912', 'https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html', 'https://research.checkpoint.com/2023/6th-february-threat-intelligence-report/', 'https://therecord.media/ddos-hospitals-cisa-killnet-limited-effects/', 'https://twitter.com/RecordedFuture/status/1623069165891342336', 'https://twitter.com/RecordedFuture/status/1623519318150463489', 'https://blog.cloudflare.com/uptick-in-healthcare-organizations-experiencing-targeted-ddos-attacks/', 'https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html', 'https://twitter.com/cahlberg/status/1624843345741635585', 'https://www.malwarebytes.com/blog/news/2023/02/killnet-group-targets-us-and-european-hospitals-with-ddos-attacks', 'https://www.malwarebytes.com/blog/news/2023/02/a-week-in-security-february-6-12', 'https://twitter.com/RecordedFuture/status/1625132464359280642', 'https://www.telegraph.co.uk/world-news/2023/02/12/russian-killnet-hackers-disrupt-natos-turkey-syria-earthquake/', 'https://twitter.com/BlackBerrySpark/status/1625963191988625410', 'https://therecord.media/killnet-ddos-hospitals-healthcare-russia', 'https://www.microsoft.com/en-us/security/blog/2023/03/17/killnet-and-affiliate-hacktivist-groups-targeting-healthcare-with-ddos-attacks/', 'https://www.darkreading.com/attacks-breaches/pro-islam-anonymous-sudan-hacktivists-front-russia-killnet-operation']"
1911,Unknown actors deployed GootLoader malware against the healthcare as well as the financial sector in English-speaking countries in December 2022,"Unknown actors deployed GootLoader malware against the healthcare and financial sector entities in English-speaking countries, namely the United States, the United Kingdom and Australia in December 2022, according to analysis by Cybereason. 
The technical report only specifies December 2022 as the timeframe for one incident against an unidentified target. Mandiant deems GootLoader to be proprietary to an activity cluster it tracks as UNC2565.",2022-12-01,,Not available,,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,"[['Not available'], ['Not available'], ['Not available']]","['Australia', 'United Kingdom', 'United States']","[['OC'], ['EUROPE', 'NATO', 'NORTHEU'], ['NATO', 'NORTHAM']]","[['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure'], ['Critical infrastructure', 'Critical infrastructure']]","[['Health', 'Finance'], ['Health', 'Finance'], ['Health', 'Finance']]",['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Drive-By Compromise,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,4.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,1-10,3.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/cybereason/status/1625149353546379268', 'https://www.cybereason.com/hubfs/THREAT%20ALERT%20GootLoader%20-%20Large%20payload%20leading%20to%20compromise%20(BLOG).pdf', 'https://www.mandiant.com/resources/blog/tracking-evolution-gootloader-operations']"
1876,Russian state-sponsored hacking group Sandworm used NikoWiper against an energy-sector company in Ukraine in October 2022,"The Slovakian IT security firm ESET has reported the usage of a new wiper strain called NikoWiper by the Russia-affiliated group Sandworm in an attack targeting a Ukrainian energy-sector company in October 2022. No details on the impact of the wiper have been reported.
ESET's technical report additionally mentions that this cyberattack coincided with Russian forces firing missiles on energy facilities. ",2022-10-01,2023-10-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Disruption; Hijacking with Misuse,[['Not available']],['Ukraine'],"[['EUROPE', 'EASTEU']]",[['Critical infrastructure']],[['Energy']],"['Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)']",['Russia'],"['Non-state actor, state-affiliation suggested']",,1,2023-01-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,ESET,Slovakia,"Sandworm/VOODOO Bear/Quedagh/TeleBots/IRON VIKING/Black Energy/IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)",Russia,"Non-state actor, state-affiliation suggested",,['https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,5.0,Not available,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Armed conflict; Sovereignty,; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://thehackernews.com/2023/01/new-report-reveals-nikowiper-malware.html', 'https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/', 'https://twitter.com/CSIS_Tech/status/1620542650834382849', 'https://twitter.com/unix_root/status/1620413840981647360', 'https://twitter.com/Cyber_O51NT/status/1620571509596229632', 'https://twitter.com/cybersecboardrm/status/1620441387551391750', 'https://securitymea.com/2023/02/01/russian-apt-groups-continue-attacks-with-wipers-and-ransomware/', 'https://www.wired.com/story/ukraine-russia-wiper-malware/', 'https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/', 'https://twitter.com/Cyber_O51NT/status/1629280661474508801', 'https://twitter.com/780thC/status/1629087842516320256', 'https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html', 'https://www.welivesecurity.com/2023/03/30/eset-research-podcast-year-fighting-rockets-soldiers-wipers-ukraine/']"
1877,Chinese hacker group Goblin Panda infiltrated an EU government's network with the TurboSlate backdoor in November 2022,"Chinese hacker group Goblin Panda infiltrated the network of a government organization within the European Union with the TurboSlate backdoor in November 2022, based on the findings of Slovak IT security firm ESET with medium confidence. ",2022-11-01,2022-11-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Hijacking without Misuse,[['Not available']],['EU (region)'],[['EU']],[['State institutions / political system']],[['Government / ministries']],['Goblin Panda'],['China'],['Unknown - not attributed'],,1,2023-01-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,Goblin Panda,China,Unknown - not attributed,,['https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/'],International power,Unknown,,Unknown,,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,Not available,1-10,1.0,1-10,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/', 'https://securitymea.com/2023/02/01/russian-apt-groups-continue-attacks-with-wipers-and-ransomware/']"
1878,The hacker group POLONIUM penetrated the network of an Israeli company in Serbia using a modified version of the backdoor CreepyDrive starting in mid-September 2022,"The hacker group POLONIUM penetrated the network of an Israeli company in Serbia using a modified version of the backdoor CreepyDrive during the period of mid-September to late-November 2022, according to a technical report by the Slovak IT security firm ESET. ",2022-09-15,2022-11-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']],,['POLONIUM'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2023-01-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,POLONIUM,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/'],System / ideology; International power,System/ideology; International power,Iran – Israel; Iran – Israel,Unknown,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,3.0,No system interference/disruption,Not available,1-10,1.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/', 'https://securitymea.com/2023/02/01/russian-apt-groups-continue-attacks-with-wipers-and-ransomware/']"
1879,Iranian state-sponsored hacking group MuddyWater targeted unspecified targets in Egypt and Saudi Arabia using the remote access tool SimpleHelp,"The Iranian state-sponsored hacking group MuddyWater targeted unspecified targets in Egypt and Saudi Arabia using the remote access tool SimpleHelp, according to findings by Slovak IT security firm ESET.
The hacker group used the SimpleHelp connections of a compromised managed service provider (MSP) to gain access to further victims and blend in with routine traffic between the MSP and its clients.",,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,"[['Not available'], ['Not available']]","['Egypt', 'Saudi Arabia']","[['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'MENA', 'MEA', 'GULFC']]","[['Unknown'], ['Unknown']]",,['MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2023-01-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/'],System / ideology; International power,System/ideology; International power,Iran – Saudi Arabia; Iran – Saudi Arabia,Unknown,,0,,,,,,No,,External Remote Services; Trusted Relationship,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,2.0,No system interference/disruption,Not available,Not available,0.0,1-10,2.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,Non-state actors; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.welivesecurity.com/2023/01/31/eset-apt-activity-report-t3-2022/', 'https://securitymea.com/2023/02/01/russian-apt-groups-continue-attacks-with-wipers-and-ransomware/', 'https://thehackernews.com/2023/04/iranian-hackers-using-simplehelp-remote.html', 'https://twitter.com/Dinosn/status/1648275021448597504']"
1880,North Korean state-sponsored hacking group Lazarus gained access to research facilities and stole information beginning in August 2022,"The North Korean state-sponsored hacking group Lazarus gained access to public as well as private research institutions focused on health and energy and stole 100 GB of information for espionage purposes during the period of 22 August and 11 November 2022, the Finnish cybersecurity firm WithSecure concludes with high-confidence. 
The hacking group gained initial access to unpatched Zimbra servers via two associated vulnerabilities (CVE-2022-27925 and CVE-2022-37042). 
This cyber incident, along with two other cyber incidents from 2022 (Stonefly and Tale of Three RATs), is part of a large cyber campaign to gather sensitive information from targets in highly-specialized sectors.",2022-08-22,2022-11-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,"[['Not available'], ['Not available']]","['Not available', 'India']","[[], ['ASIA', 'SASIA', 'SCO']]","[['Science'], ['Science']]",,"['Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,1,2023-01-31 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,WithSecure,,Finland,"Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested",,['https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf'],International power,Unknown,,Unknown,,0,,,,,,No,,Exploit Public-Facing Application,Data Exfiltration,None,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,Non-state actors; Civic / political rights; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://twitter.com/cybersecboardrm/status/1623853882366390272', 'https://www.bleepingcomputer.com/news/security/north-korean-hackers-stole-research-data-in-two-month-long-breach/', 'https://www.darkreading.com/ics-ot/lazarus-group-rises-again-gather-intelligence-energy-healthcare-firms', 'https://thehackernews.com/2023/02/north-korean-hackers-exploit-unpatched.html', 'https://therecord.media/hackers-linked-to-north-korea-targeted-indian-medical-org-energy-sector/', 'https://twitter.com/780thC/status/1621114433886994433', 'https://twitter.com/switch_d/status/1621205282641612800', 'https://twitter.com/AnonOpsSE/status/1621181567145050112', 'https://twitter.com/Dinosn/status/1621218340671733761', 'https://twitter.com/UK_Daniel_Card/status/1621206214158712834', 'https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf', 'https://www.databreaches.net/north-korean-hackers-stole-research-data-in-two-month-long-breach/', 'https://twitter.com/LawyerLiz/status/1621304384972902405', 'https://twitter.com/RecordedFuture/status/1621646796219883520', 'https://www.darkreading.com/remote-workforce/dprk-using-unpatched-zimbra-devices-to-spy-on-researchers-']"
1881,Unknown attackers disrupted IT systems at Tallahassee Memorial HealthCare (TMH) in Florida on 2 February 2023,"Unknown attackers disrupted IT systems at the regional hospital Tallahassee Memorial HealthCare (TMH) in Florida in a suspected ransomware attack on 2 February 2023. Operating under IT downtime protocols, the facility canceled non-emergency treatments and outpatient procedures. To ensure care delivery, TMH limited admission to the most critically injured patients (level 1 trauma) in its immediate service are and has otherwise been redirecting emergency medical services.
",2023-02-02,2023-02-02,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,[['Tallahassee Memorial HealthCare']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/cahlberg/status/1624147422019522603', 'https://therecord.media/ransomware-attack-leads-to-massive-data-breach-from-california-health-network/', 'https://www.malwarebytes.com/blog/news/2023/02/a-week-in-security-february-6-12', 'https://twitter.com/TonyaJoRiley/status/1625152474507083778', 'https://therecord.media/tallahassee-hospital-diverting-patients-canceling-non-emergency-surgeries-after-cyberattack/', 'https://www.bleepingcomputer.com/news/security/florida-hospital-takes-it-systems-offline-after-cyberattack/', 'https://www.databreaches.net/fl-tallahassee-memorial-hospital-victim-of-suspected-ransomware-attack/', 'https://twitter.com/vxunderground/status/1621565325975212033', 'https://securityaffairs.com/141792/hacking/tallahassee-memorial-healthcare-cyberattack.html', 'https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html', 'https://twitter.com/securityaffairs/status/1622172170922123264', 'https://www.tmh.org/news/2023/tallahassee-memorial-managing-it-security-issue', 'https://floridapolitics.com/archives/585686-tallahassee-memorial-hospital-victim-of-suspected-ransomware-attack/', 'https://www.tmh.org/news/2023/february-4-update-tmh-managing-it-security-issue', 'https://www.tmh.org/news/2023/tallahassee-memorial-making-progress-managing-it-security-event', 'https://research.checkpoint.com/2023/6th-february-threat-intelligence-report/', 'https://www.malwarebytes.com/blog/news/2023/02/florida-hospital-takes-entire-it-systems-offline-after-ransomware-attack', 'https://twitter.com/AlexMartin/status/1639241047816511501', 'https://securityaffairs.com/144811/cyber-crime/cyberattack-cornwall-community-hospital-ontario.html']"
1882,Chinese state-sponsored hacking group Mustang Panda deployed PlugX backdoor against the network of an unnamed European organization in December 2022,"The Chinese state-sponsored hacking group Mustang Panda deployed the PlugX backdoor against the network of an unnamed European organization in December 2022, according to Dutch cybersecurity firm EclecticIQ. ",2022-12-01,2022-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,[['Not available']],['Europe (region)'],,[['Unknown']],,['Mustang Panda/RedEcho/Bronze President/Earth Preta'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2023-02-02 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,EclecticIQ,,Netherlands,Mustang Panda/RedEcho/Bronze President/Earth Preta,China,"Non-state actor, state-affiliation suggested",,['https://blog.eclecticiq.com/mustang-panda-apt-group-uses-european-commission-themed-lure-to-deliver-plugx-malware'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://decoded.avast.io/threatresearch/avast-q4-2022-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q4-2022-threat-report', 'https://twitter.com/780thC/status/1621464181152141312', 'https://twitter.com/Cyber_O51NT/status/1621313406367309825', 'https://twitter.com/Arkbird_SOLG/status/1621533338832871425', 'https://blog.eclecticiq.com/mustang-panda-apt-group-uses-european-commission-themed-lure-to-deliver-plugx-malware', 'https://twitter.com/RecordedFuture/status/1626633928327954434', 'https://twitter.com/SteffenHeyde/status/1632990915873652743']"
1883,"Websites of several clinics in Franconia, Germany, were taken down with DDoS attacks in January 2023","On 31 January 2023, several hospitals in Bavarian Franconia, Germany, were taken down with DDoS attacks. The attacks were confirmed by the Geomed Clinic in Gerolzhofen and the City Hospital in Schwabach. The hospitals' websites were unavailable for several hours. Previously, the pro-Russian hacktivist group Killnet had called for attacks on the websites of a total of seven Bavarian hospitals, including those in Schwabach and Gerolzhofen. Responsibility for the attacks has not been independently confirmed.",2023-01-31,2023-01-31,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption,"[['Geomed Klinik'], ['Stadtkrankenhaus Schwabach']]","['Germany', 'Germany']","[['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Critical infrastructure'], ['Critical infrastructure']]","[['Health'], ['Health']]",['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://twitter.com/VessOnSecurity/status/1622019679974744067', 'https://www.br.de/nachrichten/netzwelt/hacker-angriffe-auf-mehrere-kliniken-in-franken,TUcc0Xs', 'https://twitter.com/ransomwaremap/status/1622624728585306118']"
1884,Iranian state-sponsored hacking group APT34 stole information from Middle Eastern governments using new backdoor MrPerfectInstaller in December 2022,"The Iranian state-sponsored hacking group APT34 stole information from Middle Eastern governments using the new backdoor MrPerfectInstaller in December 2022, according to a technical report by IT security firm Trend Micro. 
The hacking group's goal was to steal user credentials for stable access to email accounts to be able to exfiltrate data via government Exchange Servers.",2022-12-01,2022-12-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['Middle East (region)'],,[['State institutions / political system']],[['Government / ministries']],['OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2023-02-02 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Trend Micro,,Japan,OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)",['https://www.trendmicro.com/en%5Fus/research/23/b/new-apt34-malware-targets-the-middle-east.html'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,2.0,Not available,Not available,1-10,0.0,1-10,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://thehackernews.com/2023/02/iranian-oilrig-hackers-using-new.html', 'https://www.trendmicro.com/en%5Fus/research/23/b/new-apt34-malware-targets-the-middle-east.html', 'https://research.checkpoint.com/2023/6th-february-threat-intelligence-report/']"
1885,Unknown hackers accessed and exfiltrated data from the network of Californian health clinic Cardiovascular Associates beginning on 28 November 2022,"Unknown hackers accessed and exfiltrated data from the network of the Cardiovascular Associates (CVA) clinic in California during the period of 28 November and 5 December 2022, according to a notification by CVA to the California Attorney General's Office. Based on CVA filings, the breached records may have contained personal information of patients, including passport and driver’s license numbers but also credit/debit card information as well as details about medical treatments and tests or diagnoses.
",2022-11-28,2022-12-05,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,[['Cardiovascular Associates (CVA)']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/four-more-attacks-on-the-healthcare-sector-weekend-edition/', 'https://oag.ca.gov/system/files/2023-02-03%20-%20CVA%20Individual%20Notice%20Templates.pdf', 'https://www.govinfosecurity.com/lawsuit-against-clinic-seeks-long-list-cyber-improvements-a-21480']"
1886,Unknown hackers accessed and exfiltrated data of Regal Medical Group in a ransomware attack beginning on 1 December 2022,"Unknown hackers accessed and exfiltrated some data of Regal Medical Group in a ransomware attack between 1 and 8 December 2022, according to a data breach notification filed by Regal to the California Attorney General's Office. Based on this notification, affected records may have contained personal information of patients, such as name, address, date of birth, social security number, but also medical details on diagnoses, treatments, test results, and prescriptions.",2022-12-01,2022-01-08,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,"[['Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical']]",['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],,,,,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/four-more-attacks-on-the-healthcare-sector-weekend-edition/', 'https://oag.ca.gov/system/files/Regal%20John%20Doe%20Letter%20Feb%201%202023.pdf', 'https://twitter.com/Dinosn/status/1624253493371367425', 'https://twitter.com/cahlberg/status/1624147422019522603', 'https://therecord.media/ransomware-attack-leads-to-massive-data-breach-from-california-health-network/', 'https://www.bleepingcomputer.com/news/security/california-medical-group-data-breach-impacts-33-million-patients/', 'https://www.govinfosecurity.com/california-medical-groups-ransomware-breach-affects-33m-a-21181', 'https://twitter.com/RecordedFuture/status/1625132730223656960', 'https://www.govinfosecurity.com/5-lawsuits-filed-in-ransomware-breach-affecting-33-million-a-21287']"
1887,Unknown hackers gained access to the email account of an employee at Southeast Colorado Hospital District (SECHD) on 23 November 2022,"Unknown hackers gained access to the email account of an employee at Southeast Colorado Hospital District (SECHD) in the period of 23 November and 5 December 2022, based on a data security incident notice issued by SECHD. The compromised inbox contained personal data of patients. Among the records affected, the notification lists personal information of patients, such as name, date of birth, social security and driver’s license numbers, but also medical details on diagnoses, treatments, and further health insurance information.",2022-11-23,2022-12-05,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,[['Southeast Colorado Hospital District (SECHD)']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],,,,,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/four-more-attacks-on-the-healthcare-sector-weekend-edition/', 'https://www.sechosp.org/docs/2%5F3%5F2023%5FData.pdf']"
1888,"Unknown hackers accessed and exfiltrated patient data from San Diego health care provider Sharp on January 12, 2023","Unknown hackers accessed and exfiltrated patient data from Sharp Healthcare, the largest health provider in San Diego, on January 12, 2023 over the span of a few hours. According to the incident notification by Sharp, the data breach affected the record of 62,777 patients. Compromised data did not include payment details or clinical information but, based on an initial assessment, is limited to patient names, internal identification numbers/invoice numbers, payment amounts, and the names of the Sharp facilities receiving the payments.",2023-01-12,2023-01-12,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,[['Sharp HealthCare']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/sharp-notifies-nearly-63000-patients-of-data-breach-involving-payment-portal/', 'https://www.sharp.com/notice-to-our-patients.cfm']"
1889,"Ransomware hack on computer servers running VMware ""ESXi"" software in Italy in early February 2023","A global ransomware campaign targeting a known vulnerability in VMware's ESXi servers (CVE-2021-21974) affected Italian water and energy utility company Acea in early February. The incident did not impair the company's operations. The Italian government declared on 6 February that there was no evidence of a state actor carrying out the attack but rather suspected a criminal outfit. In a statement to the press, the Italian National Cybersecurity Agency linked the incident to the BlackBasta ransomware group, which shares connections with the now defunct Conti gang. The French CERT first reported the ransomware wave directed against thousands of servers running VMware virtual machines on 3 February. Most attacks targeted systems in France, the United States, Germany, Canada and other European countries.",2023-02-02,2023-02-05,"Attack on non-political target(s), politicized; Attack on critical infrastructure target(s)",,Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,"[['Not available'], ['Acea']]","['Italy', 'Italy']","[['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU']]","[['Not available'], ['Critical infrastructure', 'Critical infrastructure']]","[[''], ['Water', 'Energy']]",['Not available'],['Not available'],['Non-state-group'],['Criminal(s)'],2,2023-02-06; 2023-02-06; 2023-02-06,"Political statement / report (e.g., on government / state agency websites); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Media-based attribution; Attribution by receiver government / state entity,Italian Government; Agenzia Per La Cybersicurezza Nazionale; Agenzia Per La Cybersicurezza Nazionale,,Italy; Italy; Italy,Not available; BlackBasta; BlackBasta,,Non-state-group; Non-state-group; Non-state-group,Criminal(s); Criminal(s); Criminal(s),"['https://www.govinfosecurity.com/blackbasta-blamed-for-global-attacks-on-vmware-esxi-servers-a-21125', 'https://www.agenzianova.com/en/news/acea-after-the-hacker-attack-the-operation-of-the-computer-systems-was-restored/']",Unknown,Unknown,,Unknown,,3,2023-02-06; 2023-02-06; 2023-02-03,EU member states: Stabilizing measures; State Actors: Preventive measures; EU member states: Preventive measures,Statement by other ministers/members of parliament; Awareness raising; Awareness raising,Italy; Italy; France,Italian Government; National Cybersecurity Agency of Italy (ACN); Computer Emergency Response Team of France (CERT France),No,,Exploit Public-Facing Application,Data Encrypted for Impact,None,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,Not available,0.0,euro,None/Negligent,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Italy,Agenzia Cybersicurezza Nazionale (ACN),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.hackread.com/vmware-esxiargs-ransomware-attacks/', 'https://www.govinfosecurity.com/blackbasta-blamed-for-global-attacks-on-vmware-esxi-servers-a-21125', 'https://twitter.com/DigitalPeaceNow/status/1622715616879673373', 'https://twitter.com/nicoleperlroth/status/1622706936323133440', 'https://twitter.com/Dinosn/status/1622640727946559491', 'https://twitter.com/ciaranmartinoxf/status/1622704218653003777', 'https://www.ilsole24ore.com/art/attacco-hacker-come-e-stato-effettuato-e-come-difendersi-AEofnciC', 'https://www.ilsole24ore.com/art/cybersicurezza-vertice-palazzo-chigi-danni-e-strategia-AEC9OXiC', 'https://www.reuters.com/technology/italys-govt-global-cyber-attack-did-not-come-state-entity-2023-02-06/', 'https://www.governo.it/en/articolo/meeting-held-palazzo-chigi-global-cyber-attack/21720', 'https://www.agenzianova.com/en/news/acea-after-the-hacker-attack-the-operation-of-the-computer-systems-was-restored/', 'https://www.ansa.it/sito/notizie/economia/2023/02/05/agenzia-cyber-massiccio-attacco-hacker-in-corso_453b24d2-5a1b-46f8-9e18-1d070a768b05.html', 'https://nakedsecurity.sophos.com/2023/02/07/using-vmware-worried-about-esxi-ransomware-check-your-patches-now/', 'https://twitter.com/snlyngaas/status/1623030388980416512', 'https://twitter.com/DarkReading/status/1623026319050084366', 'https://twitter.com/Cyber_O51NT/status/1622777690322501633', 'https://www.ilsole24ore.com/art/cybersecurity-ecco-perche-falla-sistemi-esxi-e-grave-ed-urgente-difendersi-AEUoPCjC', 'https://www.cert.ssi.gouv.fr/alerte/CERTFR-2023-ALE-015/', 'https://twitter.com/Arkbird_SOLG/status/1623690733424189442', 'https://www.databreaches.net/new-esxiargs-ransomware-version-prevents-vmware-esxi-recovery/', 'https://news.postimees.ee/7709620/cyber-attacks-against-estonian-state-institutions-companies-continued-in-january', 'https://www.ilsole24ore.com/art/l-attacco-hacker-forse-diversivo-che-nasconde-strategia-piu-complessa-AEHHyClC', 'https://www.malwarebytes.com/blog/news/2023/02/new-esxiargs-encryption-routine-outmaneuvers-recovery-methods', 'https://www.darkreading.com/vulnerabilities-threats/attackers-can-exploit-flaw-in-vmware-esxi-hypervisor-in-multiple-ways', 'https://www.recordedfuture.com/esxiargs-ransomware-targets-vmware-esxi-openslp-servers', 'https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2023-police-take-action/']"
1890,Dutch law enforcement agencies gained access to and disrupted the encrypted messaging platform Exclu starting both in 2020 and 2022 ,"The National Public Prosecution Service of the Netherlands oversaw two investigations into the encrypted messaging platform Exclu. The efforts resulted in the arrest of the two owners and managers of the communications service as well as 40 users suspected of reyling on the application for the planning and coordination of crimes. Named 26Samber and 26Lytham, the operations that had been underway since September 2020 and April 2022, respectively, broke into Exclu to monitor communications. The platform has subsequently been dismantled. 
As part of this cross-broder investigation, Dutch investigators collaborated with Eurojust, Europol, and local law enforcement partners in Italy, Sweden, France, and Germany. ",2020-09-01,2023-01-01,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies)",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,[['Exclu']],['Netherlands'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Social groups']],[['Criminal']],['Dutch Public Prosecution Service'],['Netherlands'],['State'],,1,2023-02-03 00:00:00,"Political statement / report (e.g., on government / state agency websites)",Attribution by receiver government / state entity,Dutch Federal Police (Politie),,Netherlands,Dutch Public Prosecution Service,Netherlands,State,,['https://www.politie.nl/nieuws/2023/februari/3/politie-leest-opnieuw-mee-met-criminelen.html'],Cyber-specific,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,12.0,Months,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,Not available,0.0,euro,Direct (official members of state entities / agencies / units responsible),Human rights,Civic / political rights,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.bleepingcomputer.com/news/security/police-hacked-exclu-secure-message-platform-to-snoop-on-criminals/', 'https://www.hackread.com/cybercrime-encrypted-messenger-exclu-seized/', 'https://twitter.com/josephfcox/status/1622617173389676546', 'https://www.politie.nl/nieuws/2023/februari/3/politie-leest-opnieuw-mee-met-criminelen.html']"
1891,Iranian state-sponsored hacking group NEPTUNIUM is suspected of stealing personal information from Charlie Hebdo subscribers and defacing its website in January 2023,"The Iranian state-sponsored hacking group Neptunium stole the personal information of subscribers of the French satire magazine Charlie Hebdo and defaced its website in January 2023, Microsoft's Digital Threat Analysis Center (DTAC) assesses with high confidence.
The operation traces back to December 2022, when Charlie Hebdo announced a cartoon contest featuring Iran's Supreme Leader Ali Khamenei as the subject. 
On 4 January 2023, a user by the name Holy Souls claimed to have obtained the personal information of 230,000 Charlie Hebdo subscribers. Samples released togehter with the online post show the full names, phone numbers, financial information, as well as email and home addresses of individuals that Le Monde confirmed as actual subscribers of the magazine. The information could expose readers to harm, digitally and in the real world. News about both the defacement and alleged data theft were pushed in a concerted effort across social media platforms that matches with tactics Microsoft had observed for earlier Iranian-directed influence campaigns. 
Reports that the purported cache of customer details was obtained in a breach of the outlet's database are based on statements by Holy Souls that have not been independently or directly confirmed by Charlie Hebdo.
Microsoft identifies Neptunium as Emennet Pasargad, an Iranian cyber firm that was sanctioned by the US Treasury Department in November 2021 over attempts to interfere in the 2020 US presidential elections. The company had previously been designated under the US sanctions regime in February 2019 as Net Peygard Samavat Company before later rebranding as Emennet Pasargad.",,2023-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by attacker,Data theft; Disruption; Hijacking with Misuse,[['Charlie Hebdo']],['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Media']],,['NEPTUNIUM / Emennet Pasargad'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,1,2023-02-03 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Microsoft,,United States,NEPTUNIUM / Emennet Pasargad,"Iran, Islamic Republic of","Non-state actor, state-affiliation suggested",,['https://blogs.microsoft.com/on-the-issues/2023/02/03/dtac-charlie-hebdo-hack-iran-neptunium/'],System / ideology,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Exfiltration; Defacement,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,10.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,None,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Sovereignty,,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://blogs.microsoft.com/on-the-issues/2023/02/03/dtac-charlie-hebdo-hack-iran-neptunium/', 'https://cyberscoop.com/iran-charlie-hebdo-hack/', 'https://www.jpost.com/international/article-730541', 'https://www.darkreading.com/attacks-breaches/iran-backed-actor-behind-cyberattack-charlie-hebdo-microsoft-says', 'https://twitter.com/iblametom/status/1621513502149206023', 'https://twitter.com/campuscodi/status/1621529797619752962', 'https://securityaffairs.com/141855/apt/charlie-hebdo-data-leak-iran.html', 'https://jyllands-posten.dk/international/ECE14953615/microsoft-iranere-stod-bag-hackerangreb-paa-charlie-hebdo/', 'https://twitter.com/securityaffairs/status/1622219319823241220', 'https://www.lesechos.fr/tech-medias/medias/microsoft-affirme-que-liran-est-a-lorigine-de-la-cyberattaque-contre-charlie-hebdo-1903746', 'https://thehackernews.com/2023/02/microsoft-iranian-nation-state-group.html', 'https://twitter.com/asfakian/status/1622555787158605826', 'https://twitter.com/fr0gger_/status/1622475455805935621', 'https://twitter.com/unix_root/status/1622636487169671169', 'https://twitter.com/780thC/status/1622584638144147457', 'https://www.lemonde.fr/lmdgft/1/NjE1NjkxNi1mZjNlZmMwMGQ1NGUyMWVlMTBmYzRmZjBjZjAzYjU2YzNkY2JkM2NlYjNhZjIwZTg2ZGIwMTJlYThjODA0OWE3?random=1150217085', 'https://web.archive.org/web/20230109230217/https://www.youtube.com/watch?v=GKRnCjbMqEM', 'https://web.archive.org/web/20230109230105/https://breached.vc/Thread-Personal-information-of-230000-customers-of-charliehebdo-fr', 'https://twitter.com/CERTEU/status/1631572192667353089']"
1892,Ross Memorial Hospital in Canada was hit by a suspected ransomware attack in February 2023,"Ross Memorial Hospital in Kawartha Lakes in Ontario, Canada, was hit by a suspected ransomware attack on 5 February 2023 that disabled some diagnostic systems and access to medical files. The hospital initiated 'code grey', defined in Ontario for the loss of a critical system or intervention measures (including in the event of a ransomware attack) that may result in a health and safety risk to those in the hospital. The incident may be related to global ransomware attacks aimed at a vulnerability in VMware ESXi, whis is used in the setup of virtual machines (CVE-2021-21974).",2023-01-01,,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,[['Ross Memorial Hospital']],['Canada'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],,,,,1,,,,,,None; Canada,,,None; Unknown - not attributed,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Exploit Public-Facing Application,Data Encrypted for Impact,None,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,,,,,,,Not available,,"['https://rmh.org/news-releases/ross-memorial-hospital-issues-code-grey', 'https://www.govinfosecurity.com/ontario-hospital-among-latest-healthcare-cyberattack-victims-a-21154', 'https://www.databreaches.net/suspected-ransomware-attack-disables-some-systems-at-ross-memorial-hospital/']"
1893,Unknown hackers crippled the IT systems of German pipeline and plant manufacturer Friedrich Vorwerk in a ransomware attack in mid-November 2022,"Unknown hackers crippled the IT systems of German pipeline and equipment manufacturer Friedrich Vorwerk in a ransomware attack in mid-November 2022, a Friedrich Vorwerk company spokeswoman explained to news website heise online.
The company managed to restore the IT systems shortly before Christmas. The disruption affected file and database servers as well as some workstations. ",2022-11-15,2022-01-01,Not available,,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,[['Friedrich Vorwerk Group']],['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Critical infrastructure']],[['Critical Manufacturing']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Destruction,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,9.0,Weeks (< 4 weeks),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/secIT_DE/status/1622950948137205760', 'https://www.friedrich-vorwerk.de/files/230130-VOR-2022-Q4-DE.pdf', 'https://twitter.com/Dennis_Kipker/status/1623655021043744770']"
1894,"Ransomware attack against South African telco and cloud hosting provider RSAWeb caused a days-long outage beginning on 1 February 2023, ","The South African telecommunication and cloud hosting provider RSAWeb was hit by a ransomware attack on 1 February 2023, causing a days-long outage. According to a letter from RSAWeb CEO Rudy van Staden sent to the company’s clients on 5 February, the attack affected its website, fibre, mobile, hosting, VoIP, and PBX services. Van Staden further claimed that his company was targeted by an “extremely capable and devious threat actor"" and that this attack was ""part of a campaign that has victimized many other businesses both in South Africa and globally.” According to the CEO, the company does not believe that customer or employee data was accessed as part of the attack.
",2023-02-01,2023-02-06,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,"[['Not available'], ['Not available'], ['RSAWeb']]","['South Africa', 'Global (region)', 'South Africa']","[['AFRICA', 'SSA'], [], ['AFRICA', 'SSA']]","[['Unknown'], ['Unknown'], ['Critical infrastructure']]","[[''], [''], ['Telecommunications']]",['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Exploit Public-Facing Application,Data Encrypted for Impact,None,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/UK_Daniel_Card/status/1622496897612087298', 'https://mybroadband.co.za/news/security/479051-rsaweb-hit-by-ransomware-attack.html?utm_source=substack&utm_medium=email', 'https://www.citizen.co.za/lifestyle/technology/rsaweb-outage-global-ransomware-threat/', 'https://twitter.com/DarkReading/status/1631368024824373286']"
1898,Russian-speaking hacker group WinterVivern gained access to and stole data from the computer systems of the Polish and Ukrainian governments beginning on 31 January 2023,"Russian-speaking hacker group WinterVivern/UAC-0114 gained access to and stole data from the computer systems of the Polish and Ukrainian governments beginning on 31 January 2023, stated a CERT-UA report with high confidence.
The hacking group managed to take screenshots, search the desktop folder and exfiltrate user data. ",2023-01-31,2023-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Hijacking with Misuse,"[['Not available'], ['Not available']]","['Poland', 'Ukraine']","[['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'EASTEU']]","[['State institutions / political system'], ['State institutions / political system']]","[['Government / ministries'], ['Government / ministries']]",['WinterVivern'],['Not available'],['Unknown - not attributed'],,1,2023-02-06 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attribution by receiver government / state entity,CERT-UA,,Ukraine,WinterVivern,,Unknown - not attributed,,['https://scpc.gov.ua/api/docs/4eeb6a10-b7aa-4396-8b04-e0e4b7fca1lj/4eeb6a10-b7aa-4396-8b04-e0e4b7fca1lj.pdf'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-02-08 00:00:00,State Actors: Preventive measures,Awareness raising,Ukraine,The State Cyber Protection Centre of the State Service of Special Communication and Information Protection of Ukraine,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,0.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,Not available,,"['https://scpc.gov.ua/api/docs/4eeb6a10-b7aa-4396-8b04-e0e4b7fca1lj/4eeb6a10-b7aa-4396-8b04-e0e4b7fca1lj.pdf', 'https://therecord.media/hackers-used-fake-websites-to-target-state-agencies-in-ukraine-and-poland/', 'https://twitter.com/dsszzi/status/1623380073553207315', 'https://twitter.com/RecordedFuture/status/1623676196402733057', 'https://thehackernews.com/2023/03/winter-vivern-apt-targets-european.html']"
1867,Pro-Russian hacktivist group Killnet disrupted several hospital websites in Europe in January 2023,"The pro-Russian hacktivist group Killnet is suspected to be responsible for disrupting the information page of the University Medical Center of Groningen (UMCG) in the Netherlands, with DDoS attacks during 28-30 January 2023 according to Z-Cert, an expertise center for cybersecurity in healthcare. In addition, the websites of other European hospitals were also affected by DDoS attacks.",2023-01-28,2023-01-30,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption,"[['Not available'], ['Not available'], ['University Medical Center Groningen'], ['Not available'], ['Not available']]","['Poland', 'Germany', 'Netherlands', 'Northern Europe', 'United Kingdom']","[['EUROPE', 'NATO', 'EU', 'EASTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], ['EUROPE', 'NATO', 'EU', 'WESTEU'], [], ['EUROPE', 'NATO', 'NORTHEU']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[['Health'], ['Health'], ['Health'], ['Health'], ['Health']]",['Killnet'],['Russia'],['Non-state-group'],['Hacktivist(s)'],3,2023-01-30; 2023-01-23; 2023-02-01,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms; Attribution by receiver government / state entity,Z-Cert; Killnet; Dutch National Cybersecurity Centre (NCSC),,Netherlands; Russia; Netherlands,Killnet; Killnet; Killnet,Russia; Russia; Not available,Non-state-group; Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s); Hacktivist(s),"['https://www.volkskrant.nl/nieuws-achtergrond/ziekenhuis-groningen-geraakt-door-pro-russische-hackers-geen-vitale-systemen-getroffen~b7becbaa/', 'https://t.me/killnet_reservs/4977', 'https://www.euronews.com/2023/02/01/european-hospitals-targeted-by-pro-russian-hackers']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-02-01 00:00:00,EU member states: Preventive measures,Awareness raising,Netherlands,Nationaal Cyber Security Centrum (NCSC) of the Netherlands,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,11-50,0.0,,0.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://blog.cloudflare.com/uptick-in-healthcare-organizations-experiencing-targeted-ddos-attacks/', 'https://www.nrc.nl/nieuws/2023/01/30/website-gronings-ziekenhuis-crasht-door-aanval-pro-russische-hackersgroep-a4155683', 'https://www.volkskrant.nl/nieuws-achtergrond/ziekenhuis-groningen-geraakt-door-pro-russische-hackers-geen-vitale-systemen-getroffen~b7becbaa/', 'https://t.me/killnet_reservs/4977', 'https://twitter.com/Dennis_Kipker/status/1620499064684154882', 'https://securityaffairs.com/141695/cyber-warfare-2/killnet-hit-dutch-european-hospitals.html', 'https://www.darkreading.com/ics-ot/killnet-pro-russia-hacktivist-group-support-influence-grows', 'https://twitter.com/CERTEU/status/1620743978286223360', 'https://twitter.com/securityaffairs/status/1620886916915941376', 'https://www.securityweek.com/dutch-european-hospitals-hit-by-pro-russian-hackers/', 'https://therecord.media/passion-botnet-customizable-pro-russia-hackers/', 'https://twitter.com/securityaffairs/status/1621617739721752579', 'https://twitter.com/securityaffairs/status/1621511156430143490', 'https://twitter.com/RecordedFuture/status/1621646458259750912', 'https://www.ncsc.nl/actueel/nieuws/2023/februari/1/nederlandse-ziekenhuizen-getroffen-door-ddos-aanvallen', 'https://securityaffairs.com/141850/breaking-news/security-affairs-newsletter-round-405-by-pierluigi-paganini.html', 'https://twitter.com/cahlberg/status/1621670609032806400', 'https://www.euronews.com/2023/02/01/european-hospitals-targeted-by-pro-russian-hackers', 'https://therecord.media/ddos-hospitals-cisa-killnet-limited-effects/', 'https://twitter.com/RecordedFuture/status/1623069165891342336', 'https://securityaffairs.com/142006/hacktivism/killnet-proxy-ips-addresses.html', 'https://twitter.com/cahlberg/status/1624843345741635585', 'https://www.malwarebytes.com/blog/news/2023/02/killnet-group-targets-us-and-european-hospitals-with-ddos-attacks', 'https://twitter.com/RecordedFuture/status/1625132464359280642', 'https://therecord.media/killnet-ddos-hospitals-healthcare-russia', 'https://www.microsoft.com/en-us/security/blog/2023/03/17/killnet-and-affiliate-hacktivist-groups-targeting-healthcare-with-ddos-attacks/']"
1901,Cybercriminals gained access to the corporate network of the Swiss Federal Railways (SBB) in February 2023,"Cybercriminals gained access to part of the corporate network of the Swiss Federal Railways (SBB) during the weekend of 4-5 February 2023, according to an internal letter addressed to SBB employees dated 8 February 2023.
",2023-02-04,2023-02-05,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Hijacking without Misuse,[['Swiss Federal Railways (SBB)']],['Switzerland'],"[['EUROPE', 'WESTEU']]",[['Critical infrastructure']],[['Transportation']],['Not available'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2023-02-08 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Receiver attributes attacker,Swiss Federal Railways (SBB),,Switzerland,,,Non-state-group,Criminal(s),['https://www.watson.ch/digital/schweiz/218657964-cyberangriff-auf-die-sbb-strafanzeige-eingereicht'],Unknown,Not available,,Not available,,0,,,,,,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)","Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)",none,2,Moderate - high political importance,2.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/dani_stoffers/status/1623624835489316865', 'https://www.watson.ch/digital/schweiz/218657964-cyberangriff-auf-die-sbb-strafanzeige-eingereicht']"
1902,Unknown actors temporarily disrupted access to the website of Estonia's Ministry of Foreign Affairs in a DDoS attack during 19-20 January 2023,"Unknown actors disrupted access to the website of Estonia's Ministry of Foreign Affairs in a DDoS attack for short periods between 19 and 20 January 2023, a spokesperson for the Estonian Information System Authority (RIA) confirmed on 9 February 2023. An earlier, less focused wave of DDoS attacks launched on 15 January against several Estonian government institutions - including the websites of the government, the parliament, the e-government services portal, the ministries of defence, finance, justice, and economic affairs, the central bank, and the health board - failed to produce effects.",2023-01-19,2023-01-20,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Disruption,[['Ministry of Foreign Affairs (Estonia)']],['Estonia'],"[['EUROPE', 'NATO', 'EU', 'NORTHEU']]",[['State institutions / political system']],[['Government / ministries']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,1,2023-02-09 00:00:00,EU member states: Preventive measures,Awareness raising,Estonia,Estonian Information System Authority (RIA) ,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,['https://news.postimees.ee/7709620/cyber-attacks-against-estonian-state-institutions-companies-continued-in-january']
1903,Hacktivist group Edalate Ali briefly interrupted broadcast of Iranian President Ebrahim Raisi's speech on the 44th anniversary of the Iranian Revolution on 11 February 2023,Hacktivist group Edalate Ali (Justice of Ali) interrupted a broadcast of Iranian President Ebrahim Raisi's speech on the 44th anniversary of the Iranian Revolution on 11 February 2023. For a short period of about one minute a logo of the group replaced footage of Raisi on the Internet livestream.,2023-02-11,2023-02-11,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,[['Islamic Republic of Iran Broadcasting (IRIB)']],"['Iran, Islamic Republic of']","[['ASIA', 'MENA', 'MEA']]",[['Media']],,['Edaalate Ali'],['Not available'],['Non-state-group'],['Hacktivist(s)'],1,2023-02-11 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Edaalate Ali,,,Edaalate Ali,,Non-state-group,Hacktivist(s),['https://twitter.com/EdaalateAli1400/status/1624331120710979584?s=20&t=w5gEkN-uGSjbnpVx0C3yEg'],System / ideology; National power,System/ideology; National power,Iran (opposition); Iran (opposition),Unknown,,0,,,,,,No,,Not available,Defacement,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/switch_d/status/1624786767529365504', 'https://edition.cnn.com/2023/02/12/middleeast/hackers-interrupt-iran-leader-revolution-anniversary-intl-hnk/index.html', 'https://twitter.com/EdaalateAli1400/status/1624331120710979584?s=20&t=w5gEkN-uGSjbnpVx0C3yEg', 'https://twitter.com/thegrugq/status/1624612974664228866', 'https://twitter.com/AnonOpsSE/status/1624494266583056387', 'https://twitter.com/AnonOpsSE/status/1624480411261849600', 'https://www.lastampa.it/esteri/2023/02/11/video/iran_gli_hacker_interrompono_il_discorso_di_raisi_sulla_tv_di_stato_morte_a_khamenei-12637387/', 'https://www.rferl.org/a/iran-revolution-anniversary-protests-hackers/32266691.html', 'https://www.hackread.com/iran-tv-hacked-revolution-day/', 'https://securityaffairs.com/142172/hacktivism/iranian-state-tv-hacked.html', 'https://twitter.com/securityaffairs/status/1625021116237459462', 'https://twitter.com/securityaffairs/status/1625021246130819072', 'https://twitter.com/securityaffairs/status/1625421549116305410', 'https://twitter.com/securityaffairs/status/1625422699202740224', 'https://twitter.com/YourAnonNews/status/1625745317076570113']"
1904,"Andariel, a subgroup of North Korean APT Lazarus, disrupted US and South Korean healthcare providers and other critical infrastructure with ransomware attacks","North Korean cyber actors disrupted US and South Korean healthcare providers and public health organizations as well as other critical infrastructure operators with ransomware attacks, according to a Joint Cybersecurity Advisory from US and South Korean security agencies. 
John Hultquist, Vice President of Threat Intelligence at cybersecurity firm Mandiant, noted that the company's analysis tied the activity described in the alert to Andariel, a subgroupp of North Korean state-sponsored hacking group Lazarus.",,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by authorities of victim state,Disruption; Hijacking with Misuse; Ransomware,"[['Not available'], ['Not available'], ['Not available'], ['Not available']]","['Korea, Republic of', 'Korea, Republic of', 'United States', 'United States']","[['ASIA', 'SCS', 'NEA'], ['ASIA', 'SCS', 'NEA'], ['NATO', 'NORTHAM'], ['NATO', 'NORTHAM']]","[['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure'], ['Critical infrastructure']]","[[''], ['Health'], [''], ['Health']]",['Not available'],"[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']",,2,2023-02-09; 2023-02-09; 2023-02-09; 2023-02-09; 2023-02-09; 2023-02-09; 2023-02-09; 2023-02-09; 2023-02-09; 2023-02-09; 2023-02-09; 2023-02-09; 2023-02-09,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; Attribution by receiver government / state entity; IT-security community attributes attacker,"Cybersecurity and Infrastructure Security Agency (CISA); Cybersecurity and Infrastructure Security Agency (CISA); Federal Bureau of Investigation (FBI); Federal Bureau of Investigation (FBI); National Security Agency (NSA); National Security Agency (NSA); U.S. Department of Health and Human Services (HHS); U.S. Department of Health and Human Services (HHS); National Intelligence Service (NIS); National Intelligence Service (NIS); Republic of Korea Defense Security Agency (DSA); Republic of Korea Defense Security Agency (DSA); John Hultquist (Vice-President Mandian Threat Intelligence, United States)",,"United States; Korea, Republic of; United States; Korea, Republic of; United States; Korea, Republic of; United States; Korea, Republic of; United States; Korea, Republic of; United States; Korea, Republic of; United States","Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Not available; Andariel/Silent Chollima/G0138 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested",,"['https://twitter.com/JohnHultquist/status/1623753192814047232', 'https://media.defense.gov/2023/Feb/09/2003159161/-1/-1/0/CSA%5FRANSOMWARE%5FATTACKS%5FON%5FCI%5FFUND%5FDPRK%5FACTIVITIES.PDF']",Unknown,Not available,,Not available,,1,2023-02-10 00:00:00,State Actors: Preventive measures,Awareness raising,United States,Cybersecurity and Infrastructure Security Agency (CISA),No,,Exploit Public-Facing Application,Data Encrypted for Impact,None,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Minor,5.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,Not available,0.0,1-10,2.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.wired.com/story/north-korea-hacking-us-hospitals/', 'https://twitter.com/JohnHultquist/status/1623753192814047232', 'https://media.defense.gov/2023/Feb/09/2003159161/-1/-1/0/CSA%5FRANSOMWARE%5FATTACKS%5FON%5FCI%5FFUND%5FDPRK%5FACTIVITIES.PDF', 'https://twitter.com/InfoSecSherpa/status/1624616312877072389', 'https://twitter.com/cybersecboardrm/status/1624460781973544971', 'https://twitter.com/Arkbird_SOLG/status/1624563938338693120', 'https://securityaffairs.com/142136/breaking-news/security-affairs-newsletter-round-406-by-pierluigi-paganini.html', 'https://therecord.media/north-korea-hackers-funding-us-south-korea-advisory/', 'https://twitter.com/StateCDP/status/1623746020180910080', 'https://twitter.com/cybersecboardrm/status/1623802230930300929', 'https://cyberscoop.com/north-korea-ransomware-hospital/', 'https://twitter.com/ciaranmartinoxf/status/1624381793494351872', 'https://securityaffairs.com/142115/hacking/mft-terramaster-intel-driver-flaws-to-its-known-exploited-vulnerabilities-catalog.html', 'https://twitter.com/Dinosn/status/1624286604985610243', 'https://twitter.com/Cyber_O51NT/status/1624253022389010432', 'https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-10th-2023-clops-back/', 'https://twitter.com/securityaffairs/status/1624168111426400256', 'https://securityaffairs.com/142090/breaking-news/north-korea-hackers-ransomware.html', 'https://twitter.com/CyberScoopNews/status/1624097718472781849', 'https://twitter.com/ImposeCost/status/1624082760993308672', 'https://www.bleepingcomputer.com/news/security/north-korean-ransomware-attacks-on-healthcare-fund-govt-operations/', 'https://twitter.com/mikko/status/1624039678767685638', 'https://twitter.com/CISAJen/status/1623834199152001024', 'https://www.darkreading.com/attacks-breaches/healthcare-in-the-crosshairs-of-north-korean-cyber-operations', 'https://twitter.com/Cyber_O51NT/status/1625126472003342336', 'https://www.malwarebytes.com/blog/news/2023/02/cisa-issues-alert-with-south-korean-government-about-dprks-ransomware-antics', 'https://twitter.com/darktracer_int/status/1625407186699698177', 'https://twitter.com/Arkbird_SOLG/status/1625985689169940480', 'https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-february-2023/']"
1906,Unknown actors corrupted patient information the Garrison Women's Health clinic in New Hampshire discovered in December 2022,"Unknown actors corrupted patient information from the Garrison Women's Health clinic in New Hampshire, according to a data incident notification from the clinic. 
The security breach occurred at Global Network Systems, which manages the clinic's IT infrastructure, and affected records created during the period of 28 April and 12 December 2022. 
The clinic was able to restore some of the manipulated information, but physician notes and appointment details of 4,158 patients proved unrecoverable. ",2022-04-28,2022-12-12,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse,"[[""Garrison Women's Health (GWH)""]]",['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Destruction,Not available,False,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Medium,12.0,Months,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/medical-records-for-4158-garrison-womens-health-patients-lost-due-to-attack-on-it-vendor/', 'https://www.wdhospital.org/application/files/9116/7595/6481/GWH_HIPAA_Substitute_Notice_2.10.2023.pdf']"
1907,Pro-Russian group Killnet launched DDoS attacks against NATO organizations in February 2023,"Killnet, a pro-Russian hacktivist group, launched a series of DDoS attacks against NATO organizations - including the Special Operations Headquarters (NSHQ) and the Strategic Airlift Capability - beginning on 12 February, confirmed by NATO and based on claims by the hacktivist group. 
The Telegraph reported that the attack affected the 'NATO Restricted Network', which is used to transmit sensitive data, raising speculations about possible implications for NATO's relief efforts in Turkey in response to the earthquake that rocked the border region with Syria earlier in February. NATO Secretary General Jens Stoltenberg clarified on 13 February that classified networks had not been affected.",2023-02-11,2023-02-02,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,"[['NATO Special Operations Headquarters'], ['Strategic Airlift Capability']]","['NATO (region)', 'NATO (region)']",,"[['International / supranational organization'], ['International / supranational organization']]",,['Killnet'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2023-02-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Killnet,,Russia,Killnet,Russia,Non-state-group,Hacktivist(s),['https://www.telegraph.co.uk/world-news/2023/02/12/russian-killnet-hackers-disrupt-natos-turkey-syria-earthquake/'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,1,2023-02-13 00:00:00,International organizations: Stabilizing measures,Statement by secretary-general or similar,NATO (region),Jens Stoltenberg (Secretary General of NATO),Not available,,Drive-By Compromise,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,Not available,Not available,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,2.0,1-10,2.0,Not available,0.0,euro,None/Negligent,Aid and development; Disaster management,; ,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://twitter.com/DarkReading/status/1625225019461607442', 'https://www.darkreading.com/attacks-breaches/russian-hackers-disrupt-nato-earthquake-relief-operations-', 'https://twitter.com/Cyber_O51NT/status/1625026789147021314', 'https://www.ilsole24ore.com/art/ucraina-ultime-notizie-berlusconi-premier-non-avrei-incontrato-zelensky-fi-sostegno-kiev-AEFpqWmC', 'https://securityaffairs.com/142192/hacking/killnet-targets-nato-websites.html', 'https://twitter.com/securityaffairs/status/1625142171870416897', 'https://www.telegraph.co.uk/world-news/2023/02/12/russian-killnet-hackers-disrupt-natos-turkey-syria-earthquake/', 'https://www.nato.int/cps/en/natohq/opinions_211689.htm', 'https://twitter.com/securityaffairs/status/1625421476282224643', 'https://twitter.com/UK_Daniel_Card/status/1627312572440494080', 'https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/', 'https://twitter.com/M_Miho_JPN/status/1625867840334233601', 'https://www.ilsole24ore.com/art/gli-hacker-filorussi-noname057-hanno-attaccato-la-seconda-volta-l-italia-AEZ8HxyC']"
1908,China-based DEV-0147 targeted diplomatic targets in South America,"China-based threat actor DEV-0147 compromised diplomatic targets in South America, according to Microsoft Security Intelligence.
Furthermore, it could be determined that they made use of established hacking tool such as ShadowPad (aka PoisonPlug) and the malicious tool calles QuasarLoader. The threat actor was previously only known for data exfiltration operations in Asia and Europe.",,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,[['Not available']],['South America'],,[['State institutions / political system']],"[['Other (e.g., embassies)']]",['DEV-0147'],['China'],['Unknown - not attributed'],,1,2023-02-13 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker,Microsoft,Microsoft Security Intelligence,United States,DEV-0147,China,Unknown - not attributed,,['https://twitter.com/MsftSecIntel/status/1625181255754039318'],Unknown,Unknown,,Unknown,,0,,,,,,Not available,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,Not available,Not available,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Diplomatic / consular law,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://twitter.com/MsftSecIntel/status/1625181255754039318', 'https://twitter.com/cybersecboardrm/status/1625616552010588174', 'https://twitter.com/Cyber_O51NT/status/1625398908863254528', 'https://twitter.com/Cyber_O51NT/status/1625449293321736193', 'https://twitter.com/Dinosn/status/1625478450524962819', 'https://twitter.com/cybersecboardrm/status/1625902994612006930']"
1909,Previously-unknown group NewsPenguin targeted Pakistani military industry beginning in 2022,"The previously unknown hacking group NewsPenguin was found to be utilizing malware as part of a cyberespionage campaign against the Pakistani military and associated industry. The targeting used references to the Pakistan International Maritime Expo and Conference (PIMEC) that took place during 10-12 February 2023 as a lure, according to a technical report by technology company Blackberry.
The IT company further assessed that it is highly likely that this hacking group operates either at the direction of a state or as a state-linked hacking group.",2022-01-01,2023-01-20,"Attack conducted by nation state (generic “state-attribution” or direct attribution towards specific state-entities, e.g., intelligence agencies); Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft,"[['Not available'], ['Not available'], ['Not available']]","['Pakistan', 'Pakistan', 'Not available']","[['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO'], []]","[['State institutions / political system'], ['Critical infrastructure'], ['State institutions / political system']]","[['Military'], ['Defence industry'], ['Government / ministries']]",['NewsPenguin'],['Not available'],"['State', 'Non-state actor, state-affiliation suggested']",,1,2023-02-09; 2023-02-09,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team,BlackBerry Research and Intelligence Team; BlackBerry Research and Intelligence Team,United States; United States,NewsPenguin; NewsPenguin,,"State; Non-state actor, state-affiliation suggested",,['https://blogs.blackberry.com/en/2023/02/newspenguin-a-previously-unknown-threat-actor-targets-pakistan-with-advanced-espionage-tool'],Unknown,Unknown,,Unknown,,0,,,,,,Not available,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,Not available,Not available,Not available,1,Moderate - high political importance,1.0,Low,6.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,None,0.0,euro,Not available,Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/RecordedFuture/status/1625132713152856068', 'https://blogs.blackberry.com/en/2023/02/newspenguin-a-previously-unknown-threat-actor-targets-pakistan-with-advanced-espionage-tool', 'https://therecord.media/new-hacking-group-targets-pakistans-navy-and-maritime-industry/', 'https://twitter.com/BlackBerrySpark/status/1625600804374687744', 'https://twitter.com/BlackBerrySpark/status/1625570642270556169', 'https://twitter.com/BlackBerrySpark/status/1625872634838675460']"
1910,Alleged hacktivist group DarkBit carried out a ransomware attack on the Israeli Technion University on 12 February 2023,"The new apparant hacktivist group DarkBit carried out a ransomware attack against Technion, the Israel Institute of Technology, on 12 February 2023, according to a ransom note the attackers posted to the university's systems. 
Reviewing technical and non-technical factors in an initial assessment, the Israeli cyberseucirty firm Check Point identified connections to an ideological group with potential links to Iran.
The Israeli National Cyber Directorate (INCD) attributed the ransomware attack against Technion to the iranian state-sponsored hacking group MuddyWater on 7 March 2023. ",2023-02-12,2023-02-12,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by attacker,Disruption; Hijacking with Misuse; Ransomware,[['Technion – Israel Institute of Technology']],['Israel'],"[['ASIA', 'MENA', 'MEA']]",[['Science']],,['MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069'],"['Iran, Islamic Republic of']","['Non-state actor, state-affiliation suggested']",,2,2023-03-07; 2023-02-12,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity; Attacker confirms,Israeli National Cyber Directorate (INCD); DarkBit,,Israel; Not available,MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069; DarkBit,"Iran, Islamic Republic of; Not available","Non-state actor, state-affiliation suggested; Non-state-group",; Hacktivist(s),"['https://t.me/DarkBitChannel/7', 'https://cyberscoop.com/israel-technion-hack-muddy-water-iran-mois/']",Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,"Economic, social and cultural rights; ",Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/cahlberg/status/1625242479531290635', 'https://t.me/CyberSecurityIL/2693', 'https://t.me/DarkBitChannel/7', 'https://www.ynet.co.il/digital/technews/article/sjcqzxups', 'https://therecord.media/technion-israel-ransomware-darkbit-exams-canceled/', 'https://cyberscoop.com/new-cybercrime-group-darkbit-israel/', 'https://twitter.com/VessOnSecurity/status/1625015723213959174', 'https://www.bleepingcomputer.com/news/security/ransomware-hits-technion-university-to-protest-tech-layoffs-and-israel/', 'https://research.checkpoint.com/2023/13th-february-threat-intelligence-report/', 'https://twitter.com/securityaffairs/status/1624884718691835904', 'https://securityaffairs.com/142160/hacking/israeli-technion-suffered-ransomware-attack.html', 'https://twitter.com/UK_Daniel_Card/status/1624797022342578176', 'https://www.databreaches.net/technion-university-hacked-and-locked-previously-unknown-attackers-demand-80-btc/', 'https://twitter.com/JohnHultquist/status/1624758690694717440', 'https://twitter.com/ido_cohen2/status/1624739855795208194', 'https://twitter.com/Dennis_Kipker/status/1625497035163176963', 'https://twitter.com/securityaffairs/status/1625422748955582464', 'https://twitter.com/RecordedFuture/status/1625482103860129792', 'https://twitter.com/BlackBerrySpark/status/1626266417048834050', 'https://twitter.com/Cyber_O51NT/status/1626747886724874240', 'https://www.darkreading.com/risk/israeli-technical-university-targeted-darkbit-ransomware', 'https://blogs.blackberry.com/en/2023/02/darkbit-ransomware-targets-israel', 'https://twitter.com/ido_cohen2/status/1628494775924973569', 'https://www.databreaches.net/israel-publicly-blames-iran-for-cyberattack-on-major-university-last-month/', 'https://cyberscoop.com/israel-technion-hack-muddy-water-iran-mois/', 'https://twitter.com/CyberScoopNews/status/1633856934360039427', 'https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2023-police-take-action/', 'https://research.checkpoint.com/2023/13th-march-threat-intelligence-report/']"
2073,Vice Society suspected to have targeted Wymondham College in the UK with ransomware in March 2023,"Wymondham College, the UK's largest state boarding school, disclosed that it was hit by a sophisticated cyber attack, possibly ransomware. Tthough as of 16 March 2023, the college had not received any ransom note. The cyber attack impacted access to files and resources across the college's IT system, according to Jonathan Taylor, the chief executive of the school's parent company. The Vice Society ransomware group, which has been behind a slew of similar attacks on other schools, is named as a possible suspect in the attack.",2023-03-01,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,[['Wymondham College']],['United Kingdom'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['State institutions / political system']],[['Civil service / administration']],['Vice Society'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2023-03-16 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,MalwareBytes,,United States,Vice Society,,Non-state-group,Criminal(s),['https://www.malwarebytes.com/blog/news/2023/03/ransomware-attack-hits-another-school'],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Not available,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.malwarebytes.com/blog/news/2023/03/ransomware-attack-hits-another-school', 'https://therecord.media/wymondham-college-cyberattack-uk-boarding-school', 'https://www.malwarebytes.com/blog/news/2023/03/a-week-in-security-march-13-19']"
1916,US care manager organization Minuteman Senior Services was breached by unknown actors in 2022,"The non-profit organization Minuteman Senior Services (MSS), based in Massachusetts, notified the US Department of Health and Human Services that it was hit by a data breach, affecting more than 500 patients. The organization detected the intrusion on 20 November 2022 and alerted authorities on 27 January 2023. Based on an initial assessment, compromised data included patients' full name, address, date of birth, gender, health insurance information, diagnoses, and service utilization. ",2022-11-21,2022-11-30,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,[['Minuteman Senior Services (MSS)']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/second-verse-same-as-the-first-minuteman-senior-services-reports-another-breach-of-an-employee-email-account/', 'https://www.minutemansenior.org/about-us/notice-of-november-data-event']"
1925,Anonymous Sudan disrupted the website of Scandinavian Airlines (SAS) and leaked customer information on 14 February 2023,"Scandinavian Airlines (SAS) was hacked and its website taken offline by a group referring to itself as Anonymous Sudan. Customers attempting to log in into the airline's app were redirected and shown information from accounts of other passengers. The incident follows a Quran buring by a far-right politician near the Turkish embassy in Stockholm during a protest in January that was funded by a former contributor to the Russian state-funded outlet RT. Anonymous Sudan has since claimed to have conducted a series of denial-of-service attacks against a variety of organizations in Sweden, citing retaliation for the book burning as its motivation. Targets have included the websites of Swedish airports, banks, railways, airlines, media, telecommunication providers, and organizations in the country's health and education sectors. These alleged attempts do not appear to have caused any significant downtime. 
Anonymous Sudan also took responsibility for knocking Sweden's national broadcaster SVT offline on 14 February, around the same time as the attack against SAS.
Marcus Murray, founder of the Swedish cybersecurity firm Trusec, cautioned Anonymous Sudan may be a front for Russian operators, noting that the Quran burning may be an opportunity for Moscow to instigate tension between Sweden and Turkey to hobble Sweden's bid to join NATO. At least one pro-Russian hacker group, UserSec, had promised Anonymous Sudan support on Telegram.  
The IT security company Trustwave published a report on 30 March 2023 and concluded that Anonymous Sudan is very possibly a subgroup of the Russian hacktivist group Killnet.",2023-02-14,2023-02-14,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption; Hijacking with Misuse,[['Scandinavian Airlines']],['Sweden'],"[['EUROPE', 'EU', 'NORTHEU']]",[['Critical infrastructure']],[['Transportation']],['Anonymous Sudan'],['Sudan'],['Non-state-group'],['Hacktivist(s)'],2,2023-02-14; 2023-03-30,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Technical report (e.g., by IT-companies, Citizen Lab, EFF)",Attacker confirms; IT-security community attributes attacker,Anonymous Sudan; Trustwave,,Sudan; United States,Anonymous Sudan; Anonymous Sudan < Killnet,Sudan; Not available,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),"['https://t.me/AnonymousSudan/113', 'https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anonymous-sudan-religious-hacktivists-or-russian-front-group/']",System / ideology,System/ideology,,Not available,,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,6.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,,0.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://therecord.media/scandinavian-airlines-cyberattack-anonymous-sudan/', 'https://www.darkreading.com/attacks-breaches/pro-islam-anonymous-sudan-hacktivists-front-russia-killnet-operation', 'https://t.me/AnonymousSudan/113', 'https://www.databreaches.net/airline-sas-network-hit-by-hackers-says-app-was-compromised/', 'https://www.sasgroup.net/newsroom/press-releases/2023/sas-cyber-attack--update/', 'https://t.me/user_sec/151', 'https://www.svt.se/nyheter/inrikes/en-rad-it-attacker-mot-sverige-har-ar-kontot-som-tar-pa-sig-ansvaret', 'https://www.bleepingcomputer.com/news/security/scandinavian-airlines-says-cyberattack-caused-passenger-data-leak/', 'https://www.hackread.com/sas-airlines-hit-by-cyber-attack/', 'https://twitter.com/Dinosn/status/1626457027978338305', 'https://research.checkpoint.com/2023/20th-february-threat-intelligence-report/', 'https://twitter.com/lukOlejnik/status/1627551573348843520', 'https://twitter.com/cybersecboardrm/status/1625792913937428482', 'https://twitter.com/InfoSecSherpa/status/1625708981141311488', 'https://twitter.com/CERTEU/status/1631572192667353089', 'https://socradar.io/hacktivism-on-the-rise-killnet-anonymous-sudans-cyber-campaign-targets-australia/', 'https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anonymous-sudan-religious-hacktivists-or-russian-front-group/', 'https://research.checkpoint.com/2023/3rd-april-threat-intelligence-report/', 'https://www.techrepublic.com/article/ddos-attack-israel/']"
1928,Moroccan Press Agency hit by DDoS attack,The websites of the Moroccan Press Agency (MAP) were hit by a DDoS attack from unknown actors on 16 February 2023.,2023-02-16,2023-02-16,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption,[['Agence Marocaine de Presse (MAP)']],['Morocco'],"[['AFRICA', 'NAF', 'MENA']]",[['Media']],,['Not available'],['Not available'],['Not available'],,1,2023-02-16 00:00:00,"Media report (e.g., Reuters makes an attribution statement, without naming further sources)",Media-based attribution,Agence Marocaine de Presse (MAP),,Morocco,,,,,[],System / ideology,Unknown,,Unknown,,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,[]
1929,Unknown actor(s) infiltrated the FBI New York Field Office in February 2023,"Unknown actor(s) hacked into the FBI's field office in New York in February 2023, attacking a system used to investigate child exploitation.",,2023-02-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Hijacking without Misuse,[['Federal Bureau of Investigation (FBI; United States)']],['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,1.0,Not available,Not available,1-10,1.0,Not available,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://tarnkappe.info/artikel/it-sicherheit/fbi-gehackt-angriff-auf-aussenstelle-in-new-york-265594.html', 'https://www.wired.com/story/godaddy-hacked-3-years/', 'https://www.bleepingcomputer.com/news/security/us-marshals-service-investigating-ransomware-attack-data-theft/', 'https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/', 'https://www.hackread.com/us-marshals-service-ransomware-attack/', 'https://edition.cnn.com/2023/02/17/politics/fbi-cyber-incident-computer-network/index.html', 'https://www.hackread.com/fbi-hack-network-breach/', 'https://www.bleepingcomputer.com/news/security/fbi-is-investigating-a-cybersecurity-incident-on-its-network/', 'https://twitter.com/snlyngaas/status/1626556725942796288', 'https://cyberscoop.com/fbi-new-york-cyberattack/', 'https://www.databreaches.net/fbi-says-it-has-contained-cyber-incident-on-bureaus-computer-network/', 'https://twitter.com/Cyber_O51NT/status/1626834335704969216', 'https://twitter.com/Dennis_Kipker/status/1626973390224384002', 'https://www.bleepingcomputer.com/news/security/hacker-selling-data-allegedly-stolen-in-us-marshals-service-hack/']"
1972,"In February 2022, Azerbaijani political activist Abulfaz Gurbanli becomes the victim of a phishing attack","On 15 February 2022, Azerbaijan Internet Watch reported that the political activist Abulfaz Gurbanli lost access to his Gmail and Facebook account through a phishing email after deleting and resetting his device, and could not access it again until 17 February. A few months earlier, a report was released on the dissemination of the Pegasus spy software and listed numbers of activists, including Gurbanli, whose devices had been infected. This caused Gurbanli to reset his device. On 15 February, he was asked for an interview by an alleged journalist from the BBC Azerbaijan Service, who sent him an email with an infected attachment that, when opened, downloaded malware. Through the backdoor which was installed in the context, the hacker was able to access Gurbanli's accounts and delete the content of at least seven community sites where the activist was an administrator. The attack came shortly after the publication of an article by a pro-government media outlet that accused Gurbanli of organising colour revolutions in Azerbaijan. Based on that, this incident is assigned to the domestic conflict between Azerbaijan and the opposition, even though no attribution has been published. ",2022-02-15,2022-02-17,"Attack on (inter alia) political target(s), not politicized",,"Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state",Disruption; Hijacking with Misuse,[['Abulfaz Gurbanli']],['Azerbaijan'],"[['ASIA', 'CENTAS']]",[['Social groups']],[['Advocacy / activists (e.g. human rights organizations)']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],System / ideology; National power,System/ideology; National power,Azerbaijan (opposition); Azerbaijan (opposition),Yes / HIIK intensity,HIIK 3,0,,,,,,No,,Phishing,Account Access Removal,Required,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights,Civic / political rights,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.az-netwatch.org/news/deliberate-targeting-in-pro-government-media-leads-to-targeted-attacks-online-the-case-of-abulfaz-gurbanli/', 'https://www.qurium.org/alerts/azerbaijan/yet-another-targeted-malware-against-azerbajani-political-activists/']"
1975,Unknown actors exfiltrated data and deployed ransomware against US Marshals Service (USMS) computer systems on 17 February 2023,"Unknown actors exfiltrated data and deployed ransomware against US Marshals Service (USMS) computer systems on 17 February 2023. 
USMS spokesperson Drew Wade announced that the affected system contained sensitive law enforcement information, such as returns from legal process, administrative information, and personally identifiable information (PII) pertaining to subjects of USMS investigations, third parties and certain USMS employees. 
A senior law enforcement official confirmed to NBC News, which first reported the incident, that the Witness Security Programme database was not affected. ",2023-02-17,2023-02-17,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,[['U.S. Marshals Service (USMS)']],['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,9.0,Day (< 24h),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-02-17 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,US Justice Department,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.darkreading.com/threat-intelligence/us-marshals-ransomware-hit-major-incident', 'https://www.nbcnews.com/politics/politics-news/major-us-marshals-service-hack-compromises-sensitive-info-rcna72581', 'https://twitter.com/CyberScoopNews/status/1630610533715001364', 'https://twitter.com/securityaffairs/status/1630591974490210304', 'https://securityaffairs.com/142823/cyber-crime/u-s-marshals-service-suffers-a-ransomware-attack.html', 'https://twitter.com/lorenzofb/status/1630585945476018178', 'https://twitter.com/Dinosn/status/1630470251400818688', 'https://twitter.com/securityaffairs/status/1630701555967045640', 'https://twitter.com/RecordedFuture/status/1630681565247176708', 'https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/', 'https://twitter.com/ImposeCost/status/1630397385456197634', 'https://twitter.com/snlyngaas/status/1630395432143581185', 'https://twitter.com/aselawaid/status/1630369754262192130', 'https://www.bleepingcomputer.com/news/security/us-marshals-service-investigating-ransomware-attack-data-theft/', 'https://twitter.com/ericgeller/status/1630363090201059329', 'https://www.hackread.com/us-marshals-service-ransomware-attack/', 'https://twitter.com/DigitalPeaceNow/status/1630705797964390401', 'https://twitter.com/DigitalPeaceNow/status/1630705797964390401', 'https://twitter.com/Malwarebytes/status/1630740638391050240', 'https://twitter.com/DarkReading/status/1630948918799265792', 'https://twitter.com/campuscodi/status/1630848522584047617', 'https://twitter.com/securityaffairs/status/1631246209611358211', 'https://twitter.com/SentinelOne/status/1631263226913603584', 'https://www.wired.com/story/lastpass-engineer-breach-security-roundup/', 'https://www.cybereason.com/blog/variant-payload-prevention-fuzzy-similarity', 'https://www.malwarebytes.com/blog/news/2023/03/a-week-in-security-feb-27-mar-5', 'https://www.malwarebytes.com/blog/threat-intelligence/2023/03/ransomware-review-march-2023', 'https://www.bleepingcomputer.com/news/security/hacker-selling-data-allegedly-stolen-in-us-marshals-service-hack/', 'https://research.checkpoint.com/2023/20th-march-threat-intelligence-report/', 'https://therecord.media/camden-county-police-ransomware-new-jersey-philadelphia', 'https://www.nbcnewyork.com/news/local/ransomware-attack-at-nj-county-police-department-locks-up-criminal-investigative-files/4219341/']"
2020,Ransom House Group conducted a ransomware attack against the Hospital Clínic in Barcelona on 5 March 2023,"According to the Catalan Cybersecurity Agency, the ransomware group called Ransom House perpetrated a ransomware attack against the Hospital Clínic in Barcelona, Spain on 5 March 2023.
General secretary of the hospital chapter of the Spanish labour union CC OO, Àlex Duque, stated that many processes had to be switched over to manual or paper-based procedures. The attack affected operations at the hospital's laboratory and pharmacy. The hospital temporarily redirected ambulances and canceled thousand non-emergency surgeries and radiotherapy appointments. Also mentioned in the government's statement is that the cyber attack affected the emergency services of three medical centres linked to the Clínic de Barcelona, namely CAP Casanova, CAP Borrell and CAP Les Corts. Just under three weeks after the attack, the clinic acknowledged that the confidentiality of patient and employee data could be at risk.",2023-03-02,2023-03-05,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,[['Hospital Clinic de Barcelona']],['Spain'],"[['EUROPE', 'NATO', 'EU']]",[['Critical infrastructure']],[['Health']],['Ransom House'],['Not available'],['Not available'],,1,2022-03-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by receiver government / state entity,Cybersecurity Agency of Catalonia,,Spain,Ransom House,,,,['https://apnews.com/article/barcelona-hospital-cyberattack-ransomware-37e0fee33798c56459e63866ca8b449f'],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,"Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5",6.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,1,2023-03-01 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,Spain,Mossos d'Esquadra (ESP),Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://elpais.com/https:/elpais.com/espana/catalunya/2023-03-05/el-hospital-clinic-de-barcelona-victima-de-un-ciberataque-que-afecta-a-las-urgencias-el-laboratorio-y-la-farmacia.html', 'https://govern.cat/salapremsa/notes-premsa/488242/comunicat', 'https://twitter.com/securityaffairs/status/1632878280985440257', 'https://securityaffairs.com/143121/cyber-crime/hospital-clinic-de-barcelona-ransomware.html', 'https://twitter.com/cybersecboardrm/status/1632839634026635264', 'https://twitter.com/ransomwaremap/status/1632822747343486977', 'https://twitter.com/DigitalPeaceNow/status/1632761704479088641', 'https://therecord.media/barcelona-hospital-ransomware-spain', 'https://apnews.com/article/barcelona-hospital-cyberattack-ransomware-37e0fee33798c56459e63866ca8b449f', 'https://www.databreaches.net/es-cyberattack-at-lhospital-clinic-has-affected-laboratory-pharmacy-and-emergency-services/', 'https://elpais.com/https:/elpais.com/espana/catalunya/2023-03-05/el-hospital-clinic-de-barcelona-victima-de-un-ciberataque-que-afecta-a-las-urgencias-el-laboratorio-y-la-farmacia.html', 'https://twitter.com/Dinosn/status/1632969620226277379', 'https://elpais.com/https:/elpais.com/espana/catalunya/2023-03-07/el-hospital-clinic-de-barcelona-48-horas-despues-del-ciberataque-hacemos-las-pruebas-y-lo-escribimos-en-papel.html', 'https://twitter.com/securityaffairs/status/1633210345396346888', 'https://www.bleepingcomputer.com/news/security/hospital-cl-nic-de-barcelona-severely-impacted-by-ransomware-attack/', 'https://twitter.com/dani_stoffers/status/1633056771051749376', 'https://twitter.com/securityaffairs/status/1633030644539195393', 'https://twitter.com/cahlberg/status/1632993055820197890', 'https://twitter.com/secIT_DE/status/1633177845391577089', 'https://twitter.com/securityaffairs/status/1632878280985440257', 'https://twitter.com/cybersecboardrm/status/1632839634026635264', 'https://twitter.com/ransomwaremap/status/1632822747343486977', 'https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2023-police-take-action/', 'https://elpais.com/https:/elpais.com/tecnologia/2023-03-12/el-ciberataque-al-hospital-clinic-de-barcelona-desde-dentro-ha-sido-como-hacer-un-viaje-en-el-tiempo.html', 'https://securityaffairs.com/143398/breaking-news/security-affairs-newsletter-round-410-by-pierluigi-paganini.html', 'https://twitter.com/douglittlejr/status/1633467375050735616', 'https://elpais.com/https:/elpais.com/espana/catalunya/2023-03-21/el-hospital-clinic-reconoce-ahora-que-el-ciberataque-podria-comprometer-la-confidencialidad-de-los-datos-de-pacientes-y-trabajadores.html', 'https://twitter.com/AlexMartin/status/1639241047816511501', 'https://www.databreaches.net/es-clinic-hackers-threaten-to-destroy-information-about-patients-with-infectious-diseases/', 'https://elpais.com/https:/elpais.com/espana/catalunya/2023-04-08/ciberataque-en-el-clinic-por-que-el-hospital-no-estaba-integrado-en-la-agencia-de-ciberseguridad-si-existia-un-plan-para-ello.html']"
2035,Pro-Russian hacker group NoName057(16) disrupted the websites of an Italian company and state institutions on 6 March 2023,"The pro-Russian hacker group NoName057(16) disrupted the websites of an Italian company and state institutions on 6 March 2023, as disclosed by the hackers themselves.
The affected targets include the Italian telecommunications company TIM, the Carabinieri, the Ministry of Labour and the High Council of the Judiciary. 
The group managed to cause short downtimes of a few minutes and delays for access to some of the sites. The High Council of the Judiciary had announced increased DDoS protections following an earlier wave of disruption attempts on 21 February that had knocked its website offline for several hours. ",2023-03-06,2023-03-06,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,"[['High Council of the Judiciary'], ['TIM'], ['Ministry of Labour and Social Policies (Italy)'], ['Carabinieri']]","['Italy', 'Italy', 'Italy', 'Italy']","[['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU']]","[['State institutions / political system'], ['Critical infrastructure'], ['State institutions / political system'], ['State institutions / political system']]","[['Judiciary'], ['Telecommunications'], ['Government / ministries'], ['Military']]",['NoName057(16)'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2023-03-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),,Russia,NoName057(16),Russia,Non-state-group,Hacktivist(s),"['https://t.me/noname05716/2195', 'https://t.me/noname05716/2196', 'https://t.me/noname05716/2197', 'https://t.me/noname05716/2198']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,4.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.ilsole24ore.com/art/gli-hacker-filorussi-noname057-hanno-attaccato-la-seconda-volta-l-italia-AEZ8HxyC', 'https://t.me/noname05716/2195', 'https://t.me/noname05716/2196', 'https://t.me/noname05716/2197', 'https://t.me/noname05716/2198', 'https://socradar.io/dark-web-profile-noname05716/']"
2036,Unknown actors gained access to vulnerable routers used by a municipal government and medium-sized businesses using HiatusRAT since at least June 2022,"Unknown actors gained access to vulnerable routers used by a municipal government and medium-sized businesses using HiatusRAT since at least June 2022, according to technical reports by Black Lotus Labs. 
The affected businesses are consulting firms, IT service providers, and pharmaceutical companies from Latin America, Europe, and North America. Out of more than 4,100 exposed connected routers, at least 100 showed signs of compromise with the possibility of data exfiltration. 
The vulnerable routers are DrayTek Vigor models 2960 and 3900.
In addition to the opportunistic collection of data, the infiltrations were designed to faciliate the creation of a proxy network to stage further attacks. ",2022-06-01,,"Attack on (inter alia) political target(s), not politicized; Attack on critical infrastructure target(s)",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,"[['Not available'], ['Not available'], ['Not available']]","['South America', 'North America', 'North America']",,"[['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['State institutions / political system', 'Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Civil service / administration', 'Health', ''], ['Civil service / administration', 'Health', ''], ['Civil service / administration', 'Health', '']]",,,,,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Cyber espionage; Sovereignty,; ,Not available,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/UK_Daniel_Card/status/1632759937741750273', 'https://twitter.com/Cyber_O51NT/status/1632758899156856833', 'https://www.bleepingcomputer.com/news/security/new-malware-infects-business-routers-for-data-theft-surveillance/', 'https://thehackernews.com/2023/03/new-hiatusrat-malware-targets-business.html', 'http://news.lumen.com/2023-03-06-Black-Lotus-Labs-uncovers-another-new-malware-that-targets-compromised-routers', 'https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/', 'https://www.darkreading.com/threat-intelligence/hiatusrat-campaign-draytek-gear-cyber-espionage-proxy-control', 'https://twitter.com/Dinosn/status/1632969801759961088', 'https://twitter.com/cybersecboardrm/status/1633195187467063297', 'https://www.techrepublic.com/article/hiatus-malware-campaign-targets-routers/']"
2038,Chinese state-sponsored hacking group Sharp Panda gained access to the networks of a Southeast Asian government using the Soul backdoor beginning in late 2022,"Sharp Panda, a Chinese state-sponsored hacking group, gained access to the networks of a Southeast Asian government using the Soul backdoor beginning in late 2022, according to a technical report by Israeli IT security company Check Point Research.
Early stages of the attack, Check Point found, correspond with activity against Southeast Asian governments identified as Sharp Panda and tied to China with medium to high confidence in 2021; CheckPoint researchers attributed this attack to Sharp Panda in 2022. Some of the organizations targeted with the previously unattributed Soul Framework also showed signs of compromise with APT10 and APT30 tools during the same timeframe. Considering tool sharing practices among Chinese groups, Check Point continues to track Sharp Panda as a separate cluster and suspects the actors behind the Soul Framework to be a Chinese-backed or possibly nation-state group. ",2022-01-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['Southeast Asia (region)'],,[['State institutions / political system']],[['Government / ministries']],['Sharp Panda'],['China'],"['Non-state actor, state-affiliation suggested']",,1,2023-03-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,Check Point Research,,Israel,Sharp Panda,China,"Non-state actor, state-affiliation suggested",,['https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/'],Unknown,Unknown,,Unknown,,0,,,,,,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://twitter.com/Cyber_O51NT/status/1633125321821286401', 'https://www.bleepingcomputer.com/news/security/new-malware-variant-has-radio-silence-mode-to-evade-detection/', 'https://www.hackread.com/sharp-panda-china-soulsearcher-malware/', 'https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/', 'https://twitter.com/780thC/status/1633077714352582657', 'https://twitter.com/Dinosn/status/1633070796636667906', 'https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html', 'https://securityaffairs.com/143187/apt/sharp-panda-targets-southeast-asia.html', 'https://twitter.com/securityaffairs/status/1633970924461465601', 'https://twitter.com/securityaffairs/status/1634310696409104385', 'https://securityaffairs.com/143398/breaking-news/security-affairs-newsletter-round-410-by-pierluigi-paganini.html']"
2039,"Info stealer ""SYS01 stealer"" targeted critical government infrastructure employees via Facebook Business Accounts since November 2022 ","According to IT vendor Morphisec, the info stealer dubbed ""SYS01 stealer"" targeted critical government infrastructure employees via their Facebook Business Accounts since November 2022. This campaign was first detected in May 2022 but initially attributed to the Ducktailer Operation by ZScaler. The attackers successfully evaded discovery over a period of five months (November 2022 - March 2023). ",2022-11-01,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['Not available'],,"[['State institutions / political system', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Government / ministries', '']]",['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Cyber espionage,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://twitter.com/securityaffairs/status/1633235970995761153', 'https://securityaffairs.com/143162/cyber-crime/sys01-stealer-targets-critical-infrastructure.html', 'https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html', 'https://blog.morphisec.com/sys01stealer-facebook-info-stealer', 'https://twitter.com/securityaffairs/status/1633606917569347584', 'https://www.hackread.com/fake-facebook-profiles-google-ads-sys01-stealer/', 'https://twitter.com/securityaffairs/status/1633971358760681473', 'https://securityaffairs.com/143398/breaking-news/security-affairs-newsletter-round-410-by-pierluigi-paganini.html', 'https://www.techrepublic.com/article/sys01-stealer-targets-facebook-business-accounts-chromium-credentials/']"
2040,Pakistani state-sponsored hacking group Transparent Tribe gained access to the Android mobile phones of 150 targeted people and stole information using the CapraRAT backdoor beginning in July 2022,"The Pakistani hacking group Transparent Tribe, also known as APT36, gained access to the Android mobile phones of 150 targeted people and stole information using the CapraRAT backdoor beginning in July 2022, according to Slovakian IT security company ESET. 
The victims are mainly Pakistani and Indian individuals with political and military connections. Further unspecified individuals, affected by the campaign, are based in Russia, Oman, and Egypt. 
The hacker group used a romance scam to get their targets to install the trojanized messaging apps MeetsApp and MeetUp and then spy on their targets. ",2022-07-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ; ",Incident disclosed by IT-security company,Data theft; Hijacking without Misuse,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['Egypt', 'Oman', 'Russia', 'Pakistan', 'India']","[['MENA', 'MEA', 'AFRICA', 'NAF'], ['ASIA', 'MENA', 'MEA', 'GULFC'], ['EUROPE', 'EASTEU', 'CSTO', 'SCO'], ['ASIA', 'SASIA', 'SCO'], ['ASIA', 'SASIA', 'SCO']]","[['Unknown'], ['Unknown'], ['Unknown'], ['Unknown', 'State institutions / political system'], ['Unknown', 'State institutions / political system']]","[[''], [''], [''], ['', 'Military'], ['', 'Military']]",['APT36/Transparent Tribe/Mythic Leopard/C-Major'],['Pakistan'],"['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",1,2023-03-07 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,ESET,,Slovakia,APT36/Transparent Tribe/Mythic Leopard/C-Major,Pakistan,"Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)","['https://twitter.com/ESETresearch/status/1633132257228517376', 'https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/']",International power,Unknown,,Unknown,,0,,,,,,No,,Phishing; Trusted Relationship,Not available,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",51-200,150.0,1-10,5.0,Not available,0.0,euro,Indirect (knowingly sanctioning / ordering / ideological / material support by official members of state entities/agencies/units for officially non-state-actors),Cyber espionage; Human rights; Sovereignty,Non-state actors; Civic / political rights; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://twitter.com/ESETresearch/status/1633132257228517376', 'https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/', 'https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/', 'https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html', 'https://twitter.com/IT_SecGuru/status/1633120375985823745', 'https://www.govinfosecurity.com/transparent-tribe-spread-caprarat-via-fake-messaging-apps-a-21398', 'https://securitymea.com/2023/03/09/eset-reveals-cyberespionage-honey-trap-campaign-target-officials-in-india-pakistan-and-middle-east/', 'https://www.welivesecurity.com/videos/apt-hackers-honeytrap-ensnare-targets-week-security-tony-anscombe/']"
2041,Qilin ransomware group targeted elderly care facility in the Netherlands on 17 February 2022,"The Qilin ransomware group targeted Attent Zorg en Behandeling, an elderly care facility in the Netherlands, on 17 February 2022, the affected organization announced on its website. The attacker stole passport information of physicians, nurses, and physiotherapists and later  published them online. According to the facility, a significant portion of the affected systems were restored within three days after the attack, allowing it to resume its telephone service and regain access to systems managing client dossiers, finances, and personnel. ",2022-02-17,2022-02-17,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,[['Attent Zorg en Behandeling']],['Netherlands'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Critical infrastructure']],[['Health']],['Qilin Ransomware Group'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2023-03-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Qilin Ransomware Group,,,Qilin Ransomware Group,,Non-state-group,Criminal(s),['https://www.security.nl/posting/788375/Ransomwaregroep+publiceert+paspoorten+artsen+Gelderse+oudereninstelling'],Unknown,Not available,,Not available,,0,,,,,,No,,Exploit Public-Facing Application,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/Cyberwarzonecom/status/1633201133819666435', 'https://cyberwarzone.com/qilin-ransomware-attack-elderly-care-facility-breached-and-confidential-data-leaked-online/', 'https://www.attentzorgenbehandeling.nl/nieuws/update-ongeautoriseerde-toegang-it-systemen', 'https://www.rtlnieuws.nl/nieuws/nederland/artikel/5370082/attent-zorg-behandeling-hack-ransomware-paspoorten-datalek', 'https://www.security.nl/posting/788375/Ransomwaregroep+publiceert+paspoorten+artsen+Gelderse+oudereninstelling']"
2042,BianLian ransomware group targeted US-based Northeast Surgical Group in January 2022,"BianLian ransomware group targeted US-based Northeast Surgical Group (NESG) in January 2022. After BianLian added an unnamed medical group to their leak site, incident aggregator DataBreaches claimed to have identified it as NESG, though the company did not respond to repeated request for comment. Data from NESG surfaced on BreachForums in early February and BianLian's leak site. NESG addressed the diclosures affecting 15,300 patients on 6 March, in an incident notice on its website. Public reporting remains unclear about whether BianLian only stole and leaked the data or if the group also encrypted data on targeted systems. ",2023-01-08,2023-01-01,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,[['Northeast Surgical Group (NESG)']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],['BianLian Ransomware Group'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2023-01-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BianLian Ransomware Group,,,BianLian Ransomware Group,,Non-state-group,Criminal(s),['https://www.databreaches.net/northeast-surgical-group-notifies-15298-patients-of-a-hipaa-breach-but-doesnt-tell-them-their-information-has-been-dumped/'],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/northeast-surgical-group-notifies-15298-patients-of-a-hipaa-breach-but-doesnt-tell-them-their-information-has-been-dumped/', 'https://www.nesg.com/index.php/notice-of-cybersecurity-incident/', 'https://breached.vc/Thread-Nesk-Medical-organization-USA']"
2043,Website of German defence company Rheinmetall targeted by DDoS attack on 7 March 2022,"The website of the German defence company Rheinmetall was targeted by DDoS attack on 7 March 2022. Apart from a short unavailability of the website, no further impact has been recorded, according to Rheinmetall. German media sources relate this incident and other potential hacker activities against the company to its involvement in weapons delivery to Ukraine. ",2023-03-07,2023-03-07,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption,[['Rheinmetall']],['Germany'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['Critical infrastructure']],[['Defence industry']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Low,6.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,,0.0,None,0.0,euro,Not available,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,['https://www.sueddeutsche.de/wirtschaft/rheinmetall-cyberattacke-gegen-ruestungsunternehmen-1.5764561']
2044,US-based Northern Essex Community College was hit by cyber attack in early February 2023,"The US-based Northern Essex Community College was hit by cyber attack in early February 2023. According to a spokesperson, it is unclear if the unauthorized access the college detected around 1 March was part of a ransomware attack, but several systems were no longer working. The spokesperson further claimed that the college does ""not have evidence of any personal data being compromised"". The college suspended classes for two days in response to the incident. ",2023-03-01,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Disruption; Hijacking with Misuse,[['Northern Essex Community College (NECC)']],['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Not available,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,"Economic, social and cultural rights; ; ",Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://therecord.media/northern-essex-community-college-cyberattack', 'https://northernessex.cc/2023/03/necc-announcement-mar-5-2023/']"
2045,Medusa ransomware group targeted Minneapolis Public Schools (MPS) in February 2023,"The Medusa ransomware group targeted Minneapolis Public Schools (MPS) in February 2023, according to an almost hour-long video from 7 March in which the group reveals stolen data, such as emails, student grades, building layouts, and payroll information. MPS reported on 1 March it had been able to restore systems and no ransom had been paid. ",2023-02-01,2023-02-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,[['Minneapolis Public Schools (MPS)']],['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],['Medusa Ransomware Group'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2023-03-07 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Medusa Ransomware Group,,,Medusa Ransomware Group,,Non-state-group,Criminal(s),['https://twitter.com/chuksjonia/status/1633150165979725825'],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Medium,11.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,None,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/vxunderground/status/1633150837143883776', 'https://www.bleepingcomputer.com/news/security/medusa-ransomware-gang-picks-up-steam-as-it-targets-companies-worldwide/', 'https://twitter.com/chuksjonia/status/1633150165979725825', 'https://www.databreaches.net/medusa-claims-responsibility-for-minneapolis-public-schools-encryption-event-provides-proof-of-how-much-data-they-accessed/', 'https://mpls.k12.mn.us/technology_incident_update.html', 'https://mpls.k12.mn.us/mps_systems_outage_update_and_monday_s_return_to_schools.html', 'https://mpls.k12.mn.us/mps_systems_outage_update.html', 'https://www.bleepingcomputer.com/news/security/ransomware-gang-posts-video-of-data-stolen-from-minneapolis-schools/', 'https://therecord.media/ransomware-minneapolis-public-schools-stolen-data', 'https://twitter.com/vxunderground/status/1633125378347728896', 'https://www.databreaches.net/minneapolis-public-schools-systems-restored-no-ransom-paid/', 'https://therecord.media/minneapolis-public-schools-still-investigating-what-caused-encryption-event/', 'https://tarnkappe.info/lesetipps/lesetipps-und-wann-klopfen-die-hacker-auch-bei-euch-an-die-tuer-265998.html', 'https://www.databreaches.net/minneapolis-public-schools-tap-dances-around-telling-parents-and-employees-what-really-happened/', 'https://twitter.com/ransomwaremap/status/1629415883318730752', 'https://twitter.com/chuksjonia/status/1633156655742431233', 'https://twitter.com/nicoleperlroth/status/1633871105701343233', 'https://www.darkreading.com/threat-intelligence/medusa-gang-video-minneapolis-school-district-ransomed-data', 'https://twitter.com/cybersecboardrm/status/1634235221687308289', 'https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2023-police-take-action/', 'https://twitter.com/ImposeCost/status/1634595846422511618', 'https://research.checkpoint.com/2023/13th-march-threat-intelligence-report/', 'https://www.databreaches.net/whats-new-in-ransomware-gang-pressure-tactics-not-as-much-as-you-might-think/', 'https://www.bleepingcomputer.com/news/security/medusa-ransomware-claims-attack-on-open-university-of-cyprus/']"
2046,Pro-Russian hackers targeted website of Canadian TD Bank with DDoS attacks on 26 February 2023,"Pro-Russian hackers targeted the website of the Canadian TD Bank with DDoS attacks on 26 February 2023, according to a statement on Telegram. The website was not available for several hours on that day. Reporting on the incident, Journal de Montreal highlighted Canada's announcement from 24 February of a $32.5 million support package for Ukraine to help secure and stabilise the country as a potential motivation for the attack.",2023-02-26,2023-02-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on critical infrastructure target(s)",,Incident disclosed by attacker,Disruption,[['TD Bank']],['Canada'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Finance']],['We are Russian Hackers Community'],['Not available'],['Non-state-group'],['Hacktivist(s)'],2,2023-02-26; 2023-02-25,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",IT-security community attributes attacker; Attacker confirms,"Alexis Rapin (Cybersecurits researcher at RDandurand, Canada); We are Russian Hackers Community",,Canada; Not available,We are Russian Hackers Community; We are Russian Hackers Community,,Non-state-group; Non-state-group,Hacktivist(s); Hacktivist(s),"['https://twitter.com/alexis_rapin/status/1629881585590755331?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1629881585590755331%7Ctwgr%5E1a66aac67bec116ee0ecf8ac677ff84f2a13d4b3%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.journaldemontreal.com%2F2023%2F03%2F06%2Fcyberattaque-des-pirates-russes-auraient-attaque-la-banque-td', 'https://t.me/russianhackerscommunity/266']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://twitter.com/Cyberknow20/status/1633059293430956034', 'https://t.me/russianhackerscommunity/266', 'https://twitter.com/alexis_rapin/status/1629881585590755331?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1629881585590755331%7Ctwgr%5E1a66aac67bec116ee0ecf8ac677ff84f2a13d4b3%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.journaldemontreal.com%2F2023%2F03%2F06%2Fcyberattaque-des-pirates-russes-auraient-attaque-la-banque-td', 'https://twitter.com/UK_Daniel_Card/status/1629904352629469189']"
2047,Unidentified hackers stole sensitive data from DC Health Link servers in early March 2023,"Unidentified hackers stole sensitive personal information from DC Health Link servers, an organisation that administers the health care plans of members of the US House of Representatives, their staff and families, in early March 2023. As reported by the DailyCaller on 8 March, the US House Chief Administrative Officer disclosed the incident in an email to House members. According to BleepingComputer, data was offered for sale on a hacker forum on 6 March by a user named IntelBroker, who claims it was stolen during a breach of the DC Health Benefit Exchange Authority that manages the DC Health Link health insurance marketplace. A sampling of the stolen files found that the dataset contained sensitive personal information on about 170,000 people, including names, birth dates, home addresses, Social Security numbers and health insurance details. Among them, according to current figures, more than two dozen current or former members of Congress are also said to have been affected. The FBI and the Capitol Police are still investigating the incident. Another hacker calling himself ""Denfur"" also claims that the attack was born out of Russian patriotism, but independent verification is still pending.",2023-03-01,2023-03-07,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,[['DC Health Link']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],['Not available'],['Not available'],['Non-state-group'],['Hacktivist(s)'],1,2023-03-06 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attribution by third-party,IntelBroker,,,,,Non-state-group,Hacktivist(s),['https://www.bleepingcomputer.com/news/security/fbi-investigates-data-breach-impacting-us-house-members-and-staff/'],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.bleepingcomputer.com/news/security/fbi-investigates-data-breach-impacting-us-house-members-and-staff/', 'https://twitter.com/henryrodgersdc/status/1633575335869521921', 'https://www.hackread.com/dc-health-link-hackers-congress-members-details/', 'https://www.darkreading.com/application-security/us-lawmakers-cyberattacks-physical-harm-dc-health-link-breach', 'https://cyberscoop.com/dc-health-exchange-breach-congress-defense-official/', 'https://twitter.com/Dinosn/status/1634156211518992387', 'https://www.wired.com/story/catholic-priest-doxing-security-roundup/', 'https://research.checkpoint.com/2023/13th-march-threat-intelligence-report/', 'https://cyberscoop.com/dc-health-data-posted-online/', 'https://krebsonsecurity.com/2023/03/feds-charge-ny-man-as-breachforums-boss-pompompurin/', 'https://www.bleepingcomputer.com/news/security/alleged-breachforums-owner-pompompurin-arrested-on-cybercrime-charges/', 'https://www.databreaches.net/was-there-a-rush-to-arrest-pompompurin-the-owner-of-breachforums-if-so-why/', 'https://www.bleepingcomputer.com/news/security/breached-hacking-forum-shuts-down-fears-its-not-safe-from-fbi/', 'https://www.databreaches.net/at-least-17-members-of-congress-had-sensitive-information-exposed-in-data-breach/', 'https://cyberscoop.com/dc-health-link-breach-russia-hacker-congress/', 'https://www.govinfosecurity.com/dc-health-link-facing-lawsuits-in-hack-affecting-congress-a-21496', 'https://www.databreaches.net/the-breachforums-case-the-hhs-oig-did-what-why/', 'https://www.wired.com/story/india-activist-manhunt-sikh-activist/', 'https://twitter.com/aselawaid/status/1639447799896088577', 'https://cyberscoop.com/breachforums-arrest-cybercrime-underground/']"
2048,North Korean state-sponsored hacking group UNC2970 targeted US and European media and technology companies since at least June 2022,"The North Korea-linked APT UNC2970 has launched phishing-based espionage campaigns against US and European media and technology companies since at least mid-2022, based on observations by Mandiant from June 2022. Mandiant, with high confidence, identified UNC2970 as UNC577, an activity cluster commonly associated with the Lazarus Group. Also known as Temp.Hermit, UNC577 has been active since at least 2013 and is suspected of sharing malware and tools with other North Korean threat actors.
UNC2970 conducted its phishing campaign via fraudulent job offerings and has more recently utilised LinkedIn to approach victims. During one of the operations tracked by Mandiant targeting security researchers, UNC2970 deployed three new malware families (TOUCHMOVE, SIDESHOW, and TOUCHSHIFT).",2022-06-01,,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals","Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated ",Incident disclosed by IT-security company,Hijacking without Misuse,"[['Not available'], ['Not available']]","['Europe (region)', 'United States']","[[], ['NATO', 'NORTHAM']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)', 'Media']]",,"['TEMP.Hermit/ UNC577 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Lab 110)']","[""Korea, Democratic People's Republic of""]","['Non-state actor, state-affiliation suggested']","['Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)']",2,2023-03-09; 2022-11-29,"Technical report (e.g., by IT-companies, Citizen Lab, EFF); Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker; IT-security community attributes attacker,Mandiant; Mandiant,Mandiant; nan,United States; United States,"TEMP.Hermit/ UNC577 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Lab 110); TEMP.Hermit/ UNC577 < Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Lab 110)","Korea, Democratic People's Republic of; Korea, Democratic People's Republic of","Non-state actor, state-affiliation suggested; Non-state actor, state-affiliation suggested","Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case); ","['https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970', 'https://www.mandiant.com/resources/blog/mapping-dprk-groups-to-government']",International power,Unknown,,Unknown,,0,,,,,,No,,Phishing,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970', 'https://www.mandiant.com/resources/blog/lightshift-and-lightshow', 'https://www.mandiant.com/resources/blog/mapping-dprk-groups-to-government', 'https://twitter.com/cybereason/status/1634290029030789149', 'https://twitter.com/Dinosn/status/1634264331121467415', 'https://twitter.com/ImposeCost/status/1634030788512477184', 'https://cyberscoop.com/north-korea-hackers-linkedin-phishing/', 'https://thehackernews.com/2023/03/north-korean-unc2970-hackers-expands.html', 'https://twitter.com/obiwan666/status/1634480773813223424', 'https://twitter.com/jasonnurse/status/1634466599146082305', 'https://twitter.com/jaysonstreet/status/1634417033818537984', 'https://www.bleepingcomputer.com/news/security/security-researchers-targeted-with-new-malware-via-job-offers-on-linkedin/', 'https://twitter.com/randomuserid/status/1634588793842937858', 'https://www.darkreading.com/application-security/north-korean-hackers-targeting-security-researchers', 'https://www.govinfosecurity.com/north-korean-hackers-find-value-in-linkedin-a-21424', 'https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-growing-goldmine-your-linkedin-data-abused-for-cybercrime']"
2050,BianLian ransomware group targeted city of Waynesboro stealing government information and police data in January 2023,"The BianLian ransomware group targeted the city of Waynesboro, Virginia (USA), stealing government and police data. The incident potentially matches with malicious activity the city administration was informed about in January 2023. In an online post, BianLian claimed to be in possession of more than 350GB of data including internal police files, such as investigation documentation and personal staff data. Public reporting did not immediately disclose whether attackers also succeeded in encrypting data on target systems. According to the city's manager, the cyberattack has been remediated and protective measures put in place to prevent future attacks.",2023-01-01,2023-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Hijacking with Misuse,"[['Waynesboro, Virginia']]",['United States'],"[['NATO', 'NORTHAM']]","[['State institutions / political system', 'State institutions / political system']]","[['Civil service / administration', 'Police']]",['BianLian Ransomware Group'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2023-03-01 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,BianLian,,,BianLian Ransomware Group,,Non-state-group,Criminal(s),['https://twitter.com/BrettCallow/status/1632884957663354880'],Not available,Not available,,Not available,,0,,,,,,No,,Not available,Not available; Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",Not available,Not available,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.databreaches.net/city-of-waynesboro-targeted-in-cyber-attack/', 'https://www.scmagazine.com/brief/ransomware/virginia-city-claimed-to-be-attacked-by-bianlian-ransomware', 'https://www.nbc29.com/2023/03/08/city-waynesboro-targeted-cyber-attack/', 'https://augustafreepress.com/news/ransomware-group-claims-it-has-infiltrated-waynesboro-city-government-files/', 'https://twitter.com/BrettCallow/status/1632884957663354880']"
2053,Healthcare Clinic Santa Chiara in Switzerland hit by ransomware attack in February 2023,"Unknown actors targeted the Clinica Santa Chiara (Locarno, Switzerland) with ransomware during the week of 27 February 2023. The clinic did not pay the ransom and saw a significant portion of its data encrypted. The clinic responded by isolating IT systems to prevent any further damage, also clarifying that no health data had been compromised in the course of the attack. ",2023-01-01,2023-01-01,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source),Disruption; Hijacking with Misuse; Ransomware,[['Clinica Santa Chiara']],['Switzerland'],"[['EUROPE', 'WESTEU']]",[['Critical infrastructure']],[['Health']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,Not available,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,Days (< 7 days),"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,No justification under IL,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://twitter.com/Dennis_Kipker/status/1634198361862488064', 'https://www.redhotcyber.com/post/attacco-informatico-alla-clinica-santa-chiara-di-locarno-i-dati-esfiltrati-non-contengono-dati-sanitari/', 'https://www.inside-it.ch/tessiner-privatklinik-opfer-eines-cyberangriffs-20230308']"
2056,Vice Society ransomware group attacked Berkeley County School System in February 2023,"The Vice Society ransomware group attacked the Berkeley County School System in West Virginia (USA), on 3 February 2023. Classes had to be suspended for one day to address the incident. Following Berkeley County Schools' refusal to pay the ransom, Vice Society leaked internal data, including employee social security numbers, on 10 March 2023, as reported by DataBreaches.
Published files also included details about behavior intervention plans and functional behavior assessments for certain students that may reveal sensitive information about students, such as diagnoses, medications, or home issues.",2023-02-03,2023-03-10,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,[['Berkeley County Schools']],['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],['Vice Society'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2023-03-10 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Vice Society,,,Vice Society,,Non-state-group,Criminal(s),['https://www.databreaches.net/highly-sensitive-files-from-berkeley-county-schools-dumped-by-ransomware-gang/'],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Low,10.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.databreaches.net/highly-sensitive-files-from-berkeley-county-schools-dumped-by-ransomware-gang/', 'https://www.databreaches.net/highly-sensitive-files-from-berkeley-county-schools-dumped-by-ransomware-gang/', 'https://www.berkeleycountyschools.org/cms/lib/WV01000962/Centricity/Domain/1/BCS%20Notice%20of%20Data%20Breach.pdf', 'https://twitter.com/UK_Daniel_Card/status/1634604262029246464', 'https://therecord.media/minneapolis-public-schools-still-investigating-what-caused-encryption-event/', 'https://therecord.media/west-virginia-students-returning-to-class-after-days-long-outage-following-cyberattack/', 'https://www.smore.com/8qzg2', 'https://twitter.com/BerkCoSchoolsWV/status/1621526301378240521?ref%5Fsrc=twsrc%5Etfw', 'https://www.smore.com/5r4gd?utm%5Fsource=twitter&utm%5Fmedium=social&utm%5Fcontent=ap%5Fqs69x4ndda', 'https://www.smore.com/x7whs?utm%5Fsource=twitter&utm%5Fmedium=social&utm%5Fcontent=ap%5Ffz8zjo13nc', 'https://www.smore.com/1quse', 'https://research.checkpoint.com/2023/13th-march-threat-intelligence-report/']"
2057,Saint-Pierre Hospital in Brussels hit by cyberattack in March 2023,"Unknown attackers launched a cyberattack against the Saint-Pierre Hospital in Brussels on 11 March 2023. In line with the hospital's incident response plan, servers managing electronic patient files were shut down. For the first half of the day, the emergency room was closed and ambulances redirected, to allow staff to maintain operations, while the hospital was running on a paper-based system. The incident further limited access to patient files. By the end of the day, service of the telephone/information systems and the emergency room had been restored.
",2023-03-10,2023-03-11,Attack on critical infrastructure target(s),,Incident disclosed by media (without further information on source); Incident disclosed by victim,Disruption; Hijacking with Misuse,[['CHU Saint-Pierre']],['Belgium'],"[['EUROPE', 'EU', 'NATO', 'WESTEU']]",[['Critical infrastructure']],[['Health']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Not available,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,8.0,Day (< 24h),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://twitter.com/ransomwaremap/status/1634639503259320321', 'https://www.lesoir.be/500384/article/2023-03-11/retour-la-normale-au-chu-saint-pierre-cible-dune-cyberattaque']"
2061,ZOLL Medical hit by hack-and-leak operation in January 2023,"ZOLL Medical, a healthcare firm, was targeted with a cyberattack from unknown actors on 28 January 2023, with private health information being leaked on or around 2 February 2023, according to DataBreaches. This leak contained data of more than one million patients, including social security numbers, date of birth, and adresses - but also affected personal health information, such as the use or consideration of use of a ZOLL-manufactured wearable defibrillator. ZOLL did not provide further information regarding the type of the attack or whether the company had received any ransom demands. A few weeks after the incident became public, at least seven class action lawsuits were filed against the company, alleging Zoll negligently failed to protect sensitive information of individuals.",2023-01-28,2023-02-02,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft & Doxing; Hijacking with Misuse,[['ZOLL Medical']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,1,2023-03-15 00:00:00,"Other legal measures on national level (e.g. law enforcement investigations, arrests)",,United States,Robert Smith,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.databreaches.net/zoll-medical-notifying-1004443-patients-of-data-breach-hipaa/', 'https://www.govinfosecurity.com/heart-device-maker-says-hack-affected-1-million-patients-a-21425', 'https://www.govinfosecurity.com/device-maker-zoll-facing-7-lawsuits-in-wake-breach-a-21522', 'https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/zoll-lawsuit-by-robert-smith-3-15-23.pdf']"
2063,Cyber-espionage hacking group Dark Pink gained access to networks of Southeast Asian military targets and governments beginning in February 2023,"The cyber-espionage hacking group Dark Pink gained access to networks of Southeast Asian military targets and governments beginning on 1 February 2023, according to a technical report by IT security company EclecticIQ. Spearphishing lures for breaking into the networks were centered on ASEAN relations with European countries.
The report attributed this incident with a high degree of probability to the Dark Pink hacking group based on strong operational overlaps with activity that Group-IB had associated with Dark Pink in January. Building on these previously observed patterns, Dark Pink in the present case deployed an advanced version of the KamiKakaBot malware with improved  detection evasion features. EclecticIQ assessed with low confidence that Dark Pink is operated by a Chinese group. ",2023-02-01,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['Southeast Asia (region)'],,"[['State institutions / political system', 'State institutions / political system']]","[['Government / ministries', 'Military']]",['Dark Pink'],['China'],['Unknown - not attributed'],,1,2023-03-10 00:00:00,"Technical report (e.g., by IT-companies, Citizen Lab, EFF)",IT-security community attributes attacker,EclecticIQ,,Netherlands,Dark Pink,China,Unknown - not attributed,,['https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries'],International power,Unknown,,Unknown,,0,,,,,,No,,Phishing,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://thehackernews.com/2023/03/kamikakabot-malware-used-in-latest-dark.html', 'https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries', 'https://www.govinfosecurity.com/dark-pink-apt-group-very-likely-back-in-action-a-21426', 'https://securityaffairs.com/143415/apt/dark-pink-apt-south-asia.html', 'https://securityaffairs.com/143707/breaking-news/security-affairs-newsletter-round-411-by-pierluigi-paganini.html', 'https://twitter.com/securityaffairs/status/1635381821646200849']"
2064,Unknown hackers breached the Death Registry System of Hawaii in January 2023,"Unknown hackers breached the Electronic Death Registry System (EDRS) of Hawaii in January 2023. On 10 March, officials of Hawaii's Department of Health stated that the families of the affected should remain vigilant about potential misuse of the compromised data. Although death certificates were not accessed, the data contains sensitive personal information, such as names, social security numbers, and information on the cause of death. The attack was orchestrated through the use of a compromised account belonging to a medical certifier that had left their job in 2021. According to cybersecurity firm Mandiant, the account information was sold on the dark web. Although the attacker has not yet been publicly identified, the Hawaii Department of Health disclosed that two IP adresses from Kentucky, USA, and the Netherlands had been tied to suspicious access patterns of the system.",2023-01-20,2023-01-01,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by victim,Data theft; Hijacking with Misuse,[['Hawaii State Department of Health']],['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Government / ministries']],,,,,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,1,2023-03-09 00:00:00,State Actors: Preventive measures,Awareness raising,United States,"Department of Health, State of Hawaii (USA)",No,,Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,,,,,,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://therecord.media/hawaii-death-records-system-data-breach-notification', 'https://health.hawaii.gov/news/newsroom/department-of-health-to-send-notifications-regarding-unauthorized-access-to-electronic-death-registry-system/', 'https://www.hawaiipublicradio.org/local-news/2023-03-10/cyberattack-on-states-electronic-death-registry-affected-about-3-400-records', 'https://twitter.com/InfoSecSherpa/status/1635356867101876224']"
2065,Unknown advanced threat actor targeted multiple government and government-related targets using a FortiOS vulnerability,"Fortinet reports that a sudden system stop and subsequent startup failure of several FortiGate units belonging to a customer prompted an investigation of attacks aimed at a vulnerability in FortiOS (FG-IR-22-369 / CVE-2022-41328). Due to the complexity of the attack, the company is suspecting an advanced threat actor, without disclosing any further details. Exploitations of the vulnerability focus on governments and large organizations.",,,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by IT-security company,Data theft; Hijacking with Misuse,[['Not available']],['Not available'],,"[['Unknown', 'State institutions / political system']]","[['', 'Government / ministries']]",['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,Yes,,Exploit Public-Facing Application,Data Exfiltration; Firmware Corruption; System Shutdown/Reboot,None,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,3.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",Not available,0.0,Not available,0.0,Not available,0.0,euro,Not available,Cyber espionage; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.bleepingcomputer.com/news/security/fortinet-new-fortios-bug-used-as-zero-day-to-attack-govt-networks/', 'https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis', 'https://www.fortiguard.com/psirt/FG-IR-22-369', 'https://thehackernews.com/2023/03/fortinet-fortios-flaw-exploited-in.html', 'https://securityaffairs.com/143458/hacking/attacks-fortinet-fortios.html', 'https://www.darkreading.com/vulnerabilities-threats/cyberattackers-continue-assault-against-fortinet-devices', 'https://www.bleepingcomputer.com/news/security/fortinet-zero-day-attacks-linked-to-suspected-chinese-hackers/', 'https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem', 'https://www.govinfosecurity.com/chinese-hackers-targeting-security-network-appliances-a-21467', 'https://securityaffairs.com/143594/apt/china-fortinet-zero-day-attacks.html', 'https://securityaffairs.com/143707/breaking-news/security-affairs-newsletter-round-411-by-pierluigi-paganini.html', 'https://thehackernews.com/2023/03/chinese-hackers-exploit-fortinet-zero.html', 'https://www.darkreading.com/attacks-breaches/attackers-probing-zero-day-vulns-edge-infrastructure']"
1899,Unknown actors gained access to the networks of British engineering company Vesuvius ,"Unknown actors gained access to the networks of British engineering company Vesuvius, requiring it to temporarily shut down operations, according to legally required declarations by the publicly-traded company of inside information that resulted from its ongoing investigations of the incident.",,,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,[['Vesuvius plc']],['United Kingdom'],"[['EUROPE', 'NATO', 'NORTHEU']]",[['Critical infrastructure']],[['Critical Manufacturing']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,3.0,No system interference/disruption,Not available,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.databreaches.net/hackers-hit-vesuvius-uk-engineering-company-shuts-down-affected-systems/', 'https://www.londonstockexchange.com/news-article/VSVS/cyber-security-incident/15824555', 'https://www.infosecurity-magazine.com/news/uk-metalg-firm-vesuvius-cyberattack/', 'https://www.insurancejournal.com/news/international/2023/02/06/706216.htm', 'https://grahamcluley.com/hackers-hit-vesuvius-uk-engineering-company-shuts-down-affected-systems/']"
2075,"Cyberattack on Latitude Financial results in theft of 300,000 customer documents in March 2023","Latitude Financial, an Australian financial lending company, was hit in March 2023 by a cyberattack from unknown actors, which resulted in the theft of over 300,000 customer documents (103,000 identification documents and 225,000 customer records). The attack originated at a third-party vendor contracted by Latitude. While active on Latitude's networks, the intruder was able to obtain an employee's login credentials, further enabling access to two other service providers, from where the identification documents and customer records were stolen.",2023-03-01,2023-03-16,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,"[['Not available'], ['Latitude Financial']]","['Not available', 'Australia']","[[], ['OC']]","[['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure']]","[[''], ['Finance']]",['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available; Valid Accounts,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,4.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",,0.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.databreaches.net/latitude-financial-hacked-as-300000-customer-identification-documents-stolen/', 'https://www.abc.net.au/news/2023-03-16/latitude-hack-300000-identity-documents-stolen/102104424', 'https://www.news.com.au/finance/business/other-industries/latitude-customers-already-having-their-accounts-hacked-day-after-company-announces-malicious-cyber-attack/news-story/331633f8555c9dd3cc9006498e30d0e7', 'https://investors.latitudefinancial.com.au/DownloadFile.axd?file=/Report/ComNews/20230316/02644401.pdf&tlga=1111382795.1679040612&adobe_mc=MCMID%3D05814445310871754421376757778548396901%7CMCORGID%3DB6D9B74F57B2FBE97F000101%2540AdobeOrg%7CTS%3D1679040624&_ga=2.261357710.202369688.1679040612-1111382795.1679040612', 'https://www.bleepingcomputer.com/news/security/latitude-cyberattack-leads-to-data-theft-at-two-service-providers/', 'https://www.databreaches.net/whats-happening-with-the-latitude-financial-cyber-attack-millions-of-customer-details-stolen-in-one-of-the-largest-known-data-breaches-in-australia/', 'https://www.govinfosecurity.com/latitude-financial-admits-14m-customer-details-breached-a-21543', 'https://www.hackread.com/latitude-financial-data-breach/', 'https://www.bleepingcomputer.com/news/security/latitude-financial-data-breach-now-impacts-14-million-customers/', 'https://securityaffairs.com/144137/data-breach/latitude-data-breach-14m-individuals.html']"
2076,Unknown actors compromised networks across various industry sectors and several countries using Trigona ransomware beginning in December 2022,"Unknown actors compromised the networks of at least 15 targets in various industry sectors across several countries using the relatively unknown Trigona ransomware beginning in December 2022, according to a technical reporty by Palo Alto Networks. 
The 15 targets are organisations in the manufacturing, finance, construction, agriculture, marketing, and high-tech industries with a presence in the US, Italy, France, Germany, Australia, and New Zealand. ",2022-12-01,,Attack on critical infrastructure target(s),,Incident disclosed by IT-security company,Data theft; Disruption; Hijacking with Misuse; Ransomware,"[['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available'], ['Not available']]","['France', 'United States', 'New Zealand', 'Australia', 'Italy', 'Germany']","[['EUROPE', 'NATO', 'EU', 'WESTEU'], ['NATO', 'NORTHAM'], ['OC'], ['OC'], ['EUROPE', 'NATO', 'EU'], ['EUROPE', 'NATO', 'EU', 'WESTEU']]","[['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)'], ['Critical infrastructure', 'Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Finance', ''], ['Finance', ''], ['Finance', ''], ['Finance', ''], ['Finance', ''], ['Finance', '']]",['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Unknown,,Unknown,,0,,,,,,No,,Not available,Data Exfiltration; Data Encrypted for Impact; Inhibit System Recovery; Service Stop,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Medium,11.0,Weeks (< 4 weeks),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",11-50,0.0,,0.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://unit42.paloaltonetworks.com/trigona-ransomware-update/', 'https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2023-shifting-to-data-extortion/', 'https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-14th-2023-a-focus-on-stolen-data/']"
2077,Medical Group Orlando Family Physicians affected by data breach in 2021,"Medical Group Orlando Family Physicians (OFP) was targeted through a phishing attack by unknown threat actors in April 2021, which enabled the theft of sensitive personal details of 447,426 patients (including health information, health insurance information, Medicare beneficiary numbers, and passport numbers). The attack compromised four employee email accounts, which were all terminated by OFP. Forensic evidence discovered during the investigation of the incident suggests the threat actor(s) intended to commit financial fraud against OFP and did not specifically pursue data on the affected individuals.
In March 2023, a class action lawsuit against Orlando Family Physicians was settled for an undisclosed sum.",2021-04-15,2021-04-15,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft,[['Orlando Family Physicians']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],,,,,1,,,,,,,,,None; Unknown - not attributed,,['https://www.businesswire.com/news/home/20210720006100/en/Orlando-Family-Physicians-Experiences-Email-Phishing-Incident'],Unknown,Not available,,Not available,,0,,,,,,No,,Phishing,Account Access Removal; Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,,,No response justified (missing state attribution & breach of international law),,"['https://www.databreaches.net/orlando-family-physicians-data-breach-class-action-settlement/', 'https://www.businesswire.com/news/home/20210720006100/en/Orlando-Family-Physicians-Experiences-Email-Phishing-Incident']"
2078,Clop ransomware group suspected to have compromised Japanese Hitachi Energy using a 0-day vulnerability in Fortra GoAnywhere MFT,"The Clop ransomware group is suspected to have compromised Japanese Hitachi Energy using a 0-day vulnerability (CVE-2023-0669) in Fortra GoAnywhere Managed File Transfer (MFT), gaining access to certain employee data. Hitachi Energy confirmed the incident in a press statement. 
Hitachi Energy appears as one of many victims targeted by Clop. The ransomware group claims to have attacked 130 organisations via third-party vendor Fortra, the majority of which has not been publicly named. 
",,,Attack on critical infrastructure target(s),,Incident disclosed by victim,Hijacking without Misuse,"[['Hitachi Energy'], ['Fortra']]","['Japan', 'United States']","[['ASIA', 'SCS', 'NEA'], ['NATO', 'NORTHAM']]","[['Critical infrastructure'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Energy'], ['']]",['Clop Ransomware Group'],['Not available'],['Non-state-group'],['Criminal(s)'],1,2023-03-16 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Clop,,,Clop Ransomware Group,,Non-state-group,Criminal(s),['https://www.bleepingcomputer.com/news/security/hitachi-energy-confirms-data-breach-after-clop-goanywhere-attacks/'],Unknown,Not available,,Not available,,0,,,,,,Yes,One,Exploit Public-Facing Application,Not available,Not available,False,Not available,Not available,"Hijacking, not used - empowerment (incident scores 1 point in intensity)",none,none,1,Moderate - high political importance,1.0,Minor,4.0,No system interference/disruption,No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Sovereignty,,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2023-shifting-to-data-extortion/', 'https://twitter.com/thegrugq/status/1639245149288136705', 'https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-it-breached-130-orgs-using-goanywhere-zero-day/', 'https://www.bleepingcomputer.com/news/security/hitachi-energy-confirms-data-breach-after-clop-goanywhere-attacks/', 'https://www.hitachienergy.com/news/features/2023/03/third-party-cybersecurity-incident', 'https://www.databreaches.net/hitachi-energy-latest-victim-of-clop-goanywhere-attacks/', 'https://securityaffairs.com/143640/data-breach/hitachi-energy-data-breach.html', 'https://securityaffairs.com/143707/breaking-news/security-affairs-newsletter-round-411-by-pierluigi-paganini.html', 'https://research.checkpoint.com/2023/20th-march-threat-intelligence-report/', 'https://www.malwarebytes.com/blog/news/2023/03/a-week-in-security-march-13-19', 'https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-saks-fifth-avenue-retailer-says-mock-data-stolen/', 'https://www.bleepingcomputer.com/news/security/city-of-toronto-confirms-data-theft-clop-claims-responsibility/', 'https://www.databreaches.net/more-victims-possibly-identify-in-goanywhere-vulnerability-incident/', 'https://www.schneier.com/blog/archives/2023/03/mass-ransomware-attack.html', 'https://therecord.media/uk-pension-protection-fund-clop-goanywhere-fortra', 'https://twitter.com/securityaffairs/status/1639336758704734209', 'https://securityaffairs.com/143938/breaking-news/city-of-toronto-clop-ransomware.html', 'https://www.bleepingcomputer.com/news/security/procter-and-gamble-confirms-data-theft-via-goanywhere-zero-day/', 'https://www.darkreading.com/attacks-breaches/clop-keeps-racking-up-ransomware-victims-with-goanywhere-flaw-', 'https://twitter.com/cahlberg/status/1639207960693051392', 'https://twitter.com/InfoSecSherpa/status/1639058268252422144', 'https://www.bleepingcomputer.com/news/security/crown-resorts-confirms-ransom-demand-after-goanywhere-breach/', 'https://securityaffairs.com/144193/data-breach/crown-resorts-clop-ransomware.html', 'https://therecord.media/tasmania-government-ransomware-clop-student-documents', 'https://www.malwarebytes.com/blog/threat-intelligence/2023/04/ransomware-review-april-2023']"
2079,"Spanish HLA Grupo Hospitalario hit by data breach leaking 45,000 patients' records","Spanish HLA Grupo Hospitalario, a healthcare company, was hit by a cyber attack on or around 14 March 2023, through a misconfigured web server, which allowed an intruder to steal the data of 45,000 patients and 1,600 doctors (including names, phone numbers, email addresses, and internal communications as well as the national and tax identifiacation numbers of affected healthcare professionals). Some of this data was subsequently leaked on 14 March 2023. The health insurance group Asisa, which owns the hospital network, acknowledged on the next day that it was looking into the reported incident.",2023-03-01,2023-03-14,Attack on critical infrastructure target(s),,Incident disclosed by attacker,Data theft & Doxing; Hijacking with Misuse,[['HLA Grupo Hospitalario']],['Spain'],"[['EUROPE', 'NATO', 'EU']]",[['Critical infrastructure']],[['Health']],['Not available'],['Not available'],['Not available'],,1,2023-03-14 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,,,,,,,,['https://cronicaglobal.elespanol.com/vida/asisa-alerta-seguridad-hla-grupo-hospitalario_783983_102.html'],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,8.0,No system interference/disruption,Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,,0.0,Not available,0.0,euro,Not available,Human rights; Sovereignty,Civic / political rights; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-32/', 'https://euroweeklynews.com/2023/03/16/personal-data-of-50000-users-stolen-in-alleged-cyberattack-on-asisa-network-of-hla-grupo-hospitals-in-spain/', 'https://cronicaglobal.elespanol.com/vida/asisa-alerta-seguridad-hla-grupo-hospitalario_783983_102.html', 'https://almeriagold.com/personal-data-of-50000-users-stolen-in-alleged-cyberattack-on-asisa-network-of-hla-grupo-hospitals-in-spain/']"
2080,Russian hacktivist group Phoenix compromised Indian health ministry's health management system in 2023,"The Russian hacktivist group Phoenix launched an attack against the Indian Health Ministry's health management information system (HMIS) in 2023, in which the group gained access to HMIS portal and stole hospital, employee, and physician data, the cybersecurity firm CloudSEK reported. The attack occured against the backdrop of a meeting of G20 finance ministers hosted by India in late February, during which several member states sought a condemnation of Russia over its invasion of Ukraine and questions about India's participation in a G7-brokered oil price cap agreement designed to set a price ceiling for Russian oil exports. India's Computer Emergency Response Team has been tasked with investigating the incident.",2023-01-01,2023-01-01,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Data theft; Hijacking with Misuse,[['Ministry of Health']],['India'],"[['ASIA', 'SASIA', 'SCO']]",[['State institutions / political system']],[['Government / ministries']],['Phoenix'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2023-03-15 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,Phoenix,,Russia,Phoenix,Russia,Non-state-group,Hacktivist(s),['https://cloudsek.com/threatintelligence/russian-hacktivist-group-phoenix-targets-indias-health-ministry-website'],System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Low,7.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/website-intrusion-attempt-indias-department-of-health-seeks-help-from-chot-in/', 'https://cloudsek.com/threatintelligence/russian-hacktivist-group-phoenix-targets-indias-health-ministry-website', 'https://pipanews.com/website-intrusion-attempt-department-of-health-seeks-help-from-chot-in-pipa-news/']"
2086,Independent Living Systems targeted in data breach affecting over four million people during June-July 2022,"Florida-based Independent Living Systems (ILS), a healthcare services provider, was targeted by unknown actors between 30 June and 5 July 2022, resulting in the theft of potentially sensitive personal data of over 4.2 million individuals, including names, addresses, dates of birth, health insurance information, social security numbers, billing information, and medical records containing details on diagnoses, treatments, prescriptions and other mental and physical health assessments. In its incident notification, ILS does not directly clarify whether the attack involved ransomware but notes the attack rendered certain computer systems inaccessible, a description that could fit a ransomware attack. ILS took action to remedy the impact of the attack and alerted authorities, which confirmed the scope of the breach. The breach was confirmed by ILS in September 2022 and affected customers were notified in March 2023. ",2022-06-30,2022-07-05,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,"[['Not available'], ['Independent Living Systems (ILS)']]","['United States', 'United States']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM']]","[['Critical infrastructure'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Health'], ['']]",,,,,1,,,,,,,,,None; Unknown - not attributed,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Not available,,Not available,0,,,,,,,,No response justified (missing state attribution & breach of international law),,"['https://securityaffairs.com/143832/data-breach/independent-living-systems-data-breach.html', 'https://therecord.media/ils-data-breach-patient-information', 'https://www.cpomagazine.com/cyber-security/massive-data-breach-at-healthcare-provider-ils-compromises-millions-of-patients/', 'https://apps.web.maine.gov/online/aeviewer/ME/40/aacdb720-e082-4ef6-b7e6-f03280b2c4ec.shtml', 'https://www.prnewswire.com/news-releases/independent-living-systems-provides-notice-of-data-event-301771989.html', 'https://www.bleepingcomputer.com/news/security/healthcare-provider-ils-warns-42-million-people-of-data-breach/', 'https://www.databreaches.net/independent-living-systems-updates-its-breach-disclosure-notifying-more-than-4-2-million-patients/', 'https://www.govinfosecurity.com/long-term-care-services-firm-says-breach-affects-42-million-a-21448', 'https://securityaffairs.com/144054/breaking-news/security-affairs-newsletter-round-412-by-pierluigi-paganini.html']"
2098,Russia-linked Clop ransomware group disrupted US Wellness computer systems using a Fortra GoAnywhere vulnerability in early 2023,"The Russia-linked Clop ransomware group disrupted US Wellness's access to certain of its computer systems using a vulnerability in Fortra's GoAnywhere file transfer solution on 31 January 2023 at the earliest.
Healthcare provider US Wellness reported the ransomware attack in a notification letter to the California Attorney General on 22 March 2023. In this notification letter, US Wellness stated that personal information of its customers may have been affected. This includes names, addresses, dates of birth, member ID numbers, where the service originated, and addresses of the service location.
This incident is one in a series of reports related to the exploitation of a zero-day vulnerability in Fortra GoAnywhere Managed File Transfer (CVE-2023-0669) by the Clop ransomware group. On 10 February 2023, the Clop Ransomware group claimed to have compromised 130 organisations through the security floaw in an statement to the IT news website Bleeping Computer. ",2023-01-31,2023-01-01,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Disruption; Hijacking with Misuse,"[['US Wellness'], ['Fortra']]","['United States', 'United States']","[['NATO', 'NORTHAM'], ['NATO', 'NORTHAM']]","[['Critical infrastructure'], ['Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)']]","[['Health'], ['']]",['Clop Ransomware Group'],['Russia'],['Non-state-group'],['Criminal(s)'],2,2023-03-24; 2023-02-10,"Media report (e.g., Reuters makes an attribution statement, without naming further sources); Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Media-based attribution; Attacker confirms,TechCrunch; Clop,,United States; United States,Clop Ransomware Group; Clop Ransomware Group,Russia; Not available,Non-state-group; Non-state-group,Criminal(s); Criminal(s),"['https://techcrunch.com/2023/03/24/fortra-goanywhere-clop-ransomware/', 'https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-it-breached-130-orgs-using-goanywhere-zero-day/']",Unknown,Not available,,Not available,,0,,,,,,Yes,One,Exploit Public-Facing Application,Data Exfiltration,None,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,9.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), data corruption (deletion/altering) and/or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,,,,,Not available,,Countermeasures under international law justified (state-atttribution & breach of international law),,"['https://www.databreaches.net/fortra-told-breached-companies-their-data-was-safe/', 'https://oag.ca.gov/system/files/US%20Wellness%20-%20Adult%20Notification%20Letter%20%28General%29.pdf', 'https://techcrunch.com/2023/03/24/fortra-goanywhere-clop-ransomware/', 'https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-it-breached-130-orgs-using-goanywhere-zero-day/', 'https://twitter.com/lorenzofb/status/1639372433516900353', 'https://twitter.com/zackwhittaker/status/1639372041848512515', 'https://www.malwarebytes.com/blog/threat-intelligence/2023/04/ransomware-review-april-2023']"
2100,Pro-Russian hacker group NoName057(16) disrupted the website of French National Assembly on 26 March 2023,"The pro-Russian hacker group NoName057(16) claimed to have disrupted the website of the French National Assembly on 26 March 2023. 
In the announcement of their actions on Telegram, the hackers purported to side with popular protests against the President Macron's pension reform adopted in the previous week and baselessly compared the French government's assistance to Ukraine with support to neo-Nazis.
The group also advanced similar claims for the website of the French Senate, without any immediate evidence of impaired access.",2023-03-26,2023-03-26,"Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals; Attack on (inter alia) political target(s), not politicized",,Incident disclosed by attacker,Disruption,[['National Assembly (France)']],['France'],"[['EUROPE', 'NATO', 'EU', 'WESTEU']]",[['State institutions / political system']],[['Legislative']],['NoName057(16)'],['Russia'],['Non-state-group'],['Hacktivist(s)'],1,2023-03-27 00:00:00,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms,NoName057(16),,Russia,NoName057(16),Russia,Non-state-group,Hacktivist(s),"['https://t.me/noname05716eng/977', 'https://t.me/noname05716eng/982']",System / ideology; Territory; Resources; International power,System/ideology; Territory; Resources; International power; Third-party intervention / third-party affection,Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine; Russia – Ukraine,Yes / HIIK intensity,HIIK 5,0,,,,,,No,,Not available,Network Denial of Service,Not available,True,Not available,Short-term disruption (< 24h; incident scores 1 point in intensity),Not available,none,none,1,Moderate - high political importance,1.0,Minor,5.0,Day (< 24h),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,0.0,,0.0,Not available,0.0,euro,None/Negligent,Due diligence; Sovereignty,; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.politico.eu/article/french-national-assembly-website-russian-cyberattack-hack-kremlin-emmanuel-macron/?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication', 'https://t.me/noname05716eng/977', 'https://t.me/noname05716eng/982', 'https://twitter.com/MargauxDuguet/status/1640350530009440257?s=20']"
2101,Lockbit ransomware group locked certain computer systems and stole personal information from Washington County Sheriff's Office (WCSO) networks on 21 February 2023,"The Lockbit ransomware group locked certain computer systems and stole personal information from the Washington County Sheriff's Office (WCSO) networks on 21 February 2023, Washington County News first reported on the same day. The ransomware group announced the ransomware attack on its website six days later. 
The ransomware attack locked down computer systems related to finance and jail management. Threats by the ransomware group to publish the stolen personal information revealed these also included home addresses, phone numbers, social security numbers, and other personal information of more than 500 employees.
On 21 February, the Washington County sheriff claimed the attackers operated from Russia. 
On 28 March 2023, eight days after the deadline for the ransom payment, Lockbit released the stolen data, which was said to be warrants and employee information. ",2023-02-21,2023-02-21,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by media (without further information on source); Incident disclosed by authorities of victim state,Data theft & Doxing; Disruption; Hijacking with Misuse; Ransomware,"[[""Washington County Sheriff's Office (WCSO)""]]",['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Police']],['LockBit'],['Not available'],['Non-state-group'],['Criminal(s)'],2,2023-02-27; 2023-02-21,"Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media; Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media",Attacker confirms; Attribution by receiver government / state entity,"Lockbit; Kevin Crews (Sheriff of Washington County Sheriff's Office, United States)",,Not available; United States,LockBit; Not available,Not available; Russia,Non-state-group; Unknown - not attributed,Criminal(s); ,"['https://washingtoncounty.news/2023/02/21/wcso-under-cyber-attack-tuesday/', 'https://www.redpacketsecurity.com/lockbit-3-0-ransomware-victim-wcso-us/', 'https://washingtoncounty.news/2023/03/02/wcso-nearly-recovered-from-cyber-attack/']",Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration; Data Encrypted for Impact,Not available,True,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,6,Moderate - high political importance,6.0,Medium,12.0,Days (< 7 days),Major data breach/exfiltration (critical/sensitive information) & data corruption (deletion/altering) and/or leaking of data ,1-10,1.0,1-10,1.0,,0.0,euro,None/Negligent,Human rights; Due diligence; Sovereignty,Civic / political rights; ; ,Not available,0,,,,,,Not available,,Unfriendly acts/retorsions justified (missing state-attribution & breach ofinternational law OR state-attribution & missing breach of international law),,"['https://www.databreaches.net/a-listing-on-a-government-victim-disappeared-from-lockbits-site-but-why/', 'https://www.newsbreak.com/washington-county-fl/2963890438373-hackers-threaten-to-release-washington-county-sheriff-s-office-personal-data', 'https://washingtoncounty.news/2023/02/21/wcso-under-cyber-attack-tuesday/', 'https://washingtoncounty.news/2023/03/02/wcso-nearly-recovered-from-cyber-attack/', 'https://www.redpacketsecurity.com/lockbit-3-0-ransomware-victim-wcso-us/', 'https://therecord.media/florida-sheriff-data-leak-lockbit-ransomware', 'https://www.databreaches.net/data-stolen-from-florida-sheriffs-office-leaked-by-lockbit-ransomware-group/', 'https://www.malwarebytes.com/blog/business/2023/04/top-5-cyberthreats-facing-msps-and-vars-in-2023']"
2102,Unknown actors deployed ransomware against the servers of US telecommunications company Lumen Technologies,"Unknown actors deployed ransomware against the servers of US telecommunications company Lumen Technologies, the company detailed in a filing to the Securities and Exchange Commission on 27 March 2023.  
The ransomware attack degraded hosting services for a small number of the company's customers.",2023-01-01,2023-01-01,Attack on critical infrastructure target(s),,Incident disclosed by victim,Disruption; Hijacking with Misuse; Ransomware,[['Lumen Technologies']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Telecommunications']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Encrypted for Impact,Not available,True,Not available,Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,4,Moderate - high political importance,4.0,Low,6.0,Days (< 7 days),No data breach/exfiltration or data corruption (deletion/altering) and/or leaking of data,1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://securityaffairs.com/144113/hacking/lumen-suffered-ransomware-attack.html', 'https://d3ka4b6b7wffw2.cloudfront.net/0000018926/100217360736/4ea1c4d3-54b5-48e9-b56e-d4865d7a8948.pdf']"
2103,Sophisticated intruder accessed internal information of US telecommunications company Lumen Technologies,"A sophisticated intruder accessed internal information of US telecommunications company Lumen Technologies, the company disclosed on 27 March 2023 as part of investor notification obligations.
The company specified that only a relatively limited amount of data was exfiltrated. ",2023-01-01,2023-01-01,Attack on critical infrastructure target(s),,Incident disclosed by victim,Data theft; Hijacking with Misuse,[['Lumen Technologies']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Telecommunications']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Not available,"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,3,Moderate - high political importance,3.0,Minor,5.0,No system interference/disruption,"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://securityaffairs.com/144113/hacking/lumen-suffered-ransomware-attack.html', 'https://d3ka4b6b7wffw2.cloudfront.net/0000018926/100217360736/4ea1c4d3-54b5-48e9-b56e-d4865d7a8948.pdf']"
2110,"In August 2022, the US city of Fremont County is attacked by an unknown threat actor with the BlackCat Ransomware","On 17 August 2022, the US city of Fremont County in Colorado discovered that it had been attacked by an unknown threat actor with the BlackCat Ransomware between 13 and 17 August 2022. In doing so, certain files and folders on the servers could no longer be accessed and the threat actor had unauthorised access to certain files. The Fremont County Sheriff's Office wrote on 19 September 2022 that the cyber incident resulted in the loss of access to several of the city's systems. Inmate accounting systems for the sheriff's office also could not be restored, resulting in the loss of all account information. By November 2022, the city's systems were 90 per cent restored.",2023-08-13,2023-08-17,"Attack on (inter alia) political target(s), not politicized",,Incident disclosed by authorities of victim state,Data theft; Disruption; Hijacking with Misuse; Ransomware,[['Fremont County']],['United States'],"[['NATO', 'NORTHAM']]",[['State institutions / political system']],[['Civil service / administration']],,,,,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,0,,,,,,No,,Not available,Data Exfiltration,Not available,True,For private / commercial targets: non-sensitive information (incident scores 1 point in intensity),Long-term disruption (> 24h; incident scores 2 points in intensity),"Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)",none,none,5,Moderate - high political importance,5.0,Low,7.0,Days (< 7 days),"Minor data breach/exfiltration (no critical/sensitive information), but no data corruption (deletion/altering) or leaking of data  ",1-10,0.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,,,No response justified (missing state attribution & breach of international law),,"['https://fremontcountyco.state.co.us/information-updates', 'https://www.denverpost.com/2022/09/22/wheat-ridge-ransomware-fremont-county-cyber-attack/', 'https://www.cbsnews.com/colorado/news/ransomware-attacks-hit-wheat-ridge-fremont-counties-everything-was-impacted/', 'https://www.govtech.com/security/fremont-county-colo-in-recovery-phase-after-cyber-attack', 'https://www.govtech.com/security/fremont-county-colo-nears-full-capacity-after-cyber-attack', 'https://crimewatch.net/us/co/fremont/sheriff/180579/post/notice-regarding-inmate-accounts?fbclid=IwAR1ybBZcU-etZNtpxBt62ogOeDgxVp5lJP7Iu5Cw4XS0-5zX7RaNZSRZGkk']"
2111,"In October 2022, a subcontractor of Centers for Medicare and Medicaid Services in US becomes the target of a ransomware attack","On 14 December 2022, Centers for Medicare and Medicaid Services (CMS) announced that its subcontractor Healthcare Management Solutions (HMS) was the target of a ransomware attack on 8 October 2022. In the process, CMS reported that following an investigation on 18 October, it believed with a high degree of confidence that personal information and protected health information of up to 254,000 Medicare beneficiaries had been compromised, including sensitive banking information. House Committee on Oversight and Accountability Chair James Comer and House Committee on Energy and Commerce Chair Cathy McMorris Rodgers requested documents and communications from CMS Administrator Chiquita Brooks-LaSure in a letter on 20 March 2023, as details were reported only with a two-month delay. Congress was not informed until 1 December 2022, according to Comer and Rodgers, although it is required to be notified within seven days of the discovery of a major cyber incident.",2022-10-08,2022-10-08,"Attack on non-political target(s), politicized",,Incident disclosed by victim,Data theft,[['Healthcare Management Solutions (HMS)']],['United States'],"[['NATO', 'NORTHAM']]",[['Critical infrastructure']],[['Health']],['Not available'],['Not available'],['Not available'],,1,,,,,,,,,,,[],Unknown,Not available,,Not available,,1,2023-03-20 00:00:00,State Actors: Legislative reactions,Legislative initiative,United States,James Comer (House Committee on Oversight and Accountability Chairman),No,,Not available,Data Exfiltration,Not available,False,For private / commercial targets: sensitive information (incident scores 2 points in intensity),Not available,Not available,none,none,2,Moderate - high political importance,2.0,Low,6.0,No system interference/disruption,"Data corruption (deletion/altering) but no leaking of data, no data breach/exfiltration OR major data breach / exfiltration, but no data corruption and/or leaking of data",1-10,1.0,1-10,1.0,Not available,0.0,euro,Not available,Not available,,Not available,0,,,,,,Not available,,No response justified (missing state attribution & breach of international law),,"['https://www.databreaches.net/warning-to-seniors-personal-data-of-254k-medicare-beneficiaries-at-risk-after-breach/', 'https://www.cms.gov/newsroom/press-releases/cms-responding-data-breach-subcontractor', 'https://fedscoop.com/cms-subcontractor-data-breach/', 'https://fedscoop.com/cms-subcontractor-breach-timeline/', 'https://d1dth6e84htgma.cloudfront.net/CMS_Data_Breach_Letter_FINAL_f1fb700429.pdf?updated_at=2023-03-20T15:21:59.023Z']"