13 Biggest Cyber Attacks in History

Our first recount of a massive cyber attack took place in March 1999 when the Melissa virus was launched. This was a mass-mailing macro virus that targeted Microsoft Word and Outlook-based systems, infecting the systems through email. After clicking the email titled “Important Message From *username*” the body read, “Here’s that document you asked for. Don’t show anyone else ;).” The Word Doc held a list of pornographic sites and logins for each. The bad part? The virus would then mass-mail itself to the first fifty people in the user’s contact list and then disable multiple features within Microsoft Word and Outlook.

The Melissa virus slowed down email systems, and some of the majorly impacted companies include Microsoft, Intel Corp, and the United States Marine Corps. It is estimated that one million email accounts were infiltrated by the virus, and at the time was the fastest-spreading email worm. Thankfully, it only took a few days to contain the virus, and slightly longer to remove it from infected computers.

Follow us on MSN for more collectible content

The Shamoon Virus attack was a computer virus that shut down a trillion-dollar business empire in 2012. The target of the virus was Saudi Arabia’s Aramco, the world’s largest oil and gas company.

On August 15, 2012, seemingly out of nowhere 30,000 Windows-based computer systems were overwritten in a matter of hours. As Aramco would find out later, the attack wasn’t totally without warning. A few hours before the attack began, the group that claimed responsibility for the attack called “Cutting Sword of Justice” posted a message on an Anonymous board.

The attack was so devasting that journalists reported miles and miles of truck lines outside Aramco refilling stations because no system was operational. It was a logistical nightmare. Overnight cybersecurity experts were flown in from all over the world to get everything online. Later, experts would attribute Iran state-backed hackers as the group responsible for the devastating attack.

CHECK OUT: 3 Best Laptops Under $800: Nerdable’s Picks

Sometimes cyber attacks target organizations rather than individuals. In 2007, a series of cyberattacks targeted websites of Estonian organizations, including the Estonian parliament, banks, ministries, newspapers, and broadcasters. This all happened during a disagreement between Estonia and Russia concerning the relocation of the Bronze Soldier of Tallinn and war graves in Tallinn.

This case was special because it held a sophistication not seen before in cyber attacks, and at the time was the second-largest instance of state-sponsored cyber-warfare, after Titan Rain. After investigating the attack, one ethnic-Russian Estonian national was charged and convicted for the crime, even though in subsequent years there have been others who claim responsibility for the act. The biggest takeaway from this attack was the creation of the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

READ MORE: 10 Best Drones for Beginners (Recommended for Adults)

A 15-year-old boy stunned the world in 1999 when he hacked into NASA and the Department of Defense, instantly cementing his name into the well-known hackers in the world list. Jonathan James, also known as “c0mrade,” also hacked into the Defense Threat Reduction Agency (DTRA) which handles nuclear and chemical special weapons. Through the hack, he intercepted over 3,300 emails and the usernames and passwords of department users.

But, his biggest heist was when James entered the Marshall Space Flight Center in Huntsville, downloading data worth $1.7 million. NASA was forced to shut down its computers in the facility and undergo repairs that cost around $44,000. When James was apprehended, he claimed he did nothing harmful, and was simply “playing around.”

Follow us on MSN for more collectible content

When Adobe first announced its data breach in 2013, the company claimed only 3 million people had been affected, but in reality, over 38 million customers’ sensitive information was exposed. This included encrypted passwords, credit card details, and email addresses. Along with personal information, the hackers also accessed the source code for Adobe products like Acrobat, Coldfusion, and Photoshop. The breach was undetected for weeks until a journalist and researcher found the source code on a server, prompting an investigation.

The hackers used a technique called “spear phishing” to send targeted emails to Adobe employees, each one containing malicious links or infected attachments, leaking into the Adobe network. In response, Adobe shut down the compromised technology and implemented new security measures to keep hackers out. Law enforcement agencies continued to work to find the culprit, and in 2018 a U.S. court sentenced a Russian hacker for his role in the attack, though the other two hackers involved remain at large.

CHECK OUT: Best Portable iPhone Chargers on Amazon Under $75

Software isn’t the only thing that can be hacked. In 2015, the power grid in two western oblasts of Ukraine was hacked, plunging roughly 230,000 consumers into power outages for one to six hours. Hackers used the BlackEnergy 3 malware to remotely compromise the information systems of three energy distribution companies, with the most affected company being Prykarpattyaoblenergo. Two other companies (Chernivtsioblenergo and Kyivoblenergo) were also affected, but at a lesser degree.

This attack took place during the ongoing Russo-Ukrainian War (2014-Present), and has been attributed to a Russian persistent threat group known as “Sandworm.” It was the first publicly acknowledged successful cyberattack on a power grid.

ALSO READ: Best Telescopes for Astrophotography No Matter Your Skill or Budget

One of the more recent cyber attacks on our list is MOVEit, which started in May 2023. If you’ve never heard of MOVEit, it is a file transfer program owned by Progress Software and specializes in moving personal data within the public and private sectors. These could include financial services companies, government agencies, pension funds, and others. The hacker group called CL0P gained access to the program and infiltrated it with malware designed to steal sensitive information.

Using this information, CL0P sends ransom notes to upper-level executives of companies that have been hacked. If these organizations don’t pay up, then the hackers will release the sensitive information to the public. The fallout of this hack is still being unpacked, so only time will tell how many people were affected.

Follow us on MSN for more collectible content

There are few cyber attacks on this list that go worldwide, but the WannaCry ransomware attack in 2017 is one of them. The attack was spearheaded by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system. The data on the computer was then encrypted and a ransom was demanded in Bitcoin cryptocurrency to get the information back.

The main reason this attack happened was due to a patch to EternalBlue, which had been stolen and leaked by a group called The Shadow Brokers a month before the WannaCry attack. Those organizations that did not apply the patch were especially vulnerable and were among the victims. The attack was killed only a few hours after beginning, due to the registration of a kill switch discovered by Marcus Hutchins. In December 2017, the United States and the United Kingdom asserted that North Korea was behind the attack, even though the country denied any involvement.

CHECK OUT: 12 Pieces of Rare Candy You May Never Taste

Though this cyber attack started in 2014, Yahoo! never officially announced the data breach until 2016. The hackers behind the attack collected data from over 500 million user accounts, which included account names, emails, telephone numbers, dates of birth, hashed passwords, and in some cases security questions. These pieces of information could help hackers break into the victims’ other online accounts, and could even reach into sensitive information like bank accounts.

After reporting the breach in September 2016, Yahoo! worked with the Federal Bureau of Investigation (FBI) to find the hackers and fix the breach. The hackers are thankfully no longer in Yahoo! servers, and the company believes the breach was committed by “state-sponsored” hackers, though they did not name a specific company.

READ MORE: 13 Strongest Alcoholic Drinks in the World

The Bangladesh Bank cyber heist was a coordinated digital attack that took place in February 2016. The hacker planned to steal $1 billion US dollars from the Bangladeshi national bank by using fake SWIFT transactions. This money was sitting in the Federal Reserve Bank of New York, and the hackers exploited very poor cybersecurity at the Bangladesh bank to gain access to this fortune.

Five out of the thirty-five fraudulent transactions successfully went through before anyone noticed. The attackers managed to get away with $101 million US dollars before the Federal Reserve Bank of New York caught on. The remaining thirty transaction requests were blocked. $81 million US dollars were traced to the banking system in the Philippines and about $20 million US dollars were traced to a bank in Sri Lanka.

The FBI would later attribute this devasting cyberattack to a North Korean hacker group called the Lazarus Group. This was a shock to the cybersecurity world, as it was the first time a nation-state had performed a cyberattack not for information or sabotage, but purely for financial gains.

Follow us on MSN for more collectible content

The Triton malware makes the top three because this was one of the first malware attacks that could have been fatal to the target. In the summer of 2017, a petrochemical plant in Saudi Arabia discovered their systems were compromised.

Immediately cybersecurity experts were flown in to take charge of the situation. What they discovered would make the hair stand up on even the most seasoned cybersecurity experts. Experts found that the malware had gotten control over the plant’s safety instruments. With those compromised, the hackers with a flick of a single button could have caused massive explosions at the plant, killing hundreds of people in the process. Thankfully, it was resolved before any damage was done.

CHECK OUT: 10 Celebrities with Top Guitar Collections

Stuxnet to this day is considered to be one of the most dangerous pieces of malware to ever exist. Stuxnet was a sophisticated malware that attacked an Iranian uranium enrichment facility at Natanz. The malware caused the centrifuges to burn out by accessing the industrial control system that controlled the entire facility.

What is more devastating is that the facility at Natanz was air-gapped, meaning it was not connected to the internet. Attackers had to use infected USBs to infiltrate the system. The scary part about Stuxnet is that it was designed to attack industrial control systems, ones that control our electric grids, dams, and oil pipelines. 

Even though officially the United States denies any involvement, most cybersecurity experts attribute the virus to being created as a collaboration between the NSA, the US Department of Energy, and the Israeli cyber division unit 8200.

ALSO READ: What Is the Oldest Castle in the World?

Taking the number one spot is NotPetya. Its weird name was given to it by cybersecurity experts as a joke because some people thought it was another famous ransomware called Petya. When they discovered it was something different, they started calling it NotPetya.

The story behind NotPetya is not as funny. On June 27, 2017, the Ukraine and Russian conflict rose to new levels of belligerence as NotPetya was deployed. Within hours, NotPetya had taken out Ukraine’s electric grid, their subway system stopped working, and even ATMs in Ukraine went out of service. Overnight, Ukraine was brought to its knees without firing a single bullet.

And the destruction wasn’t limited to Ukraine. The virus leaked from Ukraine into the whole world. The shipping giant Maersk ended up losing $300 million US dollars as their whole network went down. Later estimates would put the damage caused by NotPetya at $10 billion US dollars. It is still considered to be one of the most devasting cyber attacks in history.

Follow us on MSN for more collectible content