Cyber Resilience

Landmark cyber incidents

Hand-curated catalog of the most-cited landmark cyber incidents. Distinct from bulk public disclosures (/breaches.html) and per-actor extracted victim lists (/victims.html) — these are the story-form entries with cast, sources, and explicit attribution to a primary threat actor.

15 curated incident(s) · 53 MITRE-documented campaign(s) below · Types: Supply-chain compromise: 4 · Ransomware: 3 · Data theft: 3 · OT disruption: 2 · Espionage intrusion: 1 · Destructive wiper: 1 · Financial heist: 1 · Regions: US: 7 · International: 4 · EU: 2 · APAC: 2 · Updated monthly (the bright line between threat-intel catalog and incident database — bulk disclosures flow in via the daily SEC/CISA pipelines).

Curated landmarks

Disclosed Incident Type Region Primary attribution Victims Linked sources
2024-02-21Change Healthcare ransomware (ALPHV/BlackCat)RansomwareUSMISP-e6c09b633SEC×3
2024-02-07Volt Typhoon US critical-infrastructure pre-positioningEspionage intrusionUSVolt Typhoon0CISA×2
2023-12-12Kyivstar telecom outage (Solntsepyok / Sandworm front)OT disruptionEUSandworm Team1
2023-05-31MOVEit Transfer mass-exploitation (Cl0p)Supply-chain compromiseInternationalClop1CISA×1
2023-03-293CX desktop-app supply chain compromiseSupply-chain compromiseInternationalLazarus Group1MITRE
2021-07-02Kaseya VSA mass ransomware (REvil)Supply-chain compromiseUSMISP-24bd9a4b1CISA×1
2021-05-07Colonial Pipeline ransomware shutdownRansomwareUSMISP-f514a46e1
2020-12-13SolarWinds Orion supply chain compromiseSupply-chain compromiseUSAPT2912MITRE CISA×1
2017-06-27NotPetya destructive wiperDestructive wiperInternationalSandworm Team6
2017-05-12WannaCry global ransomware outbreakRansomwareInternationalLazarus Group1
2016-02-05Bangladesh Bank SWIFT heistFinancial heistAPACAPT381
2015-12-23Ukrainian power-grid attacks (Sandworm)OT disruptionEUSandworm Team1MITRE
2015-06-04US Office of Personnel Management breachData theftUSDeep Panda1
2015-02-04Anthem health-insurance breachData theftUSDeep Panda1
2014-11-24Sony Pictures Entertainment hackData theftAPACLazarus Group1

MITRE-documented campaigns — 53 campaigns from MITRE ATT&CK

The named operations MITRE ATT&CK documents as campaigns, beyond the curated landmarks above. Each links to its own campaign page — year range, attributed actor, techniques, and the MITRE narrative — and cross-links the running actor where the attribution is known. The monthly curator review promotes campaigns from here into the curated landmark layer.

Years active Campaign Run by CVEs Techniques
2026-2026C0027 (C0027)142
2026-2026Operation Dream Job (C0022)Lazarus Group381
2021-2026SharePoint ToolShell Exploitation (C0058)749
2025-2025RedPenguin (C0056)UNC3886132
2018-2025ArcaneDoor (C0046)230
2021-2021C0018 (C0018)326
2015-20152016 Ukraine Electric Power Attack (C0025)Sandworm Team128
2011-2011Operation Dust Storm (C0016)124
2022 Ukraine Electric Power Attack (C0034)Sandworm Team016
2025 Poland Wiper Attacks (C0063)077
APT28 Nearest Neighbor Campaign (C0051)APT28028
APT41 DUST (C0040)APT41042
Anthropic AI-orchestrated Campaign (C0062)036
C0010 (C0010)014
C0011 (C0011)014
C0015 (C0015)046
C0017 (C0017)APT41040
C0021 (C0021)026
C0026 (C0026)08
C0032 (C0032)TEMP.Veles028
C0033 (C0033)PROMETHIUM00
CostaRicto (C0004)015
Cutting Edge (C0029)042
FLORAHOX Activity (C0053)09
Frankenstein (C0001)039
FrostyGoop Incident (C0041)07
FunnyDream (C0007)019
HomeLand Justice (C0038)036
Indian Critical Infrastructure Intrusions (C0043)012
J-magic Campaign (C0050)08
Juicy Mix (C0044)OilRig022
KV Botnet Activity (C0035)Volt Typhoon128
Leviathan Australian Intrusions (C0049)Leviathan032
Night Dragon (C0002)043
Operation AkaiRyū (C0060)040
Operation CuckooBees (C0012)048
Operation Digital Eye (C0061)037
Operation Ghost (C0023)APT29016
Operation Honeybee (C0006)043
Operation MidnightEclipse (C0048)025
Operation Sharpshooter (C0013)022
Operation Spalax (C0005)024
Operation Wocao (C0014)095
Outer Space (C0042)OilRig014
Pikabot Distribution February 2024 (C0036)06
Quad7 Activity (C0055)022
RedDelta Modified PlugX Infection Chain Operations (C0047)Mustang Panda036
SPACEHOP Activity (C0052)07
Salesforce Data Exfiltration (C0059)027
ShadowRay (C0045)016
Triton Safety Instrumented System Attack (C0030)TEMP.Veles018
Versa Director Zero Day Exploitation (C0039)Volt Typhoon013
Water Curupira Pikabot Distribution (C0037)014

« All actors  ·  All victims  ·  All sectors  ·  Recent breach notifications