Yearly has its personal mixture of digital safety debacles, from the absurd to the sinister, however 2024 was notably marked by hacking sprees through which cybercriminals and state-backed espionage teams repeatedly exploited the identical weak spot or sort of goal to gas their frenzy. For attackers, the strategy is ruthlessly environment friendly, however for compromised establishments—and the people they serve—the malicious rampages had very actual penalties for individuals’s privateness, security, and safety.
As political turmoil and social unrest intensify world wide, 2025 will likely be a sophisticated—and doubtlessly explosive—12 months in our on-line world. However first, this is WIRED’s look again on this 12 months’s worst breaches, leaks, state-sponsored hacking campaigns, ransomware assaults, and digital extortion instances. Keep alert, and keep protected on the market.
Espionage operations are a reality of life, and relentless Chinese language campaigns have been a relentless in our on-line world for years now. However the China-linked espionage group Salt Storm carried out a very noteworthy operation this 12 months, infiltrating a slew of US telecoms together with Verizon and AT&T (plus others world wide) for months. And US officers instructed reporters earlier this month that many sufferer firms are nonetheless actively making an attempt to take away the hackers from their networks.
The attackers surveilled a small group of individuals—lower than 150 by present rely—however they embody people who have been already topic to US wiretap orders in addition to state division officers and members of each the Trump and Harris presidential campaigns. Moreover, texts and calls from different individuals who interacted with the Salt Storm targets have been inherently additionally caught up within the espionage scheme.
All through the summer time, attackers have been on a tear, breaching distinguished firms and organizations that have been all prospects of the cloud knowledge storage firm Snowflake. The spree barely qualifies as hacking, since cybercriminals have been merely utilizing stolen passwords to log in to Snowflake accounts that did not have two-factor authentication turned on. The tip consequence, although, was a rare quantity of information stolen from victims together with Ticketmaster, Santander Financial institution, and Neiman Marcus. One other distinguished sufferer, the telecom large AT&T, mentioned in July that “almost all” data referring to its prospects’ calls and texts from a seven-month stretch in 2022 have been stolen in a Snowflake-related intrusion. The safety agency Mandiant, which is owned by Google, mentioned in June that the rampage impacted roughly 165 victims.
In July, Snowflake added a function so account directors might make two-factor authentication obligatory for all of their customers. In November, suspect Alexander “Connor” Moucka was arrested by Canadian legislation enforcement for allegedly main the hacking spree. He was indicted by the US Division of Justice for the Snowflake tear and faces extradition to the US. John Erin Binns, who was arrested in Turkey for an indictment associated to a 2021 breach of the telecom T-Cell, was additionally indicted on costs associated to the Snowflake buyer breaches.
On the finish of February, the medical billing and insurance coverage processing firm Change Healthcare was hit with a ransomware assault that prompted disruptions at hospitals, physician’s places of work, pharmacies, and different well being care amenities across the US. The assault is likely one of the all-time largest breaches of medical knowledge, impacting greater than 100 million individuals. The corporate, which is owned by UnitedHealth, is a dominant medical billing processor within the US. It mentioned days after the assault began that it believed ALPHV/BlackCat, a infamous Russian-speaking ransomware gang, was behind the assault.
Private knowledge stolen within the assault included affected person cellphone numbers, addresses, banking and different monetary data, and well being data together with diagnoses, prescriptions, and therapy particulars. The corporate paid a $22 million ransom to ALPHV/BlackCat initially of March in an try and comprise the scenario. The cost seemingly emboldened attackers to hit well being care targets at an excellent larger charge than standard. With ongoing, rolling notifications to greater than 100 million victims—with extra nonetheless being found—lawsuits and different blowback has been mounting. This month, for instance, the state of Nebraska sued Change Healthcare, alleging that “failures to implement fundamental safety protections” made the assault a lot worse than it ought to have been.
Microsoft mentioned in January that it had been breached by Russia’s “Midnight Blizzard” hackers in an incident that compromised firm executives’ e mail accounts. The group is tied to the Kremlin’s SVR overseas intelligence company and is particularly linked to SVR’s APT 29, also referred to as Cozy Bear. After an preliminary intrusion in November 2023, the attackers focused and compromised historic Microsoft system take a look at accounts that then allowed them to entry what the corporate mentioned have been “a really small proportion of Microsoft company e mail accounts, together with members of our senior management group and workers in our cybersecurity, authorized, and different capabilities.” From there, the group exfiltrated “some emails and connected paperwork.” Microsoft mentioned that the attackers gave the impression to be searching for details about what the corporate knew about them—in different phrases, Midnight Blizzard doing reconnaissance on Microsoft’s analysis into the group. Hewlett-Packard Enterprise (HPE) additionally mentioned in January that it had suffered a company e mail breach attributed to Midnight Blizzard.
The background test firm Nationwide Public Knowledge suffered a breach in December 2023, and knowledge from the incident began exhibiting up on the market on cybercriminal boards in April 2024. Completely different configurations of the information cropped up many times over the summer time, culminating in public affirmation of the breach by the corporate in August. The stolen knowledge included names, Social Safety numbers, cellphone numbers, addresses, and dates of beginning. Since Nationwide Public Knowledge did not verify the breach till August, hypothesis concerning the scenario grew for months and included theories that the information included tens and even a whole bunch of tens of millions of Social Safety numbers. Although the breach was important, the true variety of impacted people appears to be, mercifully, a lot decrease. The corporate reported in a submitting to officers in Maine that the breach affected 1.3 million individuals. In October, Nationwide Public Knowledge’s mum or dad firm, Jerico Photos, filed for Chapter 11 chapter reorganization within the Southern District of Florida, citing state and federal investigations into the breach in addition to numerous lawsuits that the corporate is going through over the incident.
Honorable Point out: North Korean Cryptocurrency Theft
Lots of people steal quite a lot of cryptocurrency yearly, together with North Korean cybercriminals who’ve a mandate to assist fund the hermit kingdom. A report from the cryptocurrency tracing agency Chainalysis launched this month, although, underscores simply how aggressive Pyongyang-backed hackers have change into. The researchers discovered that in 2023, hackers affiliated with North Korea stole greater than $660 million throughout 20 assaults. This 12 months, they stole roughly $1.34 billion throughout 47 incidents. The 2024 figures characterize 20 p.c of complete incidents Chainalysis tracked for the 12 months and a whopping 61 p.c of the full funds stolen by all actors.
The sheer domination is spectacular, however the researchers emphasize the seriousness of the crimes. “US and worldwide officers have assessed that Pyongyang makes use of the crypto it steals to finance its weapons of mass destruction and ballistic missiles packages, endangering worldwide safety,” Chainalysis wrote.
