Chronicles
Latest chronicles
77 chronicles
- № 01
The Mirai Botnet
Three students built a DDoS weapon to win an argument over Minecraft servers. It ended up rewriting the rules of internet infrastructure.
#botnet#iot#ddos - № 02
The Bangladesh Bank Heist
A single typo stopped a billion-dollar SWIFT robbery. The eighty-one million that did escape was never fully recovered.
#banking#swift#lazarus-group - № 03
Stuxnet
A worm built to slip across air gaps, count centrifuges, and rewrite the rules of warfare without firing a shot.
#nation-state#scada#natanz - № 04
NotPetya
A fake ransomware worm flushed through a Ukrainian accounting tool and ate ten billion dollars of global shipping, pharma, and freight in a single afternoon.
#nation-state#ransomware#supply-chain - № 05
Colonial Pipeline
A single VPN password without two-factor authentication shut down half the gasoline supply on the US East Coast.
#ransomware#darkside#infrastructure - № 06
SolarWinds / Sunburst
An intelligence service smuggled a backdoor into a routine network-monitoring update and reached 18,000 networks at once.
#nation-state#supply-chain#svr - № 07
Sony Pictures and The Interview
A comedy about killing Kim Jong-un triggered the most public corporate hack of the decade, exposing emails, salaries, and unreleased films.
#nation-state#lazarus-group#leak - № 08
Silk Road
Ross Ulbricht ran the world's largest darknet market from a laptop until the FBI snatched it open on a San Francisco library table.
#darknet#bitcoin#law-enforcement - № 09
Equifax
An unpatched Apache Struts server gave away the personal credit data of 147 million Americans, almost half the country.
#breach#credit-bureau#apache-struts - № 10
Lapsus$
A teenager in Oxford and a small Telegram group walked through Nvidia, Samsung, Microsoft, Okta, and Uber on charm and SIM swaps.
#social-engineering#sim-swap#okta - № 11
The Twitter Bitcoin Hack
For a few hours, the verified accounts of Obama, Musk, and Apple all asked the world to send Bitcoin. A Florida teenager had called Twitter's help desk.
#vishing#social-engineering#twitter - № 12
Cambridge Analytica
A psychology professor's personality quiz harvested 87 million Facebook profiles. A consulting firm used them to micro-target two political earthquakes.
#data-broker#facebook#elections - № 13
Mt. Gox
A Tokyo exchange built on top of a Magic: The Gathering trading site briefly handled most of the world's Bitcoin. Then 850,000 coins quietly walked out the door.
#bitcoin#exchange#collapse - № 14
Snowden and PRISM
A contractor walked out of an NSA listening post in Hawaii with a thumb drive of documents and a question the public had not been allowed to ask.
#whistleblower#nsa#surveillance - № 15
Operation Aurora
China reached into Google's source-code repository looking for the accounts of dissidents. Google reached back by leaving the country.
#nation-state#google#china - № 16
Target 2013
Forty million credit cards walked out of Target's checkout lanes through a network connection meant for the heating contractor.
#retail#pos-malware#supply-chain - № 17
The Conti Leaks
When Conti's leadership publicly backed Russia's invasion of Ukraine, a sympathizer of the opposite view dumped two years of the gang's internal chats.
#ransomware#conti#leak - № 18
Pegasus and NSO Group
An Israeli company sold a zero-click spyware product to governments. A leaked list of fifty thousand phone numbers suggested who they pointed it at.
#spyware#nso#human-rights - № 19
REvil and the Kaseya Weekend
A ransomware crew chose the Friday before the Fourth of July to push their payload through a network-management tool used by thousands of IT shops.
#ransomware#supply-chain#msp - № 20
Ashley Madison
A group called The Impact Team gave a Canadian affair site a deadline. When the site refused to shut down, thirty gigabytes of customer data went to BitTorrent.
#leak#extortion#social-impact - № 21
Heartbleed
A two-line patch added a feature to OpenSSL. A two-year-old typo in that feature let anyone read sixty-four kilobytes at a time from any server using it.
#openssl#vulnerability#infrastructure - № 22
WannaCry
A North Korean worm carrying a stolen NSA exploit shut down hospitals across the UK until a researcher accidentally registered a kill switch.
#ransomware#eternalblue#lazarus-group - № 23
The Yahoo Breaches
Three billion accounts. Two breaches. One acquisition that had to be renegotiated mid-deal when the receipts finally arrived.
#breach#yahoo#acquisition - № 24
MOVEit and Cl0p
A managed file-transfer tool sat between thousands of organizations and their payroll providers. The Cl0p gang found a zero-day in it and stripped them all in a weekend.
#ransomware#zero-day#supply-chain - № 25
Change Healthcare
A ransomware crew hit the clearinghouse that processes a third of US medical claims. Pharmacies, hospitals, and patients spent months in the resulting blackout.
#ransomware#healthcare#blackcat - № 26
The CrowdStrike Outage
A single bad sensor configuration shipped by a single endpoint vendor blue-screened 8.5 million Windows machines on a Friday morning in July.
#outage#endpoint#supply-chain - № 27
Operation Cronos: LockBit Takedown
Police across ten countries seized LockBit's leak site and replaced it with their own. The defacement was funnier than anything the gang had ever posted.
#ransomware#law-enforcement#lockbit - № 28
Medibank
When Australia's largest health insurer refused to pay, the attackers published abortion records, addiction histories, and HIV status by way of demonstration.
#ransomware#healthcare#australia - № 29
RSA SecurID 2011
An Excel attachment titled '2011 Recruitment Plan' was opened in HR. Three months later, the hardware tokens used by half the Fortune 500 had to be replaced.
#nation-state#two-factor#supply-chain - № 30
The DNC Hack
Two separate Russian intelligence services had been quietly reading the Democratic National Committee's email for months when the leaks began appearing on WikiLeaks.
#nation-state#election#russia - № 31
The Shadow Brokers
An anonymous group dumped the NSA's offensive toolkit on the public internet, complete with deliberately broken English commentary and pay-per-view auction theatrics.
#nsa#leak#zero-day - № 32
Vault 7
WikiLeaks published roughly nine thousand documents describing CIA hacking tools. The leaker turned out to be a frustrated developer two cubicles away from the source code.
#cia#leak#insider - № 33
The Ukraine Power Grid
Engineers in Kyiv watched their own mouse cursors open breakers in distant substations while a flood of fake calls jammed the customer-service lines.
#ics#ukraine#russia - № 34
Saudi Aramco and Shamoon
A wiper malware named Shamoon turned 30,000 workstations at the world's largest oil company into bricks, and replaced the boot record with a burning American flag.
#wiper#iran#oil - № 35
Capital One 2019
A former AWS engineer noticed a misconfigured firewall in front of a Capital One S3 bucket and walked out with the data of 106 million credit card applicants.
#cloud#aws#waf - № 36
MGM and Caesars 2023
Two of the largest casino operators in the world were taken down by the same group within a week, both via the help desk and a confident phone call.
#ransomware#social-engineering#scattered-spider - № 37
Norsk Hydro
When LockerGoga encrypted the Norwegian aluminum giant's entire IT estate, the company refused to pay and instead invited journalists into the war room.
#ransomware#transparency#manufacturing - № 38
The Athens Affair
For ten months around the Athens Olympics, someone had silently turned on the legal-intercept feature of Vodafone Greece and pointed it at the prime minister.
#wiretap#telecom#olympics - № 39
Hacking Team
A single attacker dumped 400 gigabytes of the Italian spyware company's emails, customer list, and source code, then walked away and did it again to a different vendor a year later.
#spyware#leak#phineas-fisher - № 40
Marriott / Starwood
An intelligence-grade intrusion sat undetected inside Starwood's reservation system for four years, surviving a multi-billion-dollar acquisition by Marriott.
#breach#hospitality#china - № 41
The Uber Cover-Up
Uber's CSO paid the attackers a hundred thousand dollars through the bug-bounty program and called it a 'security research' payment. A jury later disagreed.
#breach#cover-up#bug-bounty - № 42
Microsoft Storm-0558
A Chinese group used a stolen Microsoft signing key to forge tokens for any tenant in the world. Then they read State Department email.
#nation-state#microsoft#identity - № 43
Volt Typhoon
A Chinese intrusion campaign was found sitting quietly inside US water utilities and military logistics networks, doing nothing — apparently waiting to do something.
#nation-state#china#critical-infrastructure - № 44
Operation Triangulation
Kaspersky discovered a zero-click iOS implant on its own employees' iPhones. The exploit chain hinged on an undocumented hardware register hidden inside Apple's CPU.
#spyware#ios#zero-click - № 45
The Bybit Heist
North Korean operators tricked a Safe{Wallet} signer into approving a malicious transaction. One signature moved 1.5 billion dollars of Ether in a single block.
#crypto#lazarus-group#supply-chain - № 46
Maroochy Shire
A rejected job applicant kept his contractor's radio and laptop, drove around an Australian sewage network for months, and remote-released a million liters into the parks and rivers.
#ics#insider#australia - № 47
CCleaner 2017
A trojanized version of a popular Windows cleanup utility was downloaded 2.3 million times. The attackers wanted only twenty of those machines.
#supply-chain#ccleaner#targeted - № 48
Travelex on New Year's Eve
On December 31, 2019, the foreign-exchange chain Travelex took its websites offline 'for planned maintenance'. The maintenance lasted weeks; the ransom was paid in Bitcoin.
#ransomware#sodinokibi#fintech - № 49
JBS Foods
REvil encrypted the systems of the world's largest meat processor and got an $11 million payday before slaughterhouses across two continents could come back online.
#ransomware#food-supply#revil - № 50
T-Mobile, Again
Half a dozen breaches in five years made T-Mobile the case study in what happens when a carrier becomes a habitual loser of customer data.
#telecom#breach#recurrence - № 51
Anthem 2015
An intelligence service walked out of the second-largest US health insurer with 78.8 million records — names, birthdays, addresses, Social Security numbers.
#breach#health-insurance#china - № 52
The OPM Breach
The US Office of Personnel Management held the background-check files of every cleared federal employee in the country. China appears to have taken the lot.
#nation-state#china#federal - № 53
Flame
A twenty-megabyte espionage platform aimed at Iran turned out to be a cousin of Stuxnet — and forged Microsoft's own update signature to spread.
#nation-state#espionage#iran - № 54
Magecart and British Airways
Twenty-two lines of JavaScript injected into a third-party script harvested credit cards from the British Airways checkout for fifteen days.
#web-skimming#magecart#airlines - № 55
Twilio 2022
A phishing SMS sent to Twilio employees opened a door into 130 downstream companies, including Signal and the Authy two-factor app itself.
#supply-chain#phishing#twilio - № 56
Costa Rica vs. Conti
A ransomware crew encrypted the Costa Rican treasury and then escalated. The president declared a national state of emergency in response.
#ransomware#conti#government - № 57
Cellebrite vs. Signal
After Cellebrite added Signal parsing to its forensic device, Moxie Marlinspike said he 'fell off a truck' and found one. Then he reverse-engineered it on stage.
#forensics#signal#vulnerability - № 58
Operation Cleaver
An Iranian group quietly burrowed into airlines, energy companies, telecoms, and a US military contractor, mapping the kind of targets a state would want to keep a key to.
#nation-state#iran#espionage - № 59
Sea Turtle
Iranian operators did not break into their targets. They hijacked the DNS records that pointed visitors at them and intercepted the traffic at the doorstep.
#dns-hijack#iran#infrastructure - № 60
Optus 2022
Australia's second-largest telco lost the personal records of 9.8 million customers — including 1.2 million still-valid passport and driver's license numbers — through an unauthenticated API.
#telecom#api#australia - № 61
Levandowski vs. Waymo
An engineer downloaded 14,000 files on his way out of Google's self-driving program, founded a startup, sold it to Uber, and eventually pled guilty to trade-secret theft.
#insider#trade-secrets#autonomous-vehicles - № 62
ASUS ShadowHammer
A trojanized ASUS Live Update reached half a million customers worldwide. The attackers were only interested in a few hundred MAC addresses.
#supply-chain#asus#targeted - № 63
Log4Shell
A logging library used by half the internet would execute any code you wrote into a chat message. The fix took the world a weekend; the cleanup took years.
#vulnerability#open-source#rce - № 64
Spectre and Meltdown
Two flaws in the way nearly every modern processor predicts the future let any program read memory it was never supposed to see.
#hardware#side-channel#cpu - № 65
Hafnium and ProxyLogon
A Chinese group's Exchange zero-days were quiet until the patch leaked early. Then every ransomware crew on Earth raced the defenders to the same unpatched servers.
#nation-state#exchange#china - № 66
Triton / Trisis
Malware found in a Saudi petrochemical plant did not target production. It targeted the safety system that exists to prevent an explosion.
#ics#safety-system#nation-state - № 67
The PlayStation Network Outage
Seventy-seven million accounts and a 23-day global outage made the 2011 PSN breach the moment console gaming discovered it was a data-custody business.
#breach#gaming#sony - № 68
JPMorgan Chase 2014
One server without two-factor authentication exposed contact data for 76 million households — and turned out to be the front end of a years-long securities fraud.
#breach#banking#fraud - № 69
The Morris Worm
In 1988 a graduate student released a self-replicating program to measure the internet. A bug in its restraint logic instead became the internet's first disaster.
#worm#history#first - № 70
Conficker
A worm built an unprecedented multi-million-machine botnet, an industry coalition formed to fight it — and then the botnet's owners never used it.
#worm#botnet#coordination - № 71
Code Red and SQL Slammer
Two worms a year and a half apart proved a single UDP packet could saturate the global internet in under fifteen minutes.
#worm#history#internet-scale - № 72
Kevin Mitnick
America's most-wanted hacker was caught not by better code but by a rival who took his intrusion personally — and the legend outlived the facts.
#history#social-engineering#law-enforcement - № 73
MafiaBoy
A fifteen-year-old in Montreal knocked Yahoo, Amazon, eBay, CNN, and Dell offline over a single week in February 2000 — and bragged about it in a chat room.
#ddos#history#juvenile - № 74
The Cuckoo's Egg
A 75-cent accounting discrepancy led an astronomer-turned-sysadmin to unmask a hacker selling US military data to the KGB.
#history#espionage#first - № 75
Moonlight Maze
The first major nation-state intrusion campaign against the US ran for years in the late 1990s — and code fingerprints from it resurfaced two decades later.
#nation-state#history#russia - № 76
Titan Rain
Years before 'APT' entered the lexicon, a Chinese campaign was quietly draining defense networks — and the analyst who chased it ended up investigated himself.
#nation-state#china#history - № 77
GhostNet
An investigation into the Dalai Lama's compromised computers uncovered a 1,295-machine espionage network reaching into 103 countries' ministries and embassies.
#espionage#china#surveillance