Chronicles
Latest chronicles
83 chronicles
- № 01
Joker's Stash: The Carding Empire That Closed Itself
Joker's Stash was the largest dark web shop for stolen payment-card data for years, until its operator announced a voluntary shutdown in early 2021.
#carding#payment-fraud#cryptocurrency - № 02
Genesis Market: The Shop That Sold Your Whole Browser
Genesis Market packaged victims' browser fingerprints, cookies, and passwords into bots that bypassed MFA, until Operation Cookie Monster ended it in April 2023.
#account-takeover#stolen-credentials#law-enforcement - № 03
ShadowCrew: The Forum That Taught Crime to Scale
ShadowCrew turned stolen credit cards into a wholesale trade for thousands of members until the Secret Service ran Operation Firewall in October 2004.
#carding#identity-theft#law-enforcement - № 04
Hydra Market: The Russian Bazaar That Laundered Billions
Hydra was the largest Russian-language darknet market, moving drugs, stolen data, and crypto cash-out services worth billions until German police seized its servers in 2022.
#darknet#money-laundering#law-enforcement - № 05
Welcome to Video: The Blockchain That Named the Buyers
Investigators dismantled a dark web abuse-material site by following its Bitcoin payments across the public ledger, turning anonymous transactions into 337 arrests worldwide.
#darknet#bitcoin#law-enforcement - № 06
AlphaBay & Hansa: The Honeypot Waiting on the Other Side
When police seized AlphaBay, the largest darknet market after Silk Road, the fleeing buyers ran straight into Hansa, a rival store the Dutch had already taken over.
#darknet#law-enforcement#operation-bayonet - № 07
Mirai Botnet: The IoT Army That Broke the Internet
The Mirai botnet hijacked hundreds of thousands of default-password IoT devices and, in 2016, knocked Twitter, Reddit, and Spotify offline via DNS provider Dyn.
#botnet#iot#ddos - № 08
Bangladesh Bank Heist: The Typo That Saved a Billion
The Bangladesh Bank heist saw Lazarus-linked hackers steal $81 million over SWIFT in 2016, foiled from a full billion only by a single misspelled word.
#banking#swift#lazarus-group - № 09
Stuxnet: The Worm That Sabotaged Iran's Nuclear Program
A worm built to slip across air gaps, count centrifuges, and rewrite the rules of warfare without firing a shot.
#nation-state#scada#natanz - № 10
NotPetya: The Worm That Crashed the World
A fake ransomware worm flushed through a Ukrainian accounting tool and ate ten billion dollars of global shipping, pharma, and freight in a single afternoon.
#nation-state#ransomware#supply-chain - № 11
Colonial Pipeline: One Password Stopped the Fuel
In 2021 DarkSide ransomware entered Colonial Pipeline through one leaked VPN password, halting half the US East Coast gasoline supply for a week.
#ransomware#darkside#infrastructure - № 12
SolarWinds: The Backdoor Hidden in a Routine Update
SolarWinds shipped a trojanized Orion update that planted the Sunburst backdoor on 18,000 networks, letting Russia's SVR breach US agencies.
#nation-state#supply-chain#svr - № 13
Sony Pictures Hack: When a Comedy Triggered a Wipe
The Sony Pictures hack, tied to North Korea over the film The Interview, wiped the studio and leaked emails, salaries, and unreleased films to the world.
#nation-state#lazarus-group#leak - № 14
Silk Road: The Darknet Empire Caught Logged In
Silk Road was the largest darknet drug market, run by Ross Ulbricht as Dread Pirate Roberts until the FBI seized his open laptop in a San Francisco library.
#darknet#bitcoin#law-enforcement - № 15
Equifax: The Unpatched Server That Bared a Nation
The Equifax breach exploited one unpatched Apache Struts server to exfiltrate the credit records of 147 million Americans, nearly half the country.
#breach#credit-bureau#apache-struts - № 16
Lapsus$: The Teenagers Who Broke Big Tech
Lapsus$ was a Telegram group of teenagers who breached Nvidia, Samsung, Microsoft, Okta, and Uber using MFA fatigue, SIM swaps, and bribed insiders.
#social-engineering#sim-swap#okta - № 17
Twitter Bitcoin Hack: A Teen Who Phoned the Help Desk
The 2020 Twitter Bitcoin hack hijacked verified accounts of Obama, Musk, and Apple after a Florida teen social-engineered Twitter's internal support tools.
#vishing#social-engineering#twitter - № 18
Cambridge Analytica: 87 Million Facebook Profiles
A personality quiz harvested 87 million Facebook profiles that Cambridge Analytica used to micro-target voters in Brexit and the 2016 US election.
#data-broker#facebook#elections - № 19
Mt. Gox: The Exchange That Lost 850,000 Bitcoin
A Tokyo exchange built on top of a Magic: The Gathering trading site briefly handled most of the world's Bitcoin. Then 850,000 coins quietly walked out the door.
#bitcoin#exchange#collapse - № 20
Snowden: The Thumb Drive That Exposed PRISM
Edward Snowden leaked NSA documents exposing PRISM and bulk surveillance, forcing a global reckoning over mass data collection and accelerating encryption.
#whistleblower#nsa#surveillance - № 21
Operation Aurora: When China Hacked Google
China reached into Google's source-code repository looking for the accounts of dissidents. Google reached back by leaving the country.
#nation-state#google#china - № 22
Target 2013: The Breach That Walked In Through HVAC
Target's 2013 breach exposed 40 million payment cards after attackers slipped in through an HVAC contractor's vendor login during the holiday rush.
#retail#pos-malware#supply-chain - № 23
Conti Leaks: A Ransomware Gang Spills Its Files
In 2022, after Conti backed Russia's invasion of Ukraine, a Ukrainian insider leaked two years of the ransomware gang's internal chats and source code.
#ransomware#conti#leak - № 24
Pegasus: The Spyware Governments Aimed at Journalists
Pegasus, NSO Group's zero-click spyware, surfaced in a leak of fifty thousand numbers tying governments to surveillance of journalists and dissidents.
#spyware#nso#human-rights - № 25
Kaseya: The Holiday Weekend REvil Locked 1,500 Firms
REvil exploited Kaseya VSA over the July 4th weekend, cascading ransomware through managed service providers to roughly 1,500 downstream businesses.
#ransomware#supply-chain#msp - № 26
Ashley Madison: The Affair Site Hacked Into the Open
In 2015 The Impact Team breached affair site Ashley Madison and, after its ultimatum was ignored, leaked 32 million users onto public torrents.
#leak#extortion#social-impact - № 27
Heartbleed: The OpenSSL Typo That Bled the Web
Heartbleed was a tiny OpenSSL flaw that let anyone read 64KB of server memory at a time, leaking passwords and private keys across two-thirds of the web.
#openssl#vulnerability#infrastructure - № 28
WannaCry: The Worm That Froze Hospitals Worldwide
WannaCry, a 2017 North Korean worm wielding the leaked NSA EternalBlue exploit, froze UK hospitals until a researcher accidentally tripped its kill switch.
#ransomware#eternalblue#lazarus-group - № 29
Yahoo Breaches: Three Billion Accounts and a Hidden Bill
The Yahoo breaches compromised three billion accounts across 2013 and 2014, and the delayed disclosure forced Verizon to cut $350 million off its acquisition.
#breach#yahoo#acquisition - № 30
MOVEit: The Zero-Day Cl0p Used to Strip Thousands
A managed file-transfer tool sat between thousands of organizations and their payroll providers. The Cl0p gang found a zero-day in it and stripped them all in a weekend.
#ransomware#zero-day#supply-chain - № 31
Change Healthcare: Ransomware Froze US Claims
In 2024 ALPHV/BlackCat ransomware crippled Change Healthcare, the clearinghouse behind a third of US medical claims, stranding pharmacies for months.
#ransomware#healthcare#blackcat - № 32
CrowdStrike Outage: The Update That Crashed the World
The CrowdStrike outage of July 2024 saw one bad Falcon update blue-screen 8.5 million Windows machines, grounding flights and freezing hospitals worldwide.
#outage#endpoint#supply-chain - № 33
LockBit Takedown: Police Seized the Gang's Stage
Operation Cronos took down LockBit as police from ten countries seized the leak site of the most prolific ransomware brand and mocked its leaders publicly.
#ransomware#law-enforcement#lockbit - № 34
Medibank: When Refusing to Pay Cost Patients Their Privacy
When Australia's largest health insurer refused to pay, the attackers published abortion records, addiction histories, and HIV status by way of demonstration.
#ransomware#healthcare#australia - № 35
RSA SecurID: The Breach That Forged Token Keys
RSA SecurID was breached when a phishing email reached HR, forcing replacement of the hardware tokens used by much of the Fortune 500 and Lockheed Martin.
#nation-state#two-factor#supply-chain - № 36
DNC Hack: When Two Russian Bears Shared a Network
The DNC hack saw Russia's SVR and GRU read Democratic emails for months, then weaponize them through Guccifer 2.0 and WikiLeaks before the 2016 US election.
#nation-state#election#russia - № 37
The Shadow Brokers: The Leak That Freed NSA Exploits
The Shadow Brokers dumped the NSA's offensive toolkit online, leaking EternalBlue and the exploits that later powered WannaCry and NotPetya.
#nsa#leak#zero-day - № 38
Vault 7: The Insider Who Leaked the CIA's Hacking Tools
Vault 7 was WikiLeaks' 2017 release of roughly nine thousand documents on the CIA's hacking tools, leaked by a frustrated engineer inside the agency itself.
#cia#leak#insider - № 39
Ukraine Power Grid: The First Blackout Caused by Hackers
The Ukraine power grid attack of 2015 cut electricity to 230,000 people as Russian hackers seized substation controls, the first blackout caused by a cyberattack.
#ics#ukraine#russia - № 40
Shamoon: The Wiper That Bricked 30,000 Aramco PCs
Shamoon was a wiper that bricked 30,000 workstations at Saudi Aramco, overwriting boot records with a burning flag in an attack attributed to Iran.
#wiper#iran#oil - № 41
Capital One Breach: 106 Million Records via SSRF
In 2019 a former AWS engineer abused a misconfigured WAF to reach Capital One S3 buckets and steal data on 106 million credit-card applicants.
#cloud#aws#waf - № 42
MGM and Caesars: The Phone Call That Closed the Casinos
Two of the largest casino operators in the world were taken down by the same group within a week, both via the help desk and a confident phone call.
#ransomware#social-engineering#scattered-spider - № 43
Norsk Hydro: The Ransomware Victim Who Went Public
When LockerGoga encrypted the Norwegian aluminum giant's entire IT estate, the company refused to pay and instead invited journalists into the war room.
#ransomware#transparency#manufacturing - № 44
The Athens Affair: Wiretapping a Prime Minister
Around the 2004 Athens Olympics, intruders quietly switched on Vodafone Greece lawful-intercept to wiretap the prime minister and a hundred officials.
#wiretap#telecom#olympics - № 45
Hacking Team: 400GB of a Spyware Firm, Leaked
Phineas Fisher dumped 400GB of Italian spyware firm Hacking Team's emails, customer list, and source code, exposing its sales to repressive regimes.
#spyware#leak#phineas-fisher - № 46
Marriott: Four Years Inside Starwood's Reservations
An intelligence-grade intrusion sat undetected inside Starwood's reservation system for four years, surviving a multi-billion-dollar acquisition by Marriott.
#breach#hospitality#china - № 47
Uber 2016: The Breach Cover-Up That Convicted a CSO
Uber's 2016 breach exposed 57 million people, then its CSO hid it as a bug-bounty payout, earning the first US criminal conviction of a security chief.
#breach#cover-up#bug-bounty - № 48
Storm-0558: The Stolen Key That Forged Any Token
A Chinese group used a stolen Microsoft signing key to forge tokens for any tenant in the world. Then they read State Department email.
#nation-state#microsoft#identity - № 49
Volt Typhoon: China's Quiet Bet on US Infrastructure
Volt Typhoon is a Chinese campaign found in 2023 prepositioned inside US water, power, and military networks, apparently staged for sabotage in a future conflict.
#nation-state#china#critical-infrastructure - № 50
Operation Triangulation: The Zero-Click iPhone Spy Chain
Kaspersky discovered a zero-click iOS implant on its own employees' iPhones. The exploit chain hinged on an undocumented hardware register hidden inside Apple's CPU.
#spyware#ios#zero-click - № 51
Bybit Hack: The 1.5 Billion Dollar Crypto Heist
In 2025 North Korea's Lazarus Group tricked a Bybit signer via a poisoned Safe{Wallet} interface, moving 1.5 billion dollars of Ether in one block.
#crypto#lazarus-group#supply-chain - № 52
Maroochy Shire: The Insider Who Spilled the Sewers
A rejected job applicant kept his contractor's radio and laptop, drove around an Australian sewage network for months, and remote-released a million liters into the parks and rivers.
#ics#insider#australia - № 53
CCleaner Attack: 2.3 Million Hosts, 40 Targets
In 2017 a trojanized CCleaner build reached 2.3 million Windows PCs, but its second stage was delivered to fewer than 40 tech-company targets.
#supply-chain#ccleaner#targeted - № 54
Travelex: The Ransomware That Ruined New Year's Eve
Travelex was crippled on New Year's Eve 2019 by Sodinokibi ransomware through an unpatched VPN flaw, paying roughly $2.3 million in Bitcoin to recover.
#ransomware#sodinokibi#fintech - № 55
JBS Foods: The Ransomware That Halted Meat
The JBS Foods attack saw REvil ransomware shut the world's largest meat processor across two continents and extract an 11 million dollar Bitcoin ransom.
#ransomware#food-supply#revil - № 56
T-Mobile Breaches: A Carrier That Kept Losing Your Data
T-Mobile suffered breaches in 2018 through 2023, including a 2021 hack of 54 million customers, making it the case study in serial carrier data loss.
#telecom#breach#recurrence - № 57
Anthem Breach: 78.8 Million Health Records Stolen
In 2015 a nation-state intrusion at health insurer Anthem exposed 78.8 million records, including Social Security numbers, dates of birth and addresses.
#breach#health-insurance#china - № 58
OPM Breach: When China Took Every Clearance File
The US Office of Personnel Management held the background-check files of every cleared federal employee in the country. China appears to have taken the lot.
#nation-state#china#federal - № 59
Flame: The Spy Malware That Forged Microsoft
Flame was a 20-megabyte espionage platform aimed at Iran that forged a Microsoft update certificate to spread and proved to be a cousin of Stuxnet.
#nation-state#espionage#iran - № 60
Magecart: The Skimmer Hidden in British Airways
Twenty-two lines of JavaScript injected into a third-party script harvested credit cards from the British Airways checkout for fifteen days.
#web-skimming#magecart#airlines - № 61
Twilio 2022: One Phished SMS, 130 Companies Exposed
Twilio's 2022 breach began with phishing SMS to employees and cascaded into 130 downstream firms, including Signal and the Authy two-factor app itself.
#supply-chain#phishing#twilio - № 62
Costa Rica vs. Conti: Ransomware Triggers Emergency
In 2022 Conti ransomware paralyzed Costa Rica's finance ministry and beyond, prompting the president to declare the first national cyber emergency.
#ransomware#conti#government - № 63
Cellebrite vs. Signal: A Forensic Tool Undone
After Cellebrite claimed it could parse Signal, Moxie Marlinspike reverse-engineered its forensic device and found code-execution bugs that taint its reports.
#forensics#signal#vulnerability - № 64
Operation Cleaver: Iran's Quiet Turn to Persistent Access
Operation Cleaver was an Iranian campaign that burrowed into airlines, energy firms, telecoms, and a US military contractor, mapping critical infrastructure footholds.
#nation-state#iran#espionage - № 65
Sea Turtle: The DNS Hijack That Skipped the Front Door
Sea Turtle was an Iranian DNS-hijacking campaign that seized registrars to reroute and intercept traffic for governments and telecoms across three regions.
#dns-hijack#iran#infrastructure - № 66
Optus 2022: How One Open API Exposed a Nation
Australia's second-largest telco lost the personal records of 9.8 million customers — including 1.2 million still-valid passport and driver's license numbers — through an unauthenticated API.
#telecom#api#australia - № 67
Levandowski vs. Waymo: 14,000 Stolen Files
Anthony Levandowski took 14,000 files from Google's self-driving program, sold his startup to Uber, and pled guilty to trade-secret theft against Waymo.
#insider#trade-secrets#autonomous-vehicles - № 68
ShadowHammer: ASUS Updates Hijacked to Hunt 600 PCs
Operation ShadowHammer pushed a signed, trojanized ASUS Live Update to half a million PCs to reach roughly 600 specific MAC addresses.
#supply-chain#asus#targeted - № 69
Log4Shell: The Log Line That Broke the Internet
A logging library used by half the internet would execute any code you wrote into a chat message. The fix took the world a weekend; the cleanup took years.
#vulnerability#open-source#rce - № 70
Spectre and Meltdown: The Flaws Baked Into Silicon
Spectre and Meltdown were CPU flaws in speculative execution that let any program read protected memory, affecting nearly every processor of the prior two decades.
#hardware#side-channel#cpu - № 71
ProxyLogon: The Exchange Zero-Day Feeding Frenzy
ProxyLogon let Chinese group Hafnium quietly raid Exchange servers, until the patch leaked and criminal crews mass-exploited tens of thousands worldwide.
#nation-state#exchange#china - № 72
Triton: The Malware Built to Kill a Safety System
Triton, found in a Saudi petrochemical plant in 2017, was the first malware engineered to disable the safety systems that exist to prevent an explosion.
#ics#safety-system#nation-state - № 73
PSN 2011: The 23-Day Outage That Grew Up Gaming
Seventy-seven million accounts and a 23-day global outage made the 2011 PSN breach the moment console gaming discovered it was a data-custody business.
#breach#gaming#sony - № 74
JPMorgan 2014: One Server, 76 Million Households
The JPMorgan Chase 2014 breach exploited one server missing two-factor auth to expose 76 million households and seed a years-long securities fraud scheme.
#breach#banking#fraud - № 75
The Morris Worm: The Internet's First Disaster
In 1988 a graduate student released a self-replicating program to measure the internet. A bug in its restraint logic instead became the internet's first disaster.
#worm#history#first - № 76
Conficker: The Botnet That Was Never Fired
From 2008 the Conficker worm built a botnet of millions of PCs and spurred an industry coalition to fight it, yet its operators never weaponized it.
#worm#botnet#coordination - № 77
SQL Slammer: The Worm That Saturated the Internet
Code Red in 2001 and SQL Slammer in 2003 proved a single UDP packet worm could saturate the global internet in under fifteen minutes.
#worm#history#internet-scale - № 78
Kevin Mitnick: The Hacker the Myth Outran
Kevin Mitnick, America's most-wanted hacker, was caught in 1995 by rival Tsutomu Shimomura and became the face of social engineering as the real attack surface.
#history#social-engineering#law-enforcement - № 79
MafiaBoy: The Teenager Who Took the Web Offline
A fifteen-year-old in Montreal knocked Yahoo, Amazon, eBay, CNN, and Dell offline over a single week in February 2000 — and bragged about it in a chat room.
#ddos#history#juvenile - № 80
The Cuckoo's Egg: A 75-Cent Trail to the KGB
Cliff Stoll chased a 75-cent accounting glitch at Berkeley and unmasked Markus Hess, a German hacker selling US military secrets to the Soviet KGB.
#history#espionage#first - № 81
Moonlight Maze: The Espionage That Outlived Decades
The first major nation-state intrusion campaign against the US ran for years in the late 1990s — and code fingerprints from it resurfaced two decades later.
#nation-state#history#russia - № 82
Titan Rain: The First Great Chinese Cyber-Espionage Wave
Titan Rain was an early-2000s Chinese campaign that quietly drained US defense and NASA networks, and the analyst who traced it back to China was fired for it.
#nation-state#china#history - № 83
GhostNet: The Spy Web Inside 103 Countries
GhostNet began with the Dalai Lama's bugged computers and exposed a 1,295-machine espionage network inside the ministries and embassies of 103 countries.
#espionage#china#surveillance