Skip to content
All topics

Nation-State & Cyberwar

State-sponsored hacking, sabotage and cyberwar — from Stuxnet to SolarWinds, the operations where geopolitics met code.

  1. 01

    Stuxnet: The Worm That Sabotaged Iran's Nuclear Program

    A worm built to slip across air gaps, count centrifuges, and rewrite the rules of warfare without firing a shot.

  2. 02

    NotPetya: The Worm That Crashed the World

    A fake ransomware worm flushed through a Ukrainian accounting tool and ate ten billion dollars of global shipping, pharma, and freight in a single afternoon.

  3. 03

    SolarWinds: The Backdoor Hidden in a Routine Update

    SolarWinds shipped a trojanized Orion update that planted the Sunburst backdoor on 18,000 networks, letting Russia's SVR breach US agencies.

  4. 04

    Sony Pictures Hack: When a Comedy Triggered a Wipe

    The Sony Pictures hack, tied to North Korea over the film The Interview, wiped the studio and leaked emails, salaries, and unreleased films to the world.

  5. 05

    Operation Aurora: When China Hacked Google

    China reached into Google's source-code repository looking for the accounts of dissidents. Google reached back by leaving the country.

  6. 06

    RSA SecurID: The Breach That Forged Token Keys

    RSA SecurID was breached when a phishing email reached HR, forcing replacement of the hardware tokens used by much of the Fortune 500 and Lockheed Martin.

  7. 07

    DNC Hack: When Two Russian Bears Shared a Network

    The DNC hack saw Russia's SVR and GRU read Democratic emails for months, then weaponize them through Guccifer 2.0 and WikiLeaks before the 2016 US election.

  8. 08

    The Shadow Brokers: The Leak That Freed NSA Exploits

    The Shadow Brokers dumped the NSA's offensive toolkit online, leaking EternalBlue and the exploits that later powered WannaCry and NotPetya.

  9. 09

    Ukraine Power Grid: The First Blackout Caused by Hackers

    The Ukraine power grid attack of 2015 cut electricity to 230,000 people as Russian hackers seized substation controls, the first blackout caused by a cyberattack.

  10. 10

    Shamoon: The Wiper That Bricked 30,000 Aramco PCs

    Shamoon was a wiper that bricked 30,000 workstations at Saudi Aramco, overwriting boot records with a burning flag in an attack attributed to Iran.

  11. 11

    Storm-0558: The Stolen Key That Forged Any Token

    A Chinese group used a stolen Microsoft signing key to forge tokens for any tenant in the world. Then they read State Department email.

  12. 12

    Volt Typhoon: China's Quiet Bet on US Infrastructure

    Volt Typhoon is a Chinese campaign found in 2023 prepositioned inside US water, power, and military networks, apparently staged for sabotage in a future conflict.

  13. 13

    CCleaner Attack: 2.3 Million Hosts, 40 Targets

    In 2017 a trojanized CCleaner build reached 2.3 million Windows PCs, but its second stage was delivered to fewer than 40 tech-company targets.

  14. 14

    OPM Breach: When China Took Every Clearance File

    The US Office of Personnel Management held the background-check files of every cleared federal employee in the country. China appears to have taken the lot.

  15. 15

    Flame: The Spy Malware That Forged Microsoft

    Flame was a 20-megabyte espionage platform aimed at Iran that forged a Microsoft update certificate to spread and proved to be a cousin of Stuxnet.

  16. 16

    Operation Cleaver: Iran's Quiet Turn to Persistent Access

    Operation Cleaver was an Iranian campaign that burrowed into airlines, energy firms, telecoms, and a US military contractor, mapping critical infrastructure footholds.

  17. 17

    Sea Turtle: The DNS Hijack That Skipped the Front Door

    Sea Turtle was an Iranian DNS-hijacking campaign that seized registrars to reroute and intercept traffic for governments and telecoms across three regions.

  18. 18

    ShadowHammer: ASUS Updates Hijacked to Hunt 600 PCs

    Operation ShadowHammer pushed a signed, trojanized ASUS Live Update to half a million PCs to reach roughly 600 specific MAC addresses.

  19. 19

    ProxyLogon: The Exchange Zero-Day Feeding Frenzy

    ProxyLogon let Chinese group Hafnium quietly raid Exchange servers, until the patch leaked and criminal crews mass-exploited tens of thousands worldwide.

  20. 20

    Triton: The Malware Built to Kill a Safety System

    Triton, found in a Saudi petrochemical plant in 2017, was the first malware engineered to disable the safety systems that exist to prevent an explosion.

  21. 21

    The Cuckoo's Egg: A 75-Cent Trail to the KGB

    Cliff Stoll chased a 75-cent accounting glitch at Berkeley and unmasked Markus Hess, a German hacker selling US military secrets to the Soviet KGB.

  22. 22

    Moonlight Maze: The Espionage That Outlived Decades

    The first major nation-state intrusion campaign against the US ran for years in the late 1990s — and code fingerprints from it resurfaced two decades later.

  23. 23

    Titan Rain: The First Great Chinese Cyber-Espionage Wave

    Titan Rain was an early-2000s Chinese campaign that quietly drained US defense and NASA networks, and the analyst who traced it back to China was fired for it.

  24. 24

    GhostNet: The Spy Web Inside 103 Countries

    GhostNet began with the Dalai Lama's bugged computers and exposed a 1,295-machine espionage network inside the ministries and embassies of 103 countries.