Cybersecurity: Selected Cyberattacks, 2012-2021

Cybersecurity: Selected Cyberattacks,
November 22, 2021
2012-2021
Chris Jaikaran
Many Members of Congress have raised concerns over the frequency, types, and impacts of
Analyst in Cybersecurity
cyber incidents during hearings, speeches, and in legislation. Cyber incidents affect nearly every
Policy
national entity, from federal and state government agencies to private companies and individuals.

One course of action to stymie attacks has been to investigate who the adversaries are that
conduct cyberattacks, what types of activities they conduct online, and how the U.S. government

can identify them. To assist with Congress’s understanding of cyberattacks, this report describes
attribution in cyberspace, confidence of attribution, and common types of cyberattack. Listed in this report are two categories
of cyberattacks by foreign adversaries against entities in the United States: 23 cyberattack campaigns that the federal
government has attributed to actors operating on behalf of other nation-states, and 30 cyberattacks the government has
attributed to criminal actors seeking personal gain.
In investigating cyber incidents, the U.S. government attempts to unmask those behind the incident and attribute it as an
attack. Attributing cyberattacks is difficult, but not impossible. Officials seek to develop a comprehensive understanding of
the cyber incident not just from the victim, but also by corroborating that information with other government and private
sector evidence to make a claim of attribution. While a process exists to repeatedly and consistently develop a claim of
attribution and a confidence level in it, adversaries take steps to complicate these efforts by obfuscating and removing any
trace of their activity, and using new infrastructure to make it difficult to track attack campaigns.
Nation-states are some of the most sophisticated actors that conduct cyberattacks. The Director of National Intelligence is
required annually to deliver to Congress an assessment from the intelligence community on worldwide threats. Recent
assessments have highlighted cyberspace as an area of strategic concern, with Russia, China, Iran, and North Korea as the
leading threat actors. Attacks from these countries include spying on government agencies by accessing agency computers,
stealing sensitive information from public and private sector entities in the United States, stealing intellectual property, and
destroying or potentially destroying computer equipment.
Cyber criminals are less resourced than nation-state actors and are less likely to employ novel and cutting-edge techniques in
campaigns, yet their attacks are often highly effective. Most criminals are financially motivated and use cyberspace as a
medium for conducting profit-bearing schemes. However, gaining money is not a requirement for illicit activity.
Cyberattacks against victims in the United States from actors located abroad include compromising computers to create and
maintain botnets, business email compromise schemes, hack and release campaigns, and ransomware attacks.
Congressional Research Service


link to page 4 link to page 4 link to page 6 link to page 7 link to page 8 link to page 17 link to page 9 link to page 18 link to page 24 Cybersecurity: Selected Cyberattacks, 2012-2021

Contents
Introduction ................................................................................................................... 1
Attribution ..................................................................................................................... 1
Common Cyberattack Terms ............................................................................................. 3
Methodology .................................................................................................................. 4
Nation-State Cyberattacks ................................................................................................ 5
Foreign Criminal Cyberattacks ........................................................................................ 14

Tables
Table 1. Selected Cyberattack Campaigns Attributed to Nation States ..................................... 6
Table 2. Selected Criminal Cyberattacks ........................................................................... 15

Contacts
Author Information ....................................................................................................... 21


Congressional Research Service


Cybersecurity: Selected Cyberattacks, 2012-2021

Introduction
The frequency, type, and impact of cyber incidents against and in the United States continues to
grow.1 In an effort to address this chal enge, policymakers are considering a variety of solutions,
such as denying opportunities for successful attacks by improving defenses and deterring
adversaries from engaging in disruptive activities in cyberspace. As Congress considers options
for deterrence, knowledge of known adversaries, the types of activities they conduct online, and
how they are identified by the U.S. government may inform the debate. With this information,
policymakers may gain a greater understanding of the risks that the nation and specific sectors
face.
This report describes selected cyberattacks against entities in the United States which were
discovered or ended within the past 10 years (even if the activity was observed earlier) and
includes information on claims of attribution in cyberspace, confidence of attribution, and
common types of cyberattack. Listed in this report are two categories of cyberat acks: 23
cyberattack campaigns that the government has attributed to actors operating on behalf of a
nation-state, and 30 cyberattacks the government has attributed to criminal actors seeking
personal gain.
Attribution
Attributing a cyberattack is difficult, but not impossible. Government investigators seek to
develop a comprehensive understanding of cyber incidents from not just the victim but also by
corroborating information in order to make claims of attribution.
First, investigators look at the attributes of the event itself, such as the tradecraft employed by the
adversary (i.e., techniques, tactics, and procedures used to carry out the attack), any malware used
(i.e., the type of the software that exploited a vulnerability for access), and the features of the
attack (e.g., logging key stokes or encrypting data). Then investigators seek to discover the
infrastructure used to carry out the attack (e.g., the command and control servers communicating
with the malware). They wil combine this information with government and industry analysis on
an attacker’s intent (e.g., reasons for targeting a particular victim) and information from external
sources (e.g., cybersecurity firm reports, think tank analysis, and news media).2 In analyzing this
information, investigators wil seek to minimize human error, substantiate hypotheses among
various sources, and entertain competing theories of attribution. Final y, investigators typical y
provide their assessment and a confidence level.
High confidence reflects an assessment that investigators believe beyond a
reasonable doubt and without a viable alternative that the attributed party is
responsible for the attack.
Moderate confidence means that investigators believe that the evidence is clear
and convincing, but alternatives are possible.
Low confidence is used when evidence points to a particular actor, but there are
significant information gaps.3

1 Statista, U.S. Companies and Cyber Crime, 2021, https://www.statista.com/study/12881/smb-and-cyber-crime-in-the-
united-states-statista-dossier/.
2 Office of the Director of National Intelligence, A Guide to Cyber Attribution, report, September 14, 2018, at
https://www.dni.gov/files/CT IIC/documents/ODNI_A_Guide_to_Cyber_Attribution.pdf.
3 Ibid.
Congressional Research Service

1

Cybersecurity: Selected Cyberattacks, 2012-2021

Developing a claim of attribution remains difficult despite having a process to determine
attribution and a system for articulating confidence in a claim. For example, sophisticated actors
continue to develop and deploy novel techniques and establish new infrastructure for different
attacks, which may make it difficult to track known activity from one attack to another.
Additional y, they wil seek to obfuscate their activity as legitimate and remove records of their
actions on a network.
Claims of attribution appear in a variety of sources. The authoritativeness of these sources exist
on a spectrum. At the highest level of authority are primary sources, fol owed by secondary
sources, supposed sources, and, final y, conjecture being the least authoritative. With regards to
cyberattack attribution:
Primary sources include statements by a U.S. government entity. A court finding
that a party was guilty of committing the attack—usual y by violating the
Computer Fraud and Abuse Act4 or the Economic Espionage Act5—is the most
authoritative. A grand jury indictment is slightly less authoritative. An official
statement by a government official (e.g., a press briefing by the National Security
Advisor) providing attribution to a party is the least authoritative of the primary
sources. Evidence of why a primary source believes a party is responsible for an
attack is usual y included in public documentation along with the claim and can
be further examined (e.g., an unsealed indictment).
Secondary sources include claims by non-governmental entities. These
attributions frequently come from a cybersecurity firm releasing research on an
adversary or attack campaign. These claims usual y include research into the
tradecraft, malware, infrastructure, and intent of a campaign or attack. Secondary
sources usual y include evidence to support their claims. However, private
entities usual y do not have access to classified government information (e.g.,
signals intel igence), which can further corroborate a claim of attribution.
Cybersecurity firms have general y avoided attributing attacks to nation-states.
Instead, a firm wil attribute an attack to an actor set that the firm is tracking.
These actor sets are sometimes referred to as an Advanced Persistent Threat
(APT) or by a codename used for that company’s research.
Supposed sources are predominantly composed of statements reported by
mainstream news media. These statements are frequently attributed to
unidentified government officials and corroborated with other primary or
secondary sources. However, these statements cannot otherwise be independently
examined.
Conjecture includes claims by victims that a certain party is responsible for an
attack, or claims on social media platforms of attribution. These statements rarely
include evidence or provide analysis.

4 18 U.S.C. §1030. For more information on the Computer Fraud and Abuse Act, see CRS Report R46536, Cybercrime
and the Law: Com puter Fraud and Abuse Act (CFAA) and the 116th Congress
, by Peter G. Berris.
5 18 U.S.C. §§1831-1832. For more information on the Economic Espionage Act, see CRS Report R42681, Stealing
Trade Secrets and Econom ic Espionage: An Overview of the Econom ic Espionage Act
, by Charles Doyle.
Congressional Research Service

2

Cybersecurity: Selected Cyberattacks, 2012-2021

Common Cyberattack Terms
“Cyberattack” is a broad term for a variety of malicious actions against information and
communications technologies. Below are a selection of common cyberattacks (in alphabetical
order).
Botnet: A portmanteau of “robot” and “network” which refers to a collection of computers for
which control has been seized by one or more unauthorized parties. Once an unauthorized party
controls an individual computer, they may then connect it to other computers in their control to
create a pool of computing resources (e.g., network bandwidth or processing power). Botnets are
used to further il icit activity online, such as distributing malware and surreptitiously mining
cryptocurrencies.
Business Email Compromise: A scam in which an attacker creates an email address (usual y of a
high ranking official in an organization) and alters the identifying information of that email to make
it appear to come from the organization (e.g., changing the name associated with the email address).
Typical y, scammers then email members of that organization with urgent needs for funds to be
transferred. These are sometimes under the guise of paying past due invoices. However, the
invoices are fraudulent and the accounts where the funds are to be transferred belong to the
scammers.
Denial of Service (DOS) or Distributed Denial of Service (DDOS): A DOS attack inhibits an
authorized user’s ability to access a resource (e.g., a website) by overwhelming that resource with
unauthorized requests (e.g., more requests to load a webpage than it was built to support). DDOS
attacks are more common and use many hosts to attack a single resource (e.g., a network of
malware-infected computers—a botnet—sending junk web traffic to a single service provider).
Hack and Leak: An attack in which an unauthorized party gains access to a sensitive data store
and exfiltrates (steals) the data. Once the sensitive data is in their control, the attacker either
releases the data in an effort to expose or embarrass the victim or contacts the victim and
demands a ransom in order to not release the data.
Phishing: An attack which attempts to gain access to a system by tricking authorized users into
engaging with malicious computer code. Frequently, this attack is carried out by combining an
email which uses social-engineering (i.e., an attempt to manipulate someone into revealing
information or taking some action) with a malicious web link or attachment. When the web link is
clicked or attachment opened, the device downloads and executes malware.
Malware: A portmanteau of “malicious” and “software” which refers to software and firmware
intentional y added to an information technology (IT) product and designed to cause harm to the
IT product or its data. There are many ways malware can be added to a product, such as from an
inserted USB drive or downloaded from the internet. Data may be harmed by making it no longer
private (i.e., compromising its confidentiality), manipulating it (i.e., compromising its integrity),
or deleting it (i.e., compromising its availability).
Malvertising: A portmanteau of “malicious” and “advertising.” This attack uses online
advertising networks to spread malware and compromise computer systems. Malvertisers buy ad-
space and inject malware into those ads in an effort to easily spread it online. When a user visits a
website, they may be presented with the ad and download the malicious code via a legitimate
advertising network. If the code downloads and successfully executes, then the computer
succumbs to malware. General y, neither the website delivering the ad nor the advertising
networks are aware of the malicious code being delivered.
Congressional Research Service

3

link to page 4 Cybersecurity: Selected Cyberattacks, 2012-2021

Man-in-the-Middle (MitM): An attack where a malicious actor seeks to insert itself between
two computers in an effort to access the communications between those computers, usual y in an
effort to eavesdrop between the users of those computers (either directly, or by intercepting
encryption keys so that encrypted text may be decrypted).
Ransomware: A portmanteau of “ransom” and “malware.” Ransomware attacks seek to deny
users access to data and IT systems by encrypting files and systems—thus, locking out users.
Perpetrators usual y extort victims for payment, typical y in cryptocurrency, to decrypt the
system. Recently, such attacks have been coupled with data breaches in which perpetrators also
steal data from their victims. In addition to locking the computer systems, the perpetrators
typical y notify victims that they have copies of their data and wil release sensitive information
unless a ransom is paid, potential y extorting them twice. A triple extortion may occur if the
perpetrators contact a company’s clients to tel them about the attack in an effort to pressure the
victim to pay the ransom or risk harming their future business prospects.
Supply Chain Attack: An attack in which an adversary inserts an unauthorized physical or
software component into a product in order to surreptitiously access data or manipulate a system.
These attacks can occur during any phase of a product lifecycle (e.g., development, shipping, or
updating).6
Zero-Day: An attack that exploits a previously unknown vulnerability in an IT product. This type
of attack is particularly dangerous because until it is noticed, there is usual y no defense against it.
This attack is sometimes written as “0-Day” and sometimes pronounced “oh-day.”
These attacks may be used alone or in conjunction to conduct a variety of computer network
operations (CNO), such as computer network exploitation (CNE) for the purposes of espionage or
computer network attack (CNA) to disrupt a targeted victim.
Methodology
To develop the list of attacks, CRS considered only primary sources (explained further in the
“Attribution” section). CRS searched for public statements on U.S. government websites
belonging to the Department of Defense (DOD), the Department of Homeland Security (DHS),
the Department of Justice (DOJ), the Office of the Director of National Intel igence (ODNI), and
the Cybersecurity and Infrastructure Security Agency (CISA). Search terms (e.g., “cyber” and
“state-sponsored”) and topic filters (e.g., “national security” and “cybersecurity”) were used to
refine search results.
The results reflect the cybersecurity and legal communities’ broad public understanding of
responsible parties, but should not be considered comprehensive. DOJ’s website only publishes
press releases from 2009 onward, limiting the number of available press releases and indictments
available for the search. There may be additional indictments that are not publicized but unsealed
and available in court proceeding databases. Those documents are not searchable and accessible
via the public internet, and are therefore not included in these results. Additional y, government
officials may attribute a particular campaign to a nation-state actor or criminal group, but have
not made evidence or corroborating information available (e.g., a list of victims or naming a
specific actor in country). Such instances are not included in this list.
Tables are organized by attack and campaign year. The country of origin and entity responsible
for a particular attack or campaign are listed next to it, followed by a short description. Colloquial

6 For more information, see CRS In Focus IF10920, Cyber Supply Chain Risk Management: An Introduction , by Chris
Jaikaran.
Congressional Research Service

4

link to page 9 Cybersecurity: Selected Cyberattacks, 2012-2021

country names and abbreviations for the perpetrating entity are used in the tables. Full names are
provided in the table notes. Further information is available in the citation provided for each row.
In some cases, many individual attacks were combined in a single indictment against actors
working in a single campaign. Nation-state campaigns are identified by their Advanced Persistent
Threat (APT) identifier, as those are commonly used monikers in the cybersecurity community.
Other inventories of cyberattacks have many more incidents.7 These inventories use different
methodologies which have different criteria for attribution confidence and include unidentified
victims and victims outside the United States.
Nation-State Cyberattacks
The Director of National Intel igence is required annual y to deliver to Congress an assessment
from the intel igence community on worldwide threats.8 Recent assessments have highlighted
cyberspace as an area of strategic concern, with Russia,9 China,10 Iran,11 and North Korea12 as the
leading threat actors.13 Table 1 lists 23 selected cyberattack campaigns against the United States
attributed to nation-state actors operating on behalf of a country. These attacks include spying on
government agencies by accessing agency computers, stealing sensitive information from public
and private sector entities in the United States to undermine confidence in those entities, stealing
intel ectual property to bolster national companies, and destroying or potential y destroying
computer equipment.


7 For examples, see Center for Strategic and International Studies, “Significant Cyber Incidents,” website, 2021, at
https://www.csis.org/programs/strategic-technologies-program/significant -cyber-incidents; and Council on Foreign
Relations, “Cyber Operations T racker,” website, 2021, at https://www.cfr.org/cyber-operations/.
8 50 U.S.C. §3043b.
9 For more information, see CRS In Focus IF11718, Russian Cyber Units, by Andrew S. Bowen. For technical
information, see Cybersecurity and Infrastructure Security Agency, “Russia Cyber T hreat Overview and Advisories,”
website, at https://us-cert.cisa.gov/russia.
10 For more information, see CRS In Focus IF11284, U.S.-China Trade Relations, by Karen M. Sutter. For technical
information, see Cybersecurity and Infrastructure Security Agency, “China Cyber T hreat Overview and Advisories,”
website, at https://us-cert.cisa.gov/china.
11 For more information, see CRS In Focus IF11406, Iranian Offensive Cyberattack Capabilities, by Catherine A.
T heohary. For technical information, see Cybersecurity and Infrastructure Security Agency, “ Iran Cyber T hreat
Overview and Advisories,” website, at https://us-cert.cisa.gov/iran.
12 For more information, see CRS Report R44912, North Korean Cyber Capabilities: In Brief, by Emma Chanlett -
Avery et al. For technical information, see Cybersecurity and Infrastructure Security Agency, “ North Korea Cyber
T hreat Overview and Advisories,” website, at https://us-cert.cisa.gov/northkorea.
13 For examples, see Avril Haines, Annual Threat Assessment, remarks as prepared, April 14, 2021, at
https://www.dni.gov/files/documents/Newsroom/T estimonies/2021-04-14-ATA-Opening-Statement-FINAL.pdf; and
James R. Clapper, Worldwide Threat Assessm ent of the U.S. Intelligence Com m unity, statement for the record,
February 25, 2016, at https://www.dni.gov/files/documents/Newsroom/T estimonies/
HPSCI_Unclassified_2016_AT A_SFR-25Feb16.pdf.
Congressional Research Service

5


Table 1. Selected Cyberattack Campaigns Attributed to Nation States
In Descending Order by Campaign Year: 2021-2012
Incident/
Campaign,
Campaign Attributed
Perpetrating
Incident, or
Year(s)
Country
Entity
Identifier
Description
Citation
2021
Iran
N/A
N/A
Government-sponsored actors
Federal Bureau of Investigation, Cybersecurity and Infrastructure
exploiting vulnerabilities in email
Security Agency, Australian Cyber Security Centre, and National
and security appliances to gain
Cyber Security Centre, “Iranian Government-Sponsored APT Cyber
access to U.S. critical
Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in
infrastructure. Once they have
Furtherance of Malicious Activities,” AA21-321A, November 17,
access, they conduct fol ow on
2021, at https://us-cert.cisa.gov/sites/default/files/publications/AA21-
theft, encryption, ransomware
321A-Iranian%20Government-
and extortion operations.
Sponsored%20APT%20Actors%20Exploiting%20Vulnerabilities_1.pdf.
2020-2021 China
MSS
Hafnium
Exploited previously unknown
The White House, “The United States, Joined by Al ies and Partners,
vulnerabilities in on-premise
Attributes Malicious Cyber Activity and Irresponsible State Behavior
Microsoft Exchange servers to
to the People’s Republic of China,” press release, July 19, 2021, at
gain access to sensitive data.
https://www.whitehouse.gov/briefing-room/statements-releases/
2021/07/19/the-united-states-joined-by-al ies-and-partners-
attributes-malicious-cyber-activity-and-irresponsible-state-behavior-
to-the-peoples-republic-of-china/.
2020-2021 Russia
SVR
SolarWinds
Conducted a supply-chain attack
Joint Statement by the Federal Bureau of Investigation (FBI), the
against a widely used software
Cybersecurity and Infrastructure Security Agency (CISA), the Office
management company to gain
of the Director of National Intel igence (ODNI), and the National
access to government and private
Security Agency (NSA), press release, January 5, 2021, at
sector networks.
https://www.cisa.gov/news/2021/01/05/joint-statement-federal-
bureau-investigation-fbi-cybersecurity-and-infrastructure.
2020
Iran
Kazemi and
2020 U.S.
Hacked into state election
Department of Justice, “Two Iranian Nationals Charged for Cyber-
Kashiana
Presidential
websites and accessed voter
Enabled Disinformation and Threat Campaign Designed to Influence
Election
information on over 100,000
the 2020 U.S. Presidential Election” press release, November 18,
Disinformation
citizens. Sent disinformation to
2021, at https://www.justice.gov/opa/pr/two-iranian-nationals-
and Election
politicians and the media claiming
charged-cyber-enabled-disinformation-and-threat-campaign-designed.
Infrastructure
to be from voters. Intimidated
Hacking
voters online. Attempted to hack
into a media company to spread
further disinformation.
CRS-6


Incident/
Campaign,
Campaign Attributed
Perpetrating
Incident, or
Year(s)
Country
Entity
Identifier
Description
Citation
2020
Iran
MOIS & IRGC
APT-39
Stole data pertaining to national
Department of Justice, “Department of Justice and Partner
security, foreign policy
Departments and Agencies Conduct Coordinated Actions to
intel igence, non-military nuclear
Disrupt and Deter Iranian Malicious Cyber Activities Targeting the
information, aerospace data,
United States and the Broader International Community,” press
human rights activist information,
release, September 17, 2020, at https://www.justice.gov/opa/pr/
individual financial information
department-justice-and-partner-departments-and-agencies-conduct-
and PII, and intel ectual property,
coordinated-actions-disrupt.
including unpublished scientific
research.
2014-2020 China
MSS
APT-41
Targeted IT companies,
Department of Justice, “Seven International Cyber Defendants,
telecommunications companies,
Including ‘Apt41’ Actors, Charged In Connection with Computer
academic institutions, NGOs, and Intrusion Campaigns Against More Than 100 Victims Global y,” press
pro-democracy activists to steal
release, September 16, 2020, at https://www.justice.gov/opa/pr/
intel ectual property; deployed
seven-international-cyber-defendants-including-apt41-actors-
ransomware; and used il egal y
charged-connection-computer.
accessed computers to mine
cryptocurrency.
CRS-7


Incident/
Campaign,
Campaign Attributed
Perpetrating
Incident, or
Year(s)
Country
Entity
Identifier
Description
Citation
2014-2020 North
RGB
APT-38
Destroyed computers of Sony
Department of Justice, “Three North Korean Military Hackers
Korea
Pictures Entertainment over the
Indicted in Wide-Ranging Scheme to Commit Cyberattacks and
release of The Interview;
Financial Crimes Across the Globe," press release, February 17,
compromised the Society for
2021, at https://www.justice.gov/opa/pr/three-north-korean-military-
Worldwide Interbank Financial
hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and.
Telecommunications (SWIFT)
network to steal money from
banks; created and deployed the
WannaCry 2.0 ransomware;
created malicious cryptocurrency
wal ets; compromised
cryptocurrency companies to
steal cryptocurrencies; and
conducted spear phishing
campaigns against defense
contractors, energy companies,
aerospace companies, technology
companies, the U.S. Department
of State, and the U.S. Department
of Defense.
2013-2020 Iran
Criminal
N/A
Targeted universities, think tanks,
Department of Justice, “Two Iranian Nationals Charged in Cyber
group
defense contractors, and
Theft Campaign Targeting Computer Systems in United States,
operating on
aerospace companies to steal
Europe, and the Middle East,” press release, September 16, 2020, at
behalf of the
sensitive data.
https://www.justice.gov/opa/pr/two-iranian-nationals-charged-cyber-
state
theft-campaign-targeting-computer-systems-united-states.
2009-2020 China
MSS
N/A
Targeted technology
Department of Justice, “Two Chinese Hackers Working with the
manufacturing, healthcare, energy, Ministry of State Security Charged with Global Computer Intrusion
defense, business, educational,
Campaign Targeting Intel ectual Property and Confidential Business
and gaming companies to steal
Information, Including COVID-19 Research,” press release, July 21,
intel ectual property and
2020, at https://www.justice.gov/opa/pr/two-chinese-hackers-
confidential business information,
working-ministry-state-security-charged-global-computer-intrusion.
including COVID-19 research.
CRS-8


Incident/
Campaign,
Campaign Attributed
Perpetrating
Incident, or
Year(s)
Country
Entity
Identifier
Description
Citation
2015-2019 Iran
IRGC
APT-33
Conducted spear phishing attacks
Department of Justice, “State-Sponsored Iranian Hackers Indicted
against satel ite and aerospace
for Computer Intrusions at U.S. Satel ite Companies,” press release,
company employees to gain
September 17, 2020, at https://www.justice.gov/opa/pr/state-
access to company networks,
sponsored-iranian-hackers-indicted-computer-intrusions-us-satel ite-
steal identities, and use malware
companies.
to steal intel ectual property and
sensitive data.
2015-2018 Russia
GRU
Sandworm
Attacked the Ukrainian
Department of Justice, “Six Russian GRU Officers Charged in
government and critical
Connection with Worldwide Deployment of Destructive Malware
infrastructure (BlackEnergy);
and Other Disruptive Actions in Cyberspace,” press release,
sought to interfere in the French
October 19, 2020, at https://www.justice.gov/opa/pr/six-russian-gru-
national elections; conducted the
officers-charged-connection-worldwide-deployment-destructive-
NotPetya attacks against U.S.-
malware-and.
based hospitals, shipping
companies, and pharmaceutical
companies; sought to undermine
the PyeongChang Winter
Olympics; spear phished
investigators of the Novichok
poisoning to gain sensitive data;
and sought to compromise
Georgian government entities.
CRS-9


Incident/
Campaign,
Campaign Attributed
Perpetrating
Incident, or
Year(s)
Country
Entity
Identifier
Description
Citation
2014-2018 Russia
GRU
N/A
Conducted disinformation
Department of Justice, “U.S. Charges Russian GRU Officers with
operations. Hacked into
International Hacking and Related Influence and Disinformation
computers belonging to the
Operations,” press release, October 4, 2018, at
World Anti-Doping Agency
https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-
(WADA), United States Anti-
international-hacking-and-related-influence-and.
Doping Agency (USADA), Rio de
Janeiro Olympic and Paralympic
games, Fédération Internationale
de Footbal Association (FIFA),
Westinghouse Electric Company’s
(WEC), and the [Organization]
for the Prohibition of Chemical
Weapons (OPCW). Published
stolen and altered information
from these entities to retaliate for
and delegitimize doping charges
against Russia’s sporting
organizations.
2013-2018 Iran
IRGC
Mabna
Stole academic data and
Department of Justice, “Nine Iranians Charged with Conducting
Institute
intel ectual property from
Massive Cyber Theft Campaign on Behalf of the Islamic
universities, companies, and
Revolutionary Guard Corps,” press release, March 23, 2018, at
government agencies.
https://www.justice.gov/opa/pr/nine-iranians-charged-conducting-
massive-cyber-theft-campaign-behalf-islamic-revolutionary.
2011-2018 China
MSS
APT-40
Stole the intel ectual property of
Department of Justice, “Four Chinese Nationals Working with the
companies dealing with
Ministry of State Security Charged with Global Computer Intrusion
submersibles, autonomous
Campaign Targeting Intel ectual Property and Confidential Business
vehicles, chemicals, aircraft,
Information, Including Infectious Disease Research,” press release,
genetics, transportation, and
July 10, 2021, at https://www.justice.gov/opa/pr/four-chinese-
infectious disease research.
nationals-working-ministry-state-security-charged-global-computer-
intrusion.
CRS-10


Incident/
Campaign,
Campaign Attributed
Perpetrating
Incident, or
Year(s)
Country
Entity
Identifier
Description
Citation
2006-2018 China
MSS
APT-10
Targeted and stole intel ectual
Department of Justice, “Two Chinese Hackers Associated with the
property and confidential business Ministry of State Security Charged with Global Computer Intrusion
information from transportation,
Campaigns Targeting Intel ectual Property and Confidential Business
technology, shipping, consulting,
Information,” press release, December 20, 2018, at
healthcare, and energy companies
https://www.justice.gov/opa/pr/two-chinese-hackers-associated-
through cloud and managed
ministry-state-security-charged-global-computer-intrusion.
service providers.
2017
China
PLA
Equifax Hack
Theft of the PII of nearly 150
Department of Justice, “Chinese Military Personnel Charged with
mil ion Americans.
Computer Fraud, Economic Espionage and Wire Fraud for Hacking
into Credit Reporting Agency Equifax,” press release, February 10,
2020, at https://www.justice.gov/opa/pr/chinese-military-personnel-
charged-computer-fraud-economic-espionage-and-wire-fraud-
hacking.
2016
Russia
GRU
DCLeaks and
Targeted political campaigns, state Department of Justice, “Grand Jury Indicts 12 Russian Intel igence
Guccifer 2.0
boards of elections, state
Officers for Hacking Offenses Related to the 2016 Election,” press
secretaries of state, and
release, July 13, 2018, at https://www.justice.gov/opa/pr/grand-jury-
companies providing technology
indicts-12-russian-intel igence-officers-hacking-offenses-related-2016-
for elections to steal and leak
election.
their sensitive data.
2014-2016 Russia
FSB
Yahoo Breach Breach of 500 mil ion accounts
Department of Justice, “U.S. Charges Russian FSB Officers and Their
and other webmail account
Criminal Conspirators for Hacking Yahoo and Mil ions of Email
compromises targeted journalists,
Accounts,” press release, March 15, 2017, at
government officials,
https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-
cybersecurity company
their-criminal-conspirators-hacking-yahoo-and-mil ions.
employees, financial services
companies, and transportation
companies to steal sensitive
information.
2015
China
Fujie Wang,
Anthem Hack
Stole massive amounts of PII held
Department of Justice, “Member of Sophisticated China-Based
and othersb
by the health insurance company
Hacking Group Indicted for Series of Computer Intrusions, Including
Anthem Inc., as wel as other
2015 Data Breach of Health Insurer Anthem Inc. Affecting Over 78
companies.
Mil ion People,” press release, May 9, 2019, at
https://www.justice.gov/opa/pr/member-sophisticated-china-based-
hacking-group-indicted-series-computer-intrusions-including.
CRS-11


Incident/
Campaign,
Campaign Attributed
Perpetrating
Incident, or
Year(s)
Country
Entity
Identifier
Description
Citation
2014-2015 Iran
IRGC
N/A
Targeted intel igence community
Department of Justice, “Former U.S. Counterintel igence Agent
(IC) employees as part of an
Charged with Espionage on Behalf of Iran; Four Iranians Charged
intel igence campaign with fake
with a Cyber Campaign Targeting Her Former Col eagues,” press
accounts used to deploy malware. release, February 13, 2019, at https://www.justice.gov/opa/pr/
former-us-counterintel igence-agent-charged-espionage-behalf-iran-
four-iranians-charged-cyber.
2010-2015 China
MSS
N/A
Targeted aerospace companies to Department of Justice, “Chinese Intel igence Officers and Their
steal intel ectual property related
Recruited Hackers and Insiders Conspired to Steal Sensitive
to turbofan engine technology.
Commercial Aviation and Technological Data for Years,” press
release, October 30, 2018, at https://www.justice.gov/opa/pr/
chinese-intel igence-officers-and-their-recruited-hackers-and-
insiders-conspired-steal.
2006-2014 China
PLA
N/A
Hacked into computers of U.S.
Department of Justice, “U.S. Charges Five Chinese Military Hackers
manufacturers in order to steal
for Cyber Espionage Against U.S. Corporations and a Labor
sensitive information to benefit
Organization for Commercial Advantage,” press release, May 19,
Chinese state enterprises.
2014, at https://www.justice.gov/opa/pr/us-charges-five-chinese-
military-hackers-cyber-espionage-against-us-corporations-and-labor.
2011-2013 Iran
ITSecTeam &
N/A
Waged DDOS attacks against
Department of Justice, “Seven Iranians Working for Islamic
Mersad
financial services companies, and
Revolutionary Guard Corps-Affiliated Entities Charged for
Company
hacked into networks of a
Conducting Coordinated Campaign of Cyber Attacks Against U.S.
municipal dam in Rye Brook, N.Y. Financial Sector,” press release, March 24, 2016, at
https://www.justice.gov/opa/pr/seven-iranians-working-islamic-
revolutionary-guard-corps-affiliated-entities-charged.
Source: CRS analysis.
Notes: Abbreviations used in the table include: Advanced Persistent Threat (APT); Democratic People’s Republic of North Korea (North Korea); Distributed Denial of
Service (DDOS); Federal Security Service (FSB); Islamic Republic of Iran (Iran); Islamic Revolutionary Guard Corps (IRGC); Th e People’s Republic of China (China); Main
Intel igence Directorate, Military (GRU); Intel igence Community (IC); Ministry of Intel igence and Security (MOIS); Ministry of State Security (MSS); People’s Liberation
Army (PLA); Personal Identifiable Information (PII); The Russian Federation (Russia); Reconnaissance General Bureau (RGB); an d Russia’s Foreign Intel igence Service
(SVR).
a. Seyyed Mohammad Hosein Musa Kazemi and Saj ad Kashian are the two Iranian nationals charged. The indictment claims that they work for an Iranian company now
known as Emennet Pasargad. The company is known to have provided services to the Iranian government and the Guardian Council.
b. The indictment does not attribute this attack as being for the benefit of the state. However, government officials have since speculated that this was under the
direction of the Chinese government—see, Christopher Wray, “The Threat Posed by the Chinese Government and the Chinese Communist Party to the Economic
CRS-12


and National Security of the United States,” remarks to the Hudson Institute as delivered, July 7, 2020, at https://www.fbi.gov/news/speeches/the-threat-posed-by-
the-chinese-government-and-the-chinese-communist-party-to-the-economic-and-national-security-of-the-united-states.

CRS-13

link to page 18 link to page 9 Cybersecurity: Selected Cyberattacks, 2012-2021

Foreign Criminal Cyberattacks
Most criminals are financial y motivated and use cyberspace as a medium for conducting profit-
bearing schemes. However, financial gain is not a requirement for il icit activity. Some malicious
actors also victimize entities online without desires for payment, such as in hack and leak
operations intended to embarrass the victim. Table 2 lists a selection of 30 cyberattacks against
victims in the United States from actors located abroad. The country of residence for the
perpetrator is included for each cyberattack campaign to highlight the geographic diversity from
where attacks originate. Some campaigns were part of criminal groups and others are conducted
by individuals, as indicated for each entry in the table. The U.S. government has determined that
these actors were not operating to benefit the state, but where acting for personal gain—thus
distinguishing these attacks from those listed in Table 1. Criminal cyberattacks also originate
from U.S. individuals but are not included in this table as those individuals may face both state
and federal criminal charges, which the search methodology does not take into account. These
attacks include the compromise of computers to create and maintain botnets, business email
compromise schemes, hack and release campaigns, and ransomware attacks.

Congressional Research Service

14


Table 2. Selected Criminal Cyberattacks
In Descending Order by Campaign Year: 2021-2012
Incident/
Perpetrator
Single or
Campaign,
Campaign
Country of
Multiple
Incident, or
Year(s)
Residence
Perpetrators
Identifier
Description
Citation
2021
Ukraine and
Multiple
REvil
Hackers built and distributed Department of Justice, “Ukrainian Arrested and Charged with
Russia
ransomware and
the Sodinokibi and REvil
Ransomware Attack on Kaseya,” press release, November 8, 2021,
Kaseya attack
ransomware attacks. They
at https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-
conducted a supply chain
ransomware-attack-kaseya.
attack against an IT
management company to
distribute ransomware to
new victims.
2019-2021 Switzerland
Single
Hack & Leak
Hacked into U.S. companies
Department of Justice, “Swiss Hacker Indicted for Conspiracy,
and posted sensitive data.
Wire Fraud, and Aggravated Identity Theft,” press release, March
18, 2021, at https://www.justice.gov/usao-wdwa/pr/swiss-hacker-
indicted-conspiracy-wire-fraud-and-aggravated-identity-theft.
2011-2021 Moldova
Multiple
Bugat Botnet
Targeted school districts,
Department of Justice, “Bugat Botnet Administrator Arrested and
banks, and energy companies Malware Disabled,” press release, October 13, 2015, at
to wire funds il icitly.
https://www.justice.gov/opa/pr/bugat-botnet-administrator-
arrested-and-malware-disabled.
2016-2020 Iran
Multiple
N/A
Defaced websites by
Department of Justice, “Two Al eged Hackers Charged with
changing them to protest
Defacing Websites Fol owing Kil ing of Qasem Soleimani,” press
U.S. government policies and release, September 15, 2020, at https://www.justice.gov/opa/pr/
actions. Stole credit card
two-al eged-hackers-charged-defacing-websites-fol owing-kil ing-
information and distributed
qasem-soleimani.
spam emails.
2016-2020 Ukraine
Multiple
N/A
Hacked into computers,
Department of Justice, “Ukrainian Cyber Criminal Extradited For
stole user credentials,
Decrypting The Credentials Of Thousands Of Computers Across
managed a botnet of hacked
The World And Sel ing Them On A Dark Web Website,” press
computers and sold access
release, September 8, 2021, at https://www.justice.gov/usao-mdfl/
online.
pr/ukrainian-cyber-criminal-extradited-decrypting-credentials-
thousands-computers-across.
CRS-15


Incident/
Perpetrator
Single or
Campaign,
Campaign
Country of
Multiple
Incident, or
Year(s)
Residence
Perpetrators
Identifier
Description
Citation
2015-2020 Latvia
Multiple
Trickbot
Targeted hospitals, schools,
Department of Justice, “Latvian National Charged for Al eged Role
utilities, and governments to
in Transnational Cybercrime Organization,” press release, June 4,
steal financial information.
2021, at https://www.justice.gov/opa/pr/latvian-national-charged-
al eged-role-transnational-cybercrime-organization.
2019
Nigeria
Multiple
Hushpuppi
Conducted business email
Department of Justice, “Six Indicted in International Scheme to
compromise and money
Defraud Qatari School Founder and Then Launder over $1 Mil ion
laundering campaigns.
in Il icit Proceeds,” press release, July 29, 2021, at
https://www.justice.gov/usao-cdca/pr/six-indicted-international-
scheme-defraud-qatari-school-founder-and-then-launder-over-1.
2013-2019 Romania,
Multiple
Fraud
Sold non-existent goods
Department of Justice, “United States and International Law
Bulgaria,
online and attacked
Enforcement Dismantle Online Organized Crime Ring Operating
U.S.A.
credentials for web services.
out of Romania that Victimized Thousands of U.S. Residents,”
press release, February 7, 2019, at https://www.justice.gov/opa/pr/
united-states-and-international-law-enforcement-dismantle-online-
organized-crime-ring.
2015-2018 Ukraine
Multiple
Fin7
Targeted retailers and point-
Department of Justice, “Three Members of Notorious
of-sale terminals to steal
International Cybercrime Group “Fin7” in Custody for Role in
credit card information.
Attacking over 100 U.S. companies,” press release, August 1, 2018,
at https://www.justice.gov/opa/pr/three-members-notorious-
international-cybercrime-group-fin7-custody-role-attacking-over-
100.
2015-2018 Iran
Multiple
SamSam
Conducted ransomware
Department of Justice, “Two Iranian Men Indicted for Deploying
Ransomware
attacks against state and city
Ransomware to Extort Hospitals, Municipalities, and Public
government agencies,
Institutions, Causing Over $30 Mil ion in Losses,” press release,
hospitals, and other victims.
November 28, 2018, at https://www.justice.gov/opa/pr/two-
iranian-men-indicted-deploying-ransomware-extort-hospitals-
municipalities-and-public.
2013-2018 Ukraine
Single
Malvertising
Delivered online
Department of Justice, “International ‘Malvertiser’ Extradited from
campaign
advertisements embedded
the Netherlands to Face Hacking Charges in New Jersey,” press
with malware.
release, May 3, 2019, at https://www.justice.gov/opa/pr/
international-malvertiser-extradited-netherlands-face-hacking-
charges-new-jersey.
CRS-16


Incident/
Perpetrator
Single or
Campaign,
Campaign
Country of
Multiple
Incident, or
Year(s)
Residence
Perpetrators
Identifier
Description
Citation
2007-2018 Romania
Single
N/A
Targeted customers of the
Department of Justice, “Leader of International Cyber Fraud Ring
Better Business Bureau, the
Returned to United States to Face Federal Racketeering Charges,”
Internal Revenue Service,
press release, October 9, 2018, at https://www.justice.gov/opa/pr/
the U.S. Tax Court, the
leader-international-cyber-fraud-ring-returned-united-states-face-
National Payrol Records
federal-racketeering.
Center, and others with
phishing and fraudulent
online auctions.
2017
Romania
Multiple
Ransomware
Targeted Metropolitan
Department of Justice, “Two Romanian Suspects Charged with
Police Department
Hacking of Metropolitan Police Department Surveil ance Cameras
surveil ance cameras and
in Connection with Ransomware Scheme,” press release,
compromised those devices
December 28 2017, at https://www.justice.gov/usao-dc/pr/two-
to distribute ransomware.
romanian-suspects-charged-hacking-metropolitan-police-
department-surveil ance-cameras.
2017
Turkey
Single
WireX Botnet
Used the WireX Botnet in a
Department of Justice, “Federal Indictment in Chicago Charges
DDOS attack against a
Turkish National with Directing Cyber Attack on Multinational
hospitality company.
Hospitality Company,” press release, September 29, 2021, at
https://www.justice.gov/usao-ndil/pr/federal-indictment-chicago-
charges-turkish-national-directing-cyber-attack.
2016-2017 United
Single
Dark Overlord
Breached the network of a
Department of Justice, “Member of ‘The Dark Overlord’ Hacking
Kingdom
business in St. Louis, MO,
Group Extradited from United Kingdom to Face Charges in St.
stole sensitive data, and
Louis,” press release, December 18, 2019, at
threatened to release it
https://www.justice.gov/opa/pr/member-dark-overlord-hacking-
unless a ransom was paid.
group-extradited-united-kingdom-face-charges-st-louis.
2014-2017 Cyprus
Single
N/A
Hacked into a company’s
Department of Justice, “Two Al eged Criminals – A Hezbol ah
data store, stole sensitive
Associated Narco-Money Launderer and a Computer Hacker –
information, then extorted
Extradited from Cyprus to the United States,” press release, July
the company for a fee to not 18, 2020, at https://www.justice.gov/opa/pr/two-al eged-criminals-
release information. With
hezbol ah-associated-narco-money-launderer-and-computer-
persistent access, charged
hacker.
clients to remove
unfavorable information
from the company’s records.
CRS-17


Incident/
Perpetrator
Single or
Campaign,
Campaign
Country of
Multiple
Incident, or
Year(s)
Residence
Perpetrators
Identifier
Description
Citation
2014-2017 Russia,
Multiple
MethBot
Built a botnet and
Department of Justice, “Two International Cybercriminal Rings
Ukraine, and
maintained infrastructure to
Dismantled and Eight Defendants Indicted for Causing Tens of
Kazakhstan
operate a malvertising
Mil ions of Dol ars in Losses in Digital Advertising Fraud,” press
campaign.
release, November 27, 2018, at https://www.justice.gov/usao-edny/
pr/two-international-cybercriminal-rings-dismantled-and-eight-
defendants-indicted-causing.
2011-2017 China
Multiple
Economic
Targeted firms working on
Department of Justice, “U.S. Charges Three Chinese Hackers
Espionage
satel ite, energy, technology,
Who Work at Internet Security Firm for Hacking Three
transportation, and
Corporations for Commercial Advantage,” press release,
economic analysis to steal
November 27, 2017, at https://www.justice.gov/opa/pr/us-charges-
credentials and access
three-chinese-hackers-who-work-internet-security-firm-hacking-
sensitive data.
three-corporations.
2010-2017 Russia
Single
Kelihos Botnet
Stole PII and credentials,
Department of Justice, “Russian National Indicted with Multiple
distributed spam and
Offenses in Connection with Kelihos Botnet,” press release, April
malware, engaged in pump-
21, 2017, at https://www.justice.gov/opa/pr/russian-national-
and-dump stock schemes.
indicted-multiple-offenses-connection-kelihos-botnet.
2010-2017 Russia
Multiple
InFraud
Targeted financial
Department of Justice, “Russian National Pleads Guilty for Role in
Organization
institutions, merchants, and
Transnational Cybercrime Organization Responsible for More
individuals to steal credit
Than $568 Mil ion in Losses,” press release, June 26, 2020, at
cards, PII, identities and
https://www.justice.gov/opa/pr/russian-national-pleads-guilty-role-
engage in other crimes.
transnational-cybercrime-organization-responsible-more.
2015-2016 Russia,
Multiple
GozNym
Stole banking information
Department of Justice, “GozNym Cyber-Criminal Network
Georgia,
Malware
from a paving company, law
Operating out of Europe Targeting American Entities Dismantled
Ukraine,
firms, churches, companies
in International Operation,” press release, May 16, 2019, at
Moldova, and
providing services to
https://www.justice.gov/opa/pr/goznym-cyber-criminal-network-
Bulgaria
disabled individuals, medical
operating-out-europe-targeting-american-entities-dismantled.
equipment distributers,
casinos, and furniture stores.
CRS-18


Incident/
Perpetrator
Single or
Campaign,
Campaign
Country of
Multiple
Incident, or
Year(s)
Residence
Perpetrators
Identifier
Description
Citation
2007-2016 Romania
Multiple
Botnet
Developed malware that
Department of Justice, “Three Romanian Nationals Indicted in $4
spread to more than 60,000
Mil ion Cyber Fraud Scheme That Infected at Least 60,000
computers, creating a botnet Computers and Sent 11 Mil ion Malicious Emails,” press release,
used to mine
December 16, 2016, at https://www.justice.gov/opa/pr/three-
cryptocurrency, send spam
romanian-nationals-indicted-4-mil ion-cyber-fraud-scheme-
email, and steal credentials
infected-least-60000-computers.
and financial information.
2016
Ukraine
Multiple
SEC EDGAR
Infiltrated the SEC EDGAR
Department of Justice, “Two Ukrainian Nationals Indicted in
Compromise
filing system to glean non-
Computer Hacking and Securities Fraud Scheme Targeting U.S.
public company information
Securities and Exchange Commission,” press release, January 15,
in order to trade in
2019, at https://www.justice.gov/opa/pr/two-ukrainian-nationals-
company stock based on
indicted-computer-hacking-and-securities-fraud-scheme-targeting-
private information.
us.
2015
Kosovo
Single
Kosova Hacker’s
Targeted PII of U.S. service
Department of Justice, “ISIL-Linked Hacker Arrested in Malaysia
Security
members and government
on U.S. Charges,” press release, October 15, 2015, at
employees.
https://www.justice.gov/opa/pr/isil-linked-hacker-arrested-malaysia-
us-charges.
2007-2015 Ukraine
Single
Money
Spammed victims,
Department of Justice, “Ukrainian National Extradited from Poland
Laundering
maintained infrastructure to
to Face Charges Related to $10 Mil ion Cyber Money Laundering
perpetuate cybercrimes, and Operation,” press release, December 23, 2015, at
stole money from company
https://www.justice.gov/opa/pr/ukrainian-national-extradited-
bank accounts.
poland-face-charges-related-10-mil ion-cyber-money-laundering.
2012-2014 Romania
Single
Guccifer
Hacked the personal email
Department of Justice, “Romanian National “Guccifer” Extradited
and social media accounts of
to Face Hacking Charges,” press release, April 1, 2016, at
high profile individuals and
https://www.justice.gov/opa/pr/romanian-national-guccifer-
released sensitive
extradited-face-hacking-charges.
information.
2010-2012 Ukraine/Italy
Single
Zeus Malware
Targeted banks and banking
Department of Justice, “Ukrainian Citizen Sentenced to 41 Months
information for financial
in Prison for Using Army of 13,000 Infected Computers to Loot
theft.
Log-In Credentials, Payment Card Data,” press release, February
16, 2017, at https://www.justice.gov/usao-nj/pr/ukrainian-citizen-
sentenced-41-months-prison-using-army-13000-infected-
computers-loot-log.
CRS-19


Incident/
Perpetrator
Single or
Campaign,
Campaign
Country of
Multiple
Incident, or
Year(s)
Residence
Perpetrators
Identifier
Description
Citation
2009-2012 China
Single
N/A
Targeted U.S. defense
Department of Justice, “Chinese National Pleads Guilty to
contractors to steal sensitive
Conspiring to Hack into U.S. Defense Contractors’ Systems to
military transport design
Steal Sensitive Military Information,” press release, March 23,
data and send the data to
2016, at https://www.justice.gov/opa/pr/chinese-national-pleads-
China.
guilty-conspiring-hack-us-defense-contractors-systems-steal-
sensitive.
2003-2012 Russia
Multiple
N/A
Theft of credit card
Department of Justice, “Russian National Admits Role in Largest
information from payment
Known Data Breach Conspiracy Ever Prosecuted,” press release,
processors, financial
September 15, 2015, at https://www.justice.gov/opa/pr/russian-
institutions, and retailers.
national-admits-role-largest-known-data-breach-conspiracy-ever-
prosecuted.
2012
Iran/Turkey
Single
N/A
Stole intel ectual property
Department of Justice, “Man Pleads Guilty to Facilitating
from a Vermont-based
Computer Hacking of Vermont Company,” press release,
defense contractor and
December 2, 2015, at https://www.justice.gov/opa/pr/man-pleads-
engineering firm.
guilty-facilitating-computer-hacking-vermont-company.
Source: CRS analysis.
Notes: Abbreviations and col oquialisms used in this table: the Republic of Bulgaria (Bulgaria); the People’s Republic of China (China); the Republic of Cyprus (Cyprus);
the Electronic Data Gathering, Analysis, and Retrieval system (EDGAR); the Federal Republic of Nigeria (Nigeria); the Islamic Republic of Iran (Iran); the Italian Republic
(Italy); the Republic of Kazakhstan (Kazakhstan); the Republic of Kosovo (Kosovo); the Republic of Moldova (Moldova); personal y identifiable information (PII); the
Russian Federation (Russia); the U.S. Securities and Exchange Commission (SEC); the Swiss Confederation (Switzerla nd); the Republic of Turkey (Turkey); the United
States of America (U.S.A.); and the United Kingdom of Great Britain and Northern Ireland (United Kingdom).

CRS-20

Cybersecurity: Selected Cyberattacks, 2012-2021



Author Information

Chris Jaikaran

Analyst in Cybersecurity Policy


Acknowledgments
Jared Nagel, Information Research Specialist with CRS, provided research support in identifying cyberattacks.

Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan
shared staff to congressional committees and Members of Congress. It operates solely at the behest of and
under the direction of Congress. Information in a CRS Report should n ot be relied upon for purposes other
than public understanding of information that has been provided by CRS to Members of Congress in
connection with CRS’s institutional role. CRS Reports, as a work of the United States Government, are not
subject to copyright protection in the United States. Any CRS Report may be reproduced and distributed in
its entirety without permission from CRS. However, as a CRS Report may include copyrighted images or
material from a third party, you may need to obtain the permission of the copyright holder if you wish to
copy or otherwise use copyrighted material.

Congressional Research Service
R46974 · VERSION 1 · NEW
21