Every year has its fair share of digital security incidents, ranging from the absurd to the sinister, but 2024 is particularly marked by waves of cyberattacks in which cybercriminals and state-sponsored espionage groups Backs continuously exploit the same weakness or target type to fuel their madness. For attackers, this approach is extremely effective, but for compromised organizations—and the individuals they serve—the malicious rage has had very real consequences for with everyone's privacy, safety and security.
As political unrest and social unrest increase around the world, 2025 will be a complex and potentially explosive year in cyberspace. But first, here's WIRED's look at this year's worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks and digital extortion attempts. Be vigilant and stay safe out there.
Espionage activities are a fact of life and China's relentless campaigns have been ongoing in cyberspace for years now. But the China-linked Salt Typhoon espionage group carried out a particularly notable operation this year, hacking into a series of US telecommunications companies including Verizon and AT&T (plus others). world) for many months. And US officials told reporters earlier this month that many victim companies were still actively trying to remove hackers from their networks.
The attackers monitored a small group of people—fewer than 150 according to current statistics—but they included individuals who were subject to U.S. wiretapping warrants as well as State Department officials and members of of both the Trump and Harris presidential campaigns. Additionally, text messages and calls from others who interacted with Salt Storm targets were also caught up in the espionage scheme.
Throughout the summer, attackers repeatedly attacked prominent companies and organizations that are customers of cloud data storage company Snowflake. This game barely qualifies as a hack, as cybercriminals simply used stolen passwords to log into Snowflake accounts that didn't have two-factor authentication enabled. However, the end result was a huge amount of data stolen from victims including Ticketmaster, Santander Bank and Neiman Marcus. Another prominent victim, telecommunications giant AT&T, said in July that “nearly all” of the records related to customer calls and texts from a seven-month period in 2022 was stolen in a hack involving Snowflake. Security company Mandiant, owned by Google, said in June that the rampage affected approximately 165 victims.
In July, Snowflake added a feature so account administrators can enforce two-factor authentication for all their users. In November, suspect Alexander “Connor” Moucka was arrested arrested by Canadian law enforcement for allegedly leading the hack. He was prosecuted by the US Department of Justice for the Snowflake teardown and faces the risk of being extradited to the US. John Erin Binnswho was arrested in Türkiye on an indictment related to the 2021 T-Mobile telecommunications network breach, was also indicted on charges related to the Snowflake customer's breach.
In late February, medical billing and insurance processing company Change Healthcare suffered a ransomware attack that caused disruptions at hospitals, doctor's offices, pharmacies and other care facilities. other health care across the United States. The attack was one of the largest medical data breaches of all time, affecting more than 100 million people. The company is owned by UnitedHealth, which is the dominant medical billing processor in the United States. Days after the attack began, they believed ALPHV/BlackCat, a notorious Russian-speaking ransomware gang, was behind the attack.
Personal data stolen in the attack included patients' phone numbers, addresses, banking and other financial information, as well as health records including diagnoses, prescriptions and treatment details. Company paid a $22 million ransom to ALPHV/BlackCat in early March in an attempt to contain the situation. The payment seems encourages attackers to attack healthcare targets at an even greater speed than usual. With more than 100 million victims being notified on an ongoing basis—and more victims still being discovered—lawsuits and other backlash are on the rise. For example this month, status Nebraska v. Change Healthcarealleges that “failure to implement basic security protections” made the attack much worse than it could have been.
Microsoft speak in January that it had been breached by Russian “Midnight Blizzard” hackers in an incident that compromised the email accounts of company executives. This group has close ties to the Kremlin's SVR foreign intelligence agency and is especially linked to SVR's APT 29, also known as Cozy Bear. After the initial breach in November 2023, attackers targeted and compromised historical Microsoft system test accounts, which then gave them access to what the company said was “ a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there, the team retrieved “several emails and attachments.” Microsoft said the attackers appeared to be looking for information about what the company knew about them – in other words, Midnight Blizzard was investigating Microsoft's research into the group. Hewlett-Packard Enterprise (HPE) also said in January that it experienced a corporate email breach caused by Midnight Blizzard.
Background check company National Public Data was breached in December 2023, and data from the incident began being offered for sale on cybercrime forums in April 2024. Different configurations of data emerged several times over the summer, culminating in public confirmation of the company's violations in August. Stolen data included names, Social Security numbers, phone numbers, addresses and dates of birth. Since National Public Data did not confirm the breach until August, speculation about the situation has been growing for months and includes theories that the data includes dozens or even hundreds million Social Security numbers. While the breach was serious, the actual number of individuals affected appears to be much lower. Company reported in a profile told officials in Maine that the breach affected 1.3 million people. In October, National Public Data's parent company, Jerico Pictures, File for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing state and federal investigations into the violations as well as several lawsuits the company is facing over the incident.
Honorable Mention: North Korea's Cryptocurrency Theft
Lots of people stole a lot of cryptocurrency every year, including North Korea cyber crime who has Authorize financial support hermit kingdom. ONE report However, crypto tracking firm Chainalysis released this month highlights the ferocity of Pyongyang-backed hackers. Researchers found that in 2023, North Korea-linked hackers stole more than $660 million in 20 attacks. This year, they stole about 1.34 billion USD in 47 cases. The 2024 figures represent 20% of all incidents tracked by Chainalysis during the year, and a whopping 61% of total funds stolen by all actors.
The absolute dominance is impressive, but the researchers emphasize the severity of the crime. Chainalysis writes: “US and international officials have assessed that Pyongyang uses stolen cryptocurrency to fund its weapons of mass destruction and ballistic missile programs, endangering the international security”.