The worst hacks of 2024

Every year has its own mix of digital security failures, from the absurd to the bad, but 2024 was particularly marked by hacking attacks where cybercriminals and state-sponsored espionage groups repeatedly exploited the same vulnerability or type of target to fuel their fury. For attackers, this approach is ruthlessly efficient, but for compromised institutions and the people they serve, the malicious attacks had very real consequences for people’s privacy, safety and security.

As political turmoil and social unrest intensify around the world, 2025 will be a complex and potentially explosive year in cyberspace. But first, let’s take a look at WIRED’s worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks and digital extortions of the year. Be alert and be safe out there.

Espionage operations are a fact of life, and ruthless Chinese campaigns have been a constant in cyberspace for years now. But Salt Typhoon, a Chinese-linked espionage group, carried out a particularly notable operation this year, infiltrating a number of US telecoms including Verizon and AT&T (plus others around the world) over the course of months. US officials told reporters earlier this month that many of the affected companies are still actively trying to remove the hackers from their networks.

The attackers targeted a small group of people (currently less than 150), but they included people already subject to US wiretapping orders, as well as State Department officials and members of the Trump and Harris presidential campaigns. In addition, texts and calls from other people interacting with Salt Typhoon targets were also included in the spying scheme.

Over the summer, attackers went on a tear, breaching prominent companies and organizations that were all customers of the Snowflake cloud storage company. Because cybercriminals are simply using stolen passwords to log into Snowflake accounts that don’t have two-factor authentication enabled, this trick doesn’t mean hacking. As a result, an extraordinary amount of information was stolen from victims including Ticketmaster, Santander Bank and Neiman Marcus. Another notable victim, telecommunications giant AT&T, said in July that “almost all” records of its customers’ calls and texts It was stolen from a seven-month period in 2022 in an intervention involving Snowflake. Mandiant, a security company owned by Google said in June About 165 victims were affected by the attack, he said.

In July, Snowflake added a feature so account administrators could make two-factor authentication mandatory for all their users. In November, the suspect was Alexander “Connor” Moucka He was arrested by Canadian law enforcement for allegedly leading a hacking attack. He was indicted by the US Department of Justice for the Snowflake teardown and faces extradition to the US. John Erin BinnsIn 2021, Snowflake, who was arrested in Turkey on an indictment related to the breach of telecom T-Mobile, was also charged with customer violations.

In late February, medical billing and insurance processor Change Healthcare was hit by a ransomware attack that disrupted hospitals, doctor’s offices, pharmacies and other healthcare facilities in the United States. The attack is one of the largest medical data breaches of all time, affecting more than 100 million people. Owned by UnitedHealth, the company is the dominant medical payment processor in the United States. Days after the attack began, it said it believed ALPHV/BlackCat, a notorious Russian-language ransomware network, was behind the attack.

Personal information stolen in the attack included health records including patient phone numbers, addresses, bank and other financial information, diagnoses, prescriptions and treatment details. Company Paid a $22 million ransom to ALPHV/BlackCat in early March trying to get the situation under control. Payment as seen It has emboldened attackers to hit healthcare targets at a faster rate than usual. The ongoing notices, which have been distributed to more than 100 million victims — with more still to be discovered — are fueling lawsuits and other backlash. For example, this month’s situation Nebraska sued Change Healthcareclaimed that “failure to implement basic security safeguards” made the attack worse than it should have been.

Microsoft he said In January, Russia’s Midnight Blizzard said it was breached in an incident where hackers stole company executives’ email accounts. The group is linked to the Kremlin’s SVR foreign intelligence agency and is specifically linked to the SVR’s APT 29, known as Cozy Bear. After an initial intrusion in November 2023, attackers targeted and stole Microsoft’s historic system test accounts, which the company said allowed them to access “a very small subset of Microsoft corporate email accounts, including members of our senior leadership team and employees in the company”. our cybersecurity, legal and other functions.” From there, the group seized “some emails and additional documents.” Microsoft said that the attackers appear to be looking for information that the company knows about them, in other words, Midnight Blizzard is investigating Microsoft’s investigation into the group. Hewlett-Packard Enterprise (HPE) also said it suffered a corporate email breach linked to Midnight Blizzard in January.

In December 2023, the background check company National Public Data was breached, and information about the incident began to be sold on cybercriminal forums in April 2024. Different configurations of data were collected repeatedly over the summer, resulting in public approval. breach by the company in August. Stolen information included names, Social Security numbers, phone numbers, addresses and dates of birth. Since National Public Data did not confirm the breach until August, speculation about the situation grew for months, including theories that the data contained tens, if not hundreds, of millions of Social Security numbers. Although the breach is significant, the actual number of individuals affected, mercifully, appears to be less. Company stated in the application Authorities in Maine said the breach affected 1.3 million people. In October, National Public Data’s parent company, Jerico Pictures, Filed for Chapter 11 bankruptcy Reorganization in the Southern District of Florida, citing state and federal investigations into the breach, as well as a series of lawsuits the company faces over the incident.

Honor: North Korean Cryptocurrency Theft

A lot of people steal a lot of cryptocurrency Every year, including North Korea cybercriminals whose a mandate to help fund the hermit kingdom. A report A release this month by cryptocurrency research firm Chainalysis highlights just how aggressive Pyongyang-backed hackers are. Researchers found that in 2023, hackers linked to North Korea stole more than $660 million in 20 attacks. This year, they stole about $1.34 billion in 47 incidents. The 2024 figures represent 20 percent of the total incidents tracked by Chainalysis for the year and 61 percent of the total funds stolen by all actors.

The sheer dominance is impressive, but researchers emphasize the seriousness of the crimes. “U.S. and international officials have assessed that Pyongyang is using the stolen cryptocurrency to finance its weapons of mass destruction and ballistic missile programs, threatening international security,” Chainalysis wrote.