Belgacom, the precursor of today’s Belgian ISP and telecom company Proximus, was reportedly compromised by the British surveillance agency GCHQ. This allowed the GCHQ to intercept communications of individual subscribers and also clients of Belgacom’s partner telecoms.

Vodafone discovered hidden backdoors in Huawei-made home routers and optical service nodes in 2011 and 2012. At that time, Vodafone notified Huawei and the issues were resolved.

A December 2015 cyber attack affected multiple regional electrical power companies in Ukraine. It included multiple elements: disconnection of electricity substations, denial of access to system dispatchers and attempts to deny customer calls that would have reported the power downtime. Beyond the Ivano-Frankivsk region, three other regions were attacked (Chernivtsi, Khmelnytskyi, Kyiv).

A United Cyber Caliphate was created, following the merger of several groups, including Ghost Caliphate, Sons Caliphate Army, Caliphate Cyber Army, and Kalashnikov Team. The level of cyber threat posed by jihadists remained low as attacks essentially consisted in defacements and doxing (publishing a target’s personal information with “invitation to kill” to inspire lone-wolf type of actors).

An unknown threat actor dumped thousands of documents obtained via hacking from the campaign of French presidential candidate Emmanuel Macron.

WannaCry is a piece of ransomware that propagated by leveraging the EternalBlue exploit. It spread very quickly and managed to infect systems in over 150 countries, creating widespread chaos in shutting down factories, businesses, and state institutions. In December 2017, the US and UK formally asserted that North Korea was behind the attack.

Destructive ransomware dubbed NotPetya propagated in Ukraine, spread to multiple other countries and caused economic impact such as halting production and shipping in several industries. The UK, New Zealand, Canada, Australia, the United States, and the Netherlands officially attribute the NotPetya attack to Russia. Russia disputes the claim.

APT28 used VPNFilter, a small office and home router botnet, to conduct a cyber attack during the football Champions League final in Kyiv, according to Ukraine’s Secret Service.

Russia-based Sandworm gang executed targeted attacks against German public broadcasting services and chemical research organisations, in August 2017 and June 2018.

On Dec 24, Data Resolution, a cloud and managed services provider servicing tens of thousands of customers globally, experienced a Ryuk ransomware infection and had to shut down its systems to stop the spread.

In two separate announcements, Facebook announced the takedown of 2632 pages, groups, and accounts linked to three distinct disinformation campaigns (operating out of Iran, Russia, Macedonia, and Kosovo) as well as dozens of accounts, pages and groups intended to “engage in hate speech and spread divisive comments on both sides of the political debate” in the UK and Romania.

An increasing number of ransomware gangs are employing double extortion. A malware strain steals information stored on a victim’s machine. After that, the information residing on the infected device is encrypted and the attackers keep a copy. Should the victim refuse to pay the ransom, the attackers would threaten to publish the stolen information or sell it to the highest bidder. In many cases, ransomware gangs establish a dedicated leak site where they publish stolen information or advertise it for sale.

China has activated a powerful state operated DDoS attack tool against Hong Kong protesters. The tool, nicknamed the Great Cannon of China, utilises traffic inspection capabilities offered by the Great Firewall of China.

Multiple operations targeted the 2020 US elections. China, Russia, and Iran allegedly conducted these operations.

Multiple threat actors exploited several critical zero-day vulnerabilities in Microsoft Exchange. This was a global campaign with a serious impact. The exploitation started in November 2020 but only became publicly known in March 2021.