Every year has its own mix of digital security debacles, from the absurd to the sinister, but 2024 was particularly marked by hacking attacks in which cybercriminals and state-backed spy groups repeatedly exploited the same weakness or type of security. target to fuel their frenzy. For the attackers, the approach is ruthlessly efficient, but for the compromised institutions (and the people they serve) the malicious attacks had very real consequences for people’s privacy and security.
As political unrest and social unrest intensify around the world, 2025 will be a complicated (and potentially explosive) year in cyberspace. But first, here’s WIRED’s look back at this year’s worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks, and digital extortion cases. Stay alert and stay safe out there.
Espionage operations are a reality and relentless Chinese campaigns have been a constant in cyberspace for years. But the China-linked spy group Salt Typhoon carried out a particularly notable operation this year, infiltrating for months a number of American telecommunications companies, including Verizon and AT&T (and others around the world). And U.S. officials told reporters earlier this month that many victimized companies are still actively trying to remove hackers from their networks.
The attackers surveilled a small group of people (fewer than 150 by current count), but included people already subject to U.S. wiretap warrants, as well as State Department officials and members of the presidential campaigns. of Trump and Harris. Additionally, text messages and calls from other people who interacted with the Salt Typhoon targets were also inherently caught up in the spying scheme.
Throughout the summer, attackers were on a rampage, breaching prominent companies and organizations that were all customers of cloud data storage company Snowflake. The spree hardly qualifies as hacking, as the cybercriminals were simply using stolen passwords to log into Snowflake accounts that did not have two-factor authentication enabled. However, the end result was an extraordinary amount of data stolen from victims including Ticketmaster, Santander Bank and Neiman Marcus. Another notable victim, telecommunications giant AT&T, said in July that “almost all” records related to its customers’ calls and text messages over a seven-month period in 2022 were stolen in a Snowflake-related intrusion. Google-owned security company Mandiant said in June that the rampage affected approximately 165 victims.
In July, Snowflake added a feature so account administrators could make two-factor authentication mandatory for all their users. In November, Canadian authorities arrested suspect Alexander “Connor” Moucka for allegedly leading the hacking spree. He was indicted by the US Department of Justice for the Snowflake ripping and faces extradition to the United States. John Erin Binns, who was arrested in Turkey on an allegation related to a breach of telecommunications company T-Mobile in 2021, was also indicted on charges related to breaches of Snowflake customers.
In late February, medical billing and insurance processing company Change Healthcare suffered a ransomware attack that caused disruptions to hospitals, doctors’ offices, pharmacies, and other healthcare facilities across the United States. The attack is one of the largest medical data breaches of all time, affecting more than 100 million people. The company, owned by UnitedHealth, is a dominant medical billing processor in the United States. Days after the attack began, he said he believed ALPHV/BlackCat, a notorious Russian-speaking ransomware gang, was behind the attack.
Personal data stolen in the attack included patient phone numbers, addresses, banking and financial information, and medical records including diagnoses, prescriptions and treatment details. The company paid a $22 million ransom to ALPHV/BlackCat in early March in an attempt to contain the situation. The payment apparently encouraged attackers to attack healthcare targets at an even higher rate than usual. With ongoing notifications to over 100 million victims (and more still being discovered), lawsuits and other consequences have been increasing. This month, for example, the state of Nebraska sued Change Healthcarealleging that “failures to implement basic security protections” made the attack much worse than it should have been.
microsoft saying in January that it had been breached by Russian “Midnight Blizzard” hackers in an incident that compromised the email accounts of company executives. The group is linked to the Kremlin’s SVR foreign intelligence agency and is specifically linked to SVR’s APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, attackers attacked and compromised historical Microsoft system test accounts which then allowed them to access what the company said was “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees of our cybersecurity, legal and other functions.” From there, the group extracted “some emails and attached documents.” Microsoft said the attackers appeared to be seeking information about what the company knew about them; In other words, Midnight Blizzard was reconnoitering Microsoft’s investigation into the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.
Background check company National Public Data suffered a breach in December 2023, and data from the incident began appearing for sale on cybercriminal forums in April 2024. Different configurations of the data emerged again and again over the summer , culminating in the company’s public confirmation of non-compliance in August. The stolen data included names, Social Security numbers, phone numbers, addresses and dates of birth. Since National Public Data did not confirm the breach until August, speculation about the situation grew for months and included theories that the data included tens or even hundreds of millions of Social Security numbers. Although the breach was significant, the actual number of people affected appears to be, fortunately, much smaller. The company reported in a file Maine officials that the breach affected 1.3 million people. In October, National Public Data’s parent company, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing state and federal investigations into the breach, as well as a series of lawsuits the company faces over the incident.
Honorable mention: North Korea cryptocurrency theft
A large amount of cryptocurrency is stolen by many people every year, including North Korean cybercriminals who are mandated to help finance the hermit kingdom. TO report However, information from cryptocurrency tracking firm Chainalysis released this month underlines how aggressive Pyongyang-backed hackers have become. Researchers found that in 2023, North Korea-affiliated hackers stole more than $660 million in 20 attacks. This year, approximately $1.34 billion was stolen in 47 incidents. The 2024 figures represent 20 percent of the total incidents Chainalysis tracked during the year and a whopping 61 percent of the total funds stolen by all actors.
The sheer domination is impressive, but investigators emphasize the seriousness of the crimes. “US and international officials have assessed that Pyongyang uses the cryptocurrencies it steals to finance its weapons of mass destruction and ballistic missile programs, endangering international security,” Chainalysis wrote.