The worst cyberattacks undertaken by nation-state hackers

The WannaCry ransomware campaign hit hundreds of thousands of computer systems worldwide in one fell swoop, causing disruption to countless organizations including the UK's National Health Service (NHS), US hospitals, Nissan, and Russian banks.

The ransomware spread, made possible through a leaked NSA hacking tool and Windows exploit Eternal Blue, is believed to be the work ofNorth Korea.

NotPetya, another global malware campaign which claimed victims in Ukraine, Russia, Denmark, the UK, and the United States in 2017, caused chaos at everything from banks to shipping companies and nuclear facilities.

Originally, NotPetya was believed to be a kind of ransomware, but further analysis revealed the malware's true destructive purposes.

UK officials have blamed the Russian militaryfor the cyberattack.

See also: Cybersecurity: Nation-state cyber attacks threaten everyone, warns ex-GCHQ boss

An advanced persistent threat (APT) group believed to be backed by the Russian government, Turla has been quietly attacking political targets for many years.

Turla, active for at least a decade, has been connected to cyberattacks launched against European government organizations, including consulates and embassies.

The group uses the Gazer malware family, watering hole attacks, and phishing campaigns.

Back in 2010, the Stuxnet worm infiltrated an Iranian nuclear power facility, inserting itself into SCADA systems and affecting uranium centrifuges. While never admitted, the worm is generally believed to be the work of the US government's National Security Agency (NSA) with the assistance of Israel.

In 2013, a number of major South Korean banks and a local broadcaster were faced with files vanishing before their eyes and images of leering skulls posted on computer screens.

The coordinated attack crashed systems for the best part of a day, causing widespread disruption. It is believed the outage was due to North Korean state-sponsored hackers.

China has been blamed as the suspected source of a cyberattack launched against the US Office of Personnel Management (OPM) which led to the leak of sensitive information belonging to nearly four million government workers.

A devastating attack launched against Sony Pictures in 2014 resulted in internal systems being crippled, terabytes of data being leaked online, and the sensitive information of celebrities and staff being compromised.

While attribution was difficult beyond a message which suggested the hack was the work of "Guardians of the Peace," the cyberattack has now been formally laid at North Korea's door in the form of Pak Jin Hyok, who was reportedly an intelligence officer for the Reconnaissance General Bureau, North Korea's military intelligence agency.

The Bangladesh Bank was the victim of an insidious cyberattack which relieved the organization of $80 million in funds. Malware was used to infiltrate the bank's networks in order for threat actors to learn how the institution used the SWIFT financial messaging system, and this knowledge was then used to make a series of rapid, fraudulent transactions.

North Korea was later linked to the bold bank heist due to similarities which connected the threat actors to the 2014 Sony cyberattack.

Earlier this year, US and UK law enforcement warned of a mass cybercampaign against home routers, ISPs, and firewall systems. Authorities say the compromised systems were not only offering valuable information to state-sponsored groups but could also pave the way for attacks in the future.

The coordinated attack used Man-in-The-Middle (MiTM) attacks to conduct covert surveillance using the VPNFilter malware.

It is believed Russian, Kremlin-based hackers are behind the campaign.

In 2018, the US Department of Justice (DoJ) indicted 12 Russians, accused of interfering with the US general election due to the Russian government's wishes.

The hackers launched a spearphishing campaign against senior officials for the Hillary Clinton campaign and later leaked close to 20,000 confidential emails and files relating to the Democratic National Committee (DNC).

See also: Russia 'front of the queue' when it comes to hacking, says security minister

Iran is suspected to be behind the deployment of Triton malware in Saudi Arabia. The malware, which displayed a "Stuxnet level of sophistication," was launched against power plants, and in particular, Schneider Electric devices.

Triton's main focus was to tamper with emergency shutdown systems.

In 2016, the city of Kiev in Ukraine suddenly found itself without power. While energy was restored an hour later, but it emerged the reason for the unexpected blackout was not due to a glitch in the system, but rather, malware.

Dubbed Industroyer, the malware -- considered the "biggest threat to industrial control systems since Stuxnet" -- was able to wipe systems and cause industrial services to crash.

Ukrainian officials have blamed Russian state-sponsored hackers for the attack as part of an ongoing "cyberwar" against the country.