Join or Sign In

Register for your free ZDNet membership or if you are already a member, sign in using your preferred method below.

Use your email Use Linkedin Use Facebook

The worst cyberattacks undertaken by nation-state hackers

These are the worst known cyberattacks which are believed to be the work of hackers backed by governments and ruling parties worldwide.

Topic: Security
1 of 12 Charlie Osborne/ZDNet


The WannaCry ransomware campaign hit hundreds of thousands of computer systems worldwide in one fell swoop, causing disruption to countless organizations including the UK's National Health Service (NHS), US hospitals, Nissan, and Russian banks.

The ransomware spread, made possible through a leaked NSA hacking tool and Windows exploit Eternal Blue, is believed to be the work ofNorth Korea.

2 of 12 Charlie Osborne/ZDNet


NotPetya, another global malware campaign which claimed victims in Ukraine, Russia, Denmark, the UK, and the United States in 2017, caused chaos at everything from banks to shipping companies and nuclear facilities.

Originally, NotPetya was believed to be a kind of ransomware, but further analysis revealed the malware's true destructive purposes.

UK officials have blamed the Russian militaryfor the cyberattack.

See also: Cybersecurity: Nation-state cyber attacks threaten everyone, warns ex-GCHQ boss

3 of 12 Charlie Osborne/ZDNet


An advanced persistent threat (APT) group believed to be backed by the Russian government, Turla has been quietly attacking political targets for many years.

Turla, active for at least a decade, has been connected to cyberattacks launched against European government organizations, including consulates and embassies.

The group uses the Gazer malware family, watering hole attacks, and phishing campaigns.

4 of 12 Charlie Osborne/ZDNet


Back in 2010, the Stuxnet worm infiltrated an Iranian nuclear power facility, inserting itself into SCADA systems and affecting uranium centrifuges. While never admitted, the worm is generally believed to be the work of the US government's National Security Agency (NSA) with the assistance of Israel.

5 of 12 Charlie Osborne/ZDNet

Skulls in South Korea

In 2013, a number of major South Korean banks and a local broadcaster were faced with files vanishing before their eyes and images of leering skulls posted on computer screens.

The coordinated attack crashed systems for the best part of a day, causing widespread disruption. It is believed the outage was due to North Korean state-sponsored hackers.

6 of 12 Charlie Osborne/ZDNet

A string of attacks

China has been blamed as the suspected source of a cyberattack launched against the US Office of Personnel Management (OPM) which led to the leak of sensitive information belonging to nearly four million government workers.

7 of 12 Charlie Osborne/ZDNet

Sony's suffering

A devastating attack launched against Sony Pictures in 2014 resulted in internal systems being crippled, terabytes of data being leaked online, and the sensitive information of celebrities and staff being compromised.

While attribution was difficult beyond a message which suggested the hack was the work of "Guardians of the Peace," the cyberattack has now been formally laid at North Korea's door in the form of Pak Jin Hyok, who was reportedly an intelligence officer for the Reconnaissance General Bureau, North Korea's military intelligence agency.

8 of 12 Charlie Osborne/ZDNet

The bank heist of the century

The Bangladesh Bank was the victim of an insidious cyberattack which relieved the organization of $80 million in funds. Malware was used to infiltrate the bank's networks in order for threat actors to learn how the institution used the SWIFT financial messaging system, and this knowledge was then used to make a series of rapid, fraudulent transactions.

North Korea was later linked to the bold bank heist due to similarities which connected the threat actors to the 2014 Sony cyberattack.

9 of 12 Charlie Osborne/ZDNet

Routers worldwide

Earlier this year, US and UK law enforcement warned of a mass cybercampaign against home routers, ISPs, and firewall systems. Authorities say the compromised systems were not only offering valuable information to state-sponsored groups but could also pave the way for attacks in the future.

The coordinated attack used Man-in-The-Middle (MiTM) attacks to conduct covert surveillance using the VPNFilter malware.

It is believed Russian, Kremlin-based hackers are behind the campaign.

10 of 12 Charlie Osborne/ZDNet


In 2018, the US Department of Justice (DoJ) indicted 12 Russians, accused of interfering with the US general election due to the Russian government's wishes.

The hackers launched a spearphishing campaign against senior officials for the Hillary Clinton campaign and later leaked close to 20,000 confidential emails and files relating to the Democratic National Committee (DNC).

See also: Russia 'front of the queue' when it comes to hacking, says security minister

11 of 12 Charlie Osborne/ZDNet

Power plants in turmoil

Iran is suspected to be behind the deployment of Triton malware in Saudi Arabia. The malware, which displayed a "Stuxnet level of sophistication," was launched against power plants, and in particular, Schneider Electric devices.

Triton's main focus was to tamper with emergency shutdown systems.

12 of 12 Charlie Osborne/ZDNet


In 2016, the city of Kiev in Ukraine suddenly found itself without power. While energy was restored an hour later, but it emerged the reason for the unexpected blackout was not due to a glitch in the system, but rather, malware.

Dubbed Industroyer, the malware -- considered the "biggest threat to industrial control systems since Stuxnet" -- was able to wipe systems and cause industrial services to crash.

Ukrainian officials have blamed Russian state-sponsored hackers for the attack as part of an ongoing "cyberwar" against the country.

Related Galleries

First look at the YubiKey Bio
YubiKey Bio

Related Galleries

First look at the YubiKey Bio

iVerify (version 17)
iVerify for iOS and iPadOS

Related Galleries

iVerify (version 17)

OnlyKey hardware security key

Related Galleries

OnlyKey hardware security key

SoloKeys Solo V2
Solo V2

Related Galleries

SoloKeys Solo V2

iVerify: Added security for iPhone and iPad users

Related Galleries

iVerify: Added security for iPhone and iPad users

iStorage datAshur BT hardware encrypted flash drive
iStorage datAshur BT

Related Galleries

iStorage datAshur BT hardware encrypted flash drive

Netgear BR200 small-business router
Netgear BR200

Related Galleries

Netgear BR200 small-business router