The Biggest Cyberattacks in History | History Hit

The Biggest Cyberattacks in History

Harry Atkins

24 Mar 2022
Internet security software performing an anti-virus and anti-spyware scan on a laptop, after the NHS has been hit by a major cyber attack on its computer systems.
Image Credit: PA Images / Alamy Stock Photo

Whether they’re financially or politically motivated, cyberattacks can have enormously far-reaching effects. In the 21st century, cybersecurity has become an increasingly vital geopolitical consideration. When breached, the results can be catastrophic.

In 2017, for example, the Russian cyber military unit Sandworm orchestrated a malware attack that cost global businesses an estimated $1 billion. A few years later, on the other hand, in 2021, hackers breached the system of a water treatment facility in Florida, nearly poisoning a regional water supply by programming a dangerous increase in sodium hydroxide.

Read on to find out about some of the most impactful cyberattacks in history.

1. Cyberattacks on Estonia (2007)

Hybrid warfare has become a widely used term in recent years. The exact meaning of the concept is hazily understood but it typically refers to a form of non-standard warfare that combines a variety of ‘irregular’ non-kinetic tactics. The US Joint Forces Command defines it as any “adversary that simultaneously and adaptively employs a tailored mix of conventional, irregular, terrorism and criminal means or activities… Rather than a single entity, a hybrid threat or challenger may be a combination of state and non-state actors”.

Cyberwarfare is an increasingly common element of the hybrid warfare ‘mix’ but it was still fairly novel in 2007 when Estonia was bombarded by a massive cyberattack. The attack, which massively destabilised the Baltic state’s infrastructure and economy, causing nationwide communication breakdowns, banking failures and media blackouts, came after Estonian authorities decided to move a bronze memorial of a Soviet soldier from the centre of Tallinn to a military cemetery on the outskirts of the city.

The Bronze Soldier of Tallinn in its new location, 2009.

Image Credit: Liilia Moroz via Wikimedia Commons / Creative Commons

The move was hugely controversial, angering large sections of Estonia’s Russian-speaking population and sparking two nights of riots and looting. The cyberattack followed, plunging Estonia into chaos.

A notable characteristic of cyberwarfare is that it’s often unclear who is orchestrating an attack. This was certainly the case with the 2007 attack on Estonia: while it was widely assumed that Russia was responsible, concrete evidence was hard to come by. It was only under the condition of anonymity 10 years later that an Estonian government official told the BBC that evidence suggested the attack “was orchestrated by the Kremlin, and malicious gangs then seized the opportunity to join in and do their own bit to attack Estonia“.

2. SolarWinds cyberattack (2020)

A cyberattack on an unprecedented scale, the Sunburst attack on SolarWinds, a major software company based in Tulsa, Oklahoma, sent shockwaves through America in 2020. The attack entailed a supply chain breach involving SolarWinds’ Orion software, which is used by many multinational companies and government agencies.

By sneaking malware code (that came to be known as Sunburst) onto a routine Orion update, the hackers, thought to be directed by a Russian espionage operation, gained unfettered access to thousands of organisations, including the US government, for up to 14 months.

3. Ukraine power grid attack (2015)

This cyberattack on the Ukrainian power grid gave the world an early taste of Russia’s capacity to engage in far-reaching cyberwarfare as part of its ongoing effort to destabilise its neighbour. Carried out a year after the annexation of Crimea – widely regarded as the moment when Russia’s war with Ukraine effectively began – this complex attack is notable for being the first successful cyberattack on a power grid.

What has led to Russia's invasion of Ukraine?
Listen Now

The attack, which is attributed to the Russian cyber military unit Sandworm, began when the Prykarpattyaoblenergo control centre fell victim to a cyber breach. The infiltration enabled hackers to seize control of a substation’s computer systems and take it offline. Attacks on further substations quickly followed. Ultimately 200,000-230,000 Ukrainian citizens are estimated to have been impacted by the attack.

4. NotPetya malware attack (2017)

Two years after the Ukraine power grid attack, Sandworm struck again, this time with a malware attack that, while almost certainly focused on Ukraine, inflicted enormous collateral damage across the globe. It’s estimated that organisations collectively lost $1 billion as a result of the attack.

NotPetya was so named because it initially resembled a ransomware attack called Petya, which was named after a weapons system in the James Bond film GoldenEye. But NotPetya proved to be a more significant and virulent threat. Like the WannaCry ransomware that also caused global havoc in 2017, it utilised a Windows Server Message Block (SMB) exploit to spread more rapidly.

Interestingly, although NotPetya gave the impression of being a ransomware attack, clues quickly began to suggest that the motives of its creators were more political than financial and that Ukraine was their main target. One such clue was the software used to initiate the infection was the Ukrainian tax software, M.E.Doc, which is used throughout the country. As a result, 80% of NotPetya infections were estimated to have occurred in Ukraine.

5. WannaCry ransomware attack (2017)

Carried out in the same year as NotPetya, the notorious WannaCry ransomware attack employed similar methodology but, if anything, its impact was even more far-reaching. Like NotPetya, WannaCry propagated via the Windows exploit EternalBlue, which was stolen and leaked a few months prior to the attack. Many of the organisations that fell victim to WannaCry had yet to implement recently released patches that were designed to close the exploit.

WannaCry worked by automatically spreading across networks, infecting computers then encrypting data and demanding a ransom ($300 in Bitcoin within three days or $600 within seven days) to decrypt that data. The scale of the WannaCry attack was enormous, with Europol estimating that around 200,000 computers were infected across 150 countries. In the UK, it had a particularly alarming impact on the NHS, infecting 70,00 devices including computers, MRI scanners and other theatre equipment. Perhaps unsurprisingly the attack sparked an inquest into apparent NHS cybersecurity flaws.

Attribution for the attack has been disputed but it is widely thought that the North Korea-linked Lazarus Group was responsible.

Screenshot of the WannaCry ransom note on an infected system

Image Credit: 황승환 via Wikimedia Commons / Creative Commons

6. Florida water system attack (2021)

A troubling reminder that outmoded tech can provide hackers with an easy entrance point onto an otherwise sophisticated network. In the case of this attack on a water treatment facility in Oldsmar, Florida, an old PC running Windows 7 with no firewall enabled a hacker to gain access and increase the amount of sodium hydroxide in the water by a factor of 100. The breach could have been catastrophic had it not been caught in time.

7. Colonial Pipeline Company ransomware attack (2021)

Perhaps the most shocking thing about this cyberattack is the fact that it supposedly took just one compromised password to disable the largest petroleum pipeline in America for several days. On 7 May 2021, the Colonial Pipeline Company reported that it had fallen prey to a cybersecurity attack involving ransomware and had been forced to take its pipeline – which supplies about half of the East Coast’s gasoline – offline. The potential impact of a prolonged disruption was deemed serious enough to justify paying the hackers, an eastern European outfit called DarkSide, $4.4 million worth of bitcoin.

A sign is displayed at an empty pump explaining the shortage caused by the Colonial Pipeline cyber attack. 2021.

Image Credit: Sharkshock /

8. Kaseya supply chain ransomware attack (2021)

This ransomware attack echoed the SolarWinds hack in that it targeted MSPs (Managed Service Provider) to achieve a more far-reaching impact. Breach an MSP and you can compromise far more than one company. In June 2021 Kaseya, a Florida-based IT management software provider used by numerous MSPs was hit by a supply chain ransomware attack.

Hackers (identified as the ransomware gang REvil) had pushed malware to Kaseya’s global customer base via a phoney update for its Virtual System Administrator (VSA) solution. The ripple effect was extremely widespread, impacting 60 Kaseya customers (mostly MSPs) and their customers. It’s been reported that more than 1,500 companies were affected.

9. RockYou2021 (2021)

When a user posted an enormous 100GB TXT file on a popular hacker forum in June 2021 they claimed that it contained 82 billion passwords. Tests later found that there were in fact ‘only’ 8.4 billion passwords in the file.

Named after the original RockYou breach of 2009, which saw hackers leak more than 32 million user passwords, RockYou2021 appeared to be a mind-bendingly huge password collection. Even if it proved not to be quite as massive as billed, 8.4 billion passwords equates to two passwords for every online person in the world (it’s estimated that there are 4.7 billion people online).

Unsurprisingly, the leak triggered widespread panic. But there was a further twist – it transpired that the vast majority of the alleged 8.4 billion leaked passwords were already known – the list was essentially a huge compilation and didn’t reveal any freshly compromised passwords.

Dan Snow meets Calder Walton for a martini and an overview of Russia's history of interference in foreign elections.
Listen Now

Harry Atkins