Every year has its own mix of digital security crises, from the absurd to the horrific, but 2024 was particularly marked by hacking incidents in which cybercriminals and state-backed espionage groups targeted the same weaknesses or types of targets to fuel their frenzy. Took advantage of again and again. For the attackers, the approach is brutally efficient, but for the compromised institutions – and the individuals they serve – the malicious violence had very real consequences for people's privacy, security and safety.
As political turmoil and social unrest continue to increase around the world, 2025 will be a complex and potentially explosive year in cyberspace. But first, WIRED's look at this year's worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks and digital extortion cases. Be alert, and stay safe out there.
Espionage operations are a fact of life, and relentless Chinese campaigns have been persistent in cyberspace for years. But the China-linked espionage group Salt Typhoon carried out a particularly notable operation this year, infiltrating several US telecommunications companies including Verizon and AT&T (as well as others around the world) over the course of several months. And U.S. officials told reporters earlier this month that many of the victimized companies were still actively attempting to remove the hackers from their networks.
The attackers conducted surveillance on a small group of people — fewer than 150 by current count — but they included individuals who were already subject to U.S. wiretap orders, as well as State Department officials and officials from both the Trump and Harris presidential campaigns. Members of were also included. Additionally, messages and calls from other people interacting with the Salt Typhoon targets were also naturally caught in the spying scheme.
Throughout the summer, attackers were breaking into major companies and organizations that were all customers of cloud data storage company Snowflake. The spree barely amounts to hacking, as the cybercriminals were only using stolen passwords to log into Snowflake accounts that did not have two-factor authentication turned on. The end result, however, was that an extraordinary amount of data was stolen from victims including Ticketmaster, Santander Bank, and Neiman Marcus. Another major victim, telecommunications giant AT&T, Said in July that “almost all” records relating to calls and texts from its customers The thefts occurred in a Snowflake-related intrusion during a seven-month period in 2022. Security firm Mandiant, which is owned by Google, said in june That this violence affected approximately 165 victims.
In July, Snowflake added a feature so account administrators could mandate two-factor authentication for all their users. In November, suspect Alexander “Connor” Chance Arrested by Canadian law enforcement for allegedly leading hacking spreeHe was indicted by the US Justice Department for the snowflake tearing and faces extradition to the US. john erin binnsArrested in Turkey on charges related to Telecom T-Mobile's 2021 breach, he was also convicted on charges related to the Snowflake customer breach.
In late February, medical billing and insurance processing company Change Healthcare was hit by a ransomware attack, causing disruption to hospitals, doctors' offices, pharmacies and other health care facilities across the US. The attack is one of the largest-ever breaches of medical data, affecting more than 100 million people. The company, which is owned by UnitedHealth, is a leading medical billing processor in the US. Days after the attack began it said it believed the notorious Russian-speaking ransomware gang ALPHV/BlackCat was behind the attack.
Personal data stolen in the attack included patient phone numbers, addresses, banking and other financial information, and health records including diagnoses, prescriptions and treatment details. company $22 million ransom paid to ALPHV/BlackCat In an attempt to control the situation in early March. appears to be paid Attackers emboldened to attack health care targets At a higher rate than normal. With notifications issued for more than 100 million victims—and more being discovered—lawsuits and other aftershocks are mounting. This month, for example, the situation Nebraska sues Change HealthcareAlleged that “failure to implement basic security protections” made the attack worse than it should have been.
Microsoft Said Russia's “Midnight Blizzard” hackers were said to have broken into the email accounts of company executives in an incident in January. The group is linked to the Kremlin's SVR foreign intelligence agency and is particularly linked to the SVR's APT 29, also known as Cozy Bear. Following the initial intrusion in November 2023, attackers targeted and compromised historical Microsoft systems test accounts, allowing them to access what the company described as, “a very small percentage of Microsoft corporate email accounts, including our senior “Leadership team members and staff were also involved.” Our cyber security, legal and other functions.” From there, the group stole “some emails and attached documents.” Microsoft said it appeared the attackers were looking for information about what the company knew about them – in other words, Midnight Blizzard was conducting reconnaissance of Microsoft's research into the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach caused by Midnight Blizzard.
Background check company National Public Data suffered a breach in December 2023, and data from the incident began appearing for sale on cybercriminal forums in April 2024. Various configurations of the data emerged repeatedly over the summer, culminating in public confirmation. Violations by the company in August. Stolen data included names, Social Security numbers, phone numbers, addresses and dates of birth. Since National Public Data did not confirm the breach until August, speculation about the situation continued to grow for months and included theories that the data included tens or hundreds of millions of Social Security numbers. Although the breach was significant, the actual number of individuals affected, mercifully, appears to be much lower. company stated in a filing Officials in Maine were told the breach affected 1.3 million people. In October, National Public Data's parent company, Jericho Pictures, Filed for Chapter 11 bankruptcy The company is confronting the incident, citing a restructuring in the Southern District of Florida, state and federal investigations into the violations, as well as multiple lawsuits.
Honorable Mention: North Korean Cryptocurrency Theft
a lot of people steal a lot of cryptocurrency every year, including North Korean cyber criminals who have order to help fund Sage Empire. A report However, a release this month by cryptocurrency tracing firm Chainalysis shows just how aggressive Pyongyang-backed hackers have become. Researchers found that in 2023, hackers linked to North Korea stole more than $660 million in 20 attacks. This year, they stole approximately $1.34 billion in 47 incidents. The figures for 2024 represent 20 percent of the total incidents tracked by Chainalysis for the year and 61 percent of the total funds stolen by all actors.
The sheer dominance is impressive, but researchers emphasize the seriousness of the crimes. “U.S. and international officials have assessed that Pyongyang uses stolen crypto to finance its weapons of mass destruction and ballistic missile programs, posing a threat to international security,” Chainalysis wrote.