Cyberattacks by country

A cyberattack is any unauthorized effort against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

Italy

South Tyrol

In 2025, South Tyrol, Italy, experienced a significant system failure, which was later confirmed to be the result of a cyberattack. The attack targeted critical infrastructure, including emergency communication systems, leading to major disruptions in emergency response operations. Hackers issued a ransom demand following the attack. Local authorities quickly acknowledged the breach and began efforts to restore affected systems. The cause of the attack and the perpetrators are under investigation by relevant authorities.^[1]

Azerbaijan

Hackers from Azerbaijan and Armenia have actively participated in cyber warfare as part of the Nagorno-Karabakh conflict cyber warfare over the disputed region of Nagorno-Karabakh, with Azerbaijani hackers targeting Armenian websites and posting Ilham Aliyev's statements.^[2][3]

Canada

"Chinese state-sponsored actor" attacked a research facility in Canada in 2011. Unknown hackers attacked Canada's foreign ministry in 2022.^[4]

China

Main article: Cyberwarfare and China

China's People's Liberation Army (PLA) has developed a strategy called "Integrated Network Electronic Warfare" which guides computer network operations and cyber warfare tools. This strategy helps link together network warfare tools and electronic warfare weapons against an opponent's information systems during the conflict. They believe the fundamentals for achieving success is about seizing control of an opponent's information flow and establishing information dominance.^[5] The Science of Military and The Science of Campaigns both identify enemy logistics systems networks as the highest priority for cyberattacks and states that cyber warfare must mark the start of a campaign, used properly, can enable overall operational success.^[5] Focusing on attacking the opponent's infrastructure to disrupt transmissions and processes of information that dictate decision-making operations, the PLA would secure cyber dominance over their adversary. The predominant techniques that would be utilized during a conflict to gain the upper hand are as follows, the PLA would strike with electronic jammers, electronic deception, and suppression techniques to interrupt the transfer processes of information. They would launch virus attacks or hacking techniques to sabotage information processes, all in the hopes of destroying enemy information platforms and facilities. The PLA's Science of Campaigns noted that one role for cyber warfare is to create windows of opportunity for other forces to operate without detection or with a lowered risk of counterattack by exploiting the enemy's periods of "blindness", "deafness" or "paralysis" created by cyberattacks.^[5] That is one of the main focal points of cyber warfare, to be able to weaken your enemy to the full extent possible so that your physical offensive will have a higher percentage of success.

The PLA conducts regular training exercises in a variety of environments emphasizing the use of cyber warfare tactics and techniques in countering such tactics if it is employed against them. Faculty research has been focusing on designs for rootkit usage and detection for their Kylin Operating System which helps to further train these individuals' cyber warfare techniques. China perceives cyber warfare as a deterrent to nuclear weapons, possessing the ability for greater precision, leaving fewer casualties, and allowing for long-ranged attacks.

On March 2, 2021, Microsoft released an emergency security update to patch four security vulnerabilities that had been used by Hafnium, a Chinese nation-state-sponsored hacking group that had compromised at least 30,000 public and private Microsoft exchange servers.^[6]

In September 2022, China's National Computer Virus Emergency Response Center (CVERC) accused the NSA of carrying out a series of cyberattacks against Northwestern Polytechnical University as part of tens of thousands of “malicious network attacks” that it said the agency conducted against Chinese targets.^[7][8] The United States has said the university has conducted extensive military research and its department of Commerce has put the university on its entity list.^[8]

In April 2025, CVERC said the information systems for the 2025 Asian Winter Games which it hosted were subjected to more than two hundred thousand foreign cyberattacks and accused the United States of being behind most of the attacks.^[9] CVERC said that the attacks did not cause significant damage, and condemned cyberattacks targeting major international events.^[10] The allegation were made in the midst of a trade war between the US and China and after the US accused Beijing of carrying out a cyberespionage campaign that targeted US-based critics of Beijing.^[11]

Estonia

Main article: 2007 cyberattacks on Estonia

The 2007 cyberattacks on Estonia were a series of cyberattacks that began on 27 April 2007 and targeted websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers, and broadcasters, amid the country's disagreement with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn.^[12][13] The attacks triggered a number of military organizations around the world to reconsider the importance of network security to modern military doctrine. The direct result of the cyberattacks was the creation of the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn.

Ethiopia

In an extension of a bilateral dispute between Ethiopia and Egypt over the Grand Ethiopian Renaissance Dam, Ethiopian government websites have been hacked by the Egypt-based hackers in June 2020.^[14]

India and Pakistan

Main article: India–Pakistan relations

There were two such instances between India and Pakistan that involved cyberspace conflicts, starting in the 1990s. Earlier cyber attacks came to be known as early as 1999.^[15] Since then, India and Pakistan were engaged in a long-term dispute over Kashmir which moved into cyberspace. Historical accounts indicated that each country's hackers have been repeatedly involved in attacking each other's computing database system. The number of attacks has grown yearly: 45 in 1999, 133 in 2000, 275 by the end of August 2001.^[15] In 2010, Indian hackers laid a cyber attack at least 36 government database websites going by the name "Indian Cyber Army".^[16] In 2013, Indian hackers hacked the official website of Election Commission of Pakistan in an attempt to retrieve sensitive database information.^[17] In retaliation, Pakistani hackers, calling themselves "True Cyber Army" hacked and defaced ~1,059 websites of Indian election bodies.^[17]

In 2013, India's Ministry of Electronics and Information Technology (MeitY) which was then known as Department of Electronics and Information Technology (DeitY), unveiled a cybersecurity policy framework called National Cyber Security Policy 2013 which officially came into effect on July 1, 2013.^[18]

According to the media, Pakistan's has been working on effective cyber security systems, in a program called the "Cyber Secure Pakistan" (CSP).^[19] The program was launched in April 2013 by the Pakistan Information Security Association and the program has expanded to country's universities.

In 2020, according to the Media reports, Pakistan Army confirms the series of Cyber Attacks that has been identified on Pakistani Government and private websites by the Indian Intelligence. ISPR also advised the government and private institutions to enhance cyber security measures.^[20]

Indonesia

Indonesia said it has started to recover data that had been encrypted in a major ransomware attack in June 2024 which affected more than 160 government agencies.

The attackers identified as Brain Cipher asked for $8 million in ransom to unlock the data before later apologising and releasing the decryption key for free, according to Singapore-based cybersecurity firm StealthMole.^[21]

Iran

On 8 February 2020, the telecommunication network of Iran witnessed extensive disruptions at 11:44 a.m. local time, which lasted for about an hour. The Ministry of Information and Communications Technology of Iran confirmed it as a Distributed Denial of Service attack. The Iranian authorities activated the "Digital Fortress" cyber-defense mechanism to repel. Also known as DZHAFA, it led to a drop of 75 percent in the national internet connectivity.^[22]

On the noon of 26 October 2021, a cyberattack caused all 4,300 fuel stations in Iran to disrupt and disable government-issued cards for buying subsidized fuel. This cyber attack also caused digital billboards to display messages against the Iranian government.^[23][24]

Ireland

Main article: Health Service Executive ransomware attack

On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyber attack which caused all of its IT systems nationwide to be shut down.^{[25][26][27][28]}

It was the most significant cybercrime attack on an Irish state agency and the largest known attack against a health service computer system.^[29][30] The group responsible was identified as a criminal gang known as Wizard Spider, believed to be operating from Russia.^[31][32][33] The same group is believed to have attacked Ireland's Department of Health with a similar cyber attack.

Israel

In April 2020, there were attempts to hack into Israel's water infrastructure of the Sharon central region by Iran, which was thwarted by Israeli cyber defenses. The cyberattack intended to introduce dangerous levels of chlorine into the Israeli water supply.^[34]

North Korea

In February 2024 UN sanctions monitors were investigating claims that dozens of cyber attacks that North Korea is suspected of carrying out has raised around $3 billion which is being used to fund and develop its nuclear weapons program.^[35]

Further information: Sony Pictures hack

Norway

In August 2020 the Norwegian parliament Stortinget suffered a cyberattack on the email system belonging to several officials. In December 2020, the Norwegian Police Security Service said the likely perpetrators were the Russian cyber espionage group Fancy Bear.^[36]

Russia

During the 2018 FIFA World Cup, Russia countered and stopped around 25 million cyber-attacks on IT Infrastructure.^[37][38]

In June 2019, Russia has conceded that it is "possible" its electrical grid is under cyber attack by the United States.^[39] The New York Times reported that American hackers from the United States Cyber Command planted malware potentially capable of disrupting the Russian electrical grid.^[40]

On 19 October 2020, the US justice department charged six Russian military officers of a worldwide hacking campaign, which attacked targets like French election, the 2018 Winter Olympic Games opening ceremony, US businesses and Ukraine's electricity grid. The campaign was believed to have cost billions of dollars for the mass disruption it caused.^[41]

Ukraine

Main article: 2017 cyberattacks on Ukraine

A series of powerful cyber attacks began 27 June 2017, that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. In January 2022, Microsoft disclosed activity of a ransomware and DoS attack on various government agencies and organizations.^[42][43]

United Arab Emirates

In 2019, Reuters reported that United Arab Emirates launched a series of cyberattacks on its political opponents, journalists, and human rights activists under Project Raven, on an espionage platform namely Karma. The team included ex-US intelligence agents. Project Raven commenced in 2009 and was planned to be continued for the coming ten years.

United Arab Emirates, used and asked for help from couple of countries providing their best calibres to overcome this crisis, and to confine the damage and consequences upon Project Raven, and indeed big names did participate to help like the American master, Graham Dexter, and the Egyptian phenomenal name in cybersecurity, Elhamy El Sebaey.^[44]