Digital security company ESET has reviewed prominent hacking and data breach incidents in 2022. The data revealed that there was no reduction in cyber-attacks in 2022

While the list includes the 10 biggest cyber-attacks that took place in 2022, it is not arranged in any particular order. Experts underlined that they created the list by taking into account the malicious cyber-attacks that targeted Ukraine and the world-wide following.

Ukraine became the country most targeted in cyber-attacks. Early in the Russia-Ukraine war, ESET researchers worked closely with CERT-UA to neutralize an attack that targeted the country’s power grid, including devastating malware called Sandworm, which was used against high-voltage electrical substations. Ukraine under cyber-attack has been the target of many data cleaners. According to experts, CaddyWiper is not the only destructive data cleaner detected in Ukraine just before or in the first weeks of the war. On February 23, ESET telemetry detected the HermeticWiper data cleaner on hundreds of devices belonging to several organizations in Ukraine. The next day, a second devastating, data-wiping attack began against the Ukrainian government network, and this time IsaacWiper emerged.

In addition, Ukraine also faced slowdown of the internet. About an hour before the war, a massive cyberattack on commercial satellite internet company Viasat disrupted broadband internet service used by hundreds of people in Ukraine and elsewhere in Europe, leaving behind thousands of useless modems. It is thought that the attack, in which a misconfigured VPN service was used to gain access to the management section of the satellite network system, was aimed at disrupting the communication capabilities of the Ukrainian command in the first hours of the war. However, the effects of this attack were not limited to Ukraine.

Another major player in the informal cybercrime world this year was the Conti group, which uses ransomware as a Service / RaaS. This group carried out one of its most serious attacks against the small South American country of Costa Rica. The government declared this shocking attack a national emergency after calling it “cyber terrorism”.

In 2022, other ransomware actors took action as well. A CISA alert for September announced that Iran-linked threat actors had attacked a local government and aerospace company in the United States, among other targets. This attack used Log4Shell, which is notorious for ransomware attacks, which is not uncommon for government-sponsored organizations.

Ronin Network was created by Vietnamese blockchain game developer Sky Mavis as an Ethereum sidechain for the game Axie Infinity. In March, it was revealed that hackers had withdrawn 173,600 Ethereum ($592 million) and $25.5 million from Ronin Bridge in two separate transactions using compromised private passwords. The $618 million theft at March prices was the largest ever theft from a crypto firm. The infamous North Korean group Lazarus has been cited as the person behind the attack since the attack.

Lapsus$ made a name for itself as a racketeering group in 2022, using high-profile data thefts to extort payments from its corporate victims. Its corporate victims include Microsoft, Samsung, Nvidia, Ubisoft, Okta and Vodafone. Among the methods they use is bribing people in companies or contractors. Although the group remained relatively quiet for a while, it resurfaced at the end of the year, attacking Rockstar Games, the developer of Grand Theft Auto. Several members of the group were allegedly arrested in the United Kingdom and Brazil.

In January, the ICRC reported a major data breach that compromised the personal information of more than 515,000 “vulnerable” victims. Data stolen from a Swiss contractor includes information on people separated from their families due to conflict, migration and natural disasters, missing persons and their families and detainees.

In September, Uber reported that a hacker, possibly a member of the Lapsus$ group, had breached their email and cloud systems, code repositories, on-premises Slack account, and HackerOne tickets. The threat actor in question targeted an outside contractor of Uber, most likely by obtaining its corporate password from the darknet.

Ransomware actors seized all the personal data of four million customers of Austrian health insurance company Medibank in an attack that cost the firm US$35 million. Those responsible are believed to be linked to REvil (Sodinokibi), a notorious ransomware-as-a-service (RaaS) group responsible for first access, with compromised privileged credentials.