- A collection of companies that disclose adversary TTPs after they have been breached
- Useful for analysis of intrusions launched by adversaries with measurable effects and impact
Organization | Breach Date | Adversary | Source |
---|---|---|---|
Boeing | November 2023 | LockBit | cisa.gov / (archived) |
BeyondTrust | October 2023 | Unknown | beyondtrust.com / (archived) |
Okta | October 2023 | Unknown | sec.okta.com / (archived) |
BHI Energy | October 2023 | Akira | documentcloud.org / (archived) |
D-Link | October 2023 | "succumb" | dlink.com / (archived) |
Kroll | August 2023 | Unknown | kroll.com / (archived) |
Microsoft | July 2023 | Storm-0558 (CN MSS) | microsoft.com / (archived) |
JumpCloud | July 2023 | UNC4899 (DPRK RGB) | jumpcloud.com / (archived) |
Dragos | May 2023 | "KyivWarrior" | dragos.com / (archived) |
3CX | March 2023 | UNC4736 (DPRK RGB) | mandiant.com / (archived) |
Coinbase | February 2023 | 0ktapus (suspected) | coinbase.com / (archived) |
February 2023 | 0ktapus (suspected) | reddit.com / (archived) | |
CircleCI | January 2023 | Unknown | circleci.com / (archived) |
LastPass | October 2022 | Unknown | blog.lastpass.com / (archived) |
Uber | September 2022 | Lapsus$ (suspected) | uber.com / (archived) |
Okta | August 2022 | 0ktapus | sec.okta.com / (archived) |
Twilio | August 2022 | 0ktapus | twilio.com / (archived) |
Cisco | May 2022 | Yanluowang | blog.talosintelligence.com / (archived) |
GitHub | April 2022 | Unknown | github.blog / (archived) |
Okta | April 2022 | Lapsus$ | okta.com / (archived) |
Microsoft | March 2022 | Lapsus$ | microsoft.com / (archived) |
Kaseya | July 2021 | Unknown | helpdesk.kaseya.com / (archived) |
Viasat KA-SAT | February 2022 | Sandworm (RU GRU) | news.viasat.com / (archived) |
Irish HSE | May 2021 | Conti | hse.ie / (archived) |
Microsoft | February 2021 | CozyBear (RU SVR) | msrc.microsoft.com / archived |
New Zealand Reserve Bank | January 2021 | FIN11 | rbnz.govt.nz / (archived) |
FireEye | December 2020 | CozyBear (RU SVR) | fireeye.com / (archived) |
SolarWinds | December 2020 | CozyBear (RU SVR) | solarwinds.com / (archived) |
Equinix | September 2020 | Netwalker | datacenterdynamics.com / (archived) |
CapitalOne | July 2019 | "ERRAT1C" (aka Paige Thompson) | capitalone.com / (archived) |
Avast/CCleaner | September 2016 | WickedPanda (CN MSS) | blog.avast,com / (archived) |
Kaspersky | June 2015 | Duqu 2.0 | kaspersky.com / (archived) |
RSA | April 2011 | CN PLA | (archived) |