The global digital infrastructure is not a secure environment. The Center for Strategic and International Studies (CSIS) has tracked significant cyberattacks since 2006, state-sponsored espionage operations, ransomware campaigns, critical infrastructure breaches, and mass data theft events, producing a living document now spanning 103 pages of documented incidents. Every page adds another entry. No year since 2006 has contained zero attacks.
The online world is not 100% safe. It never was.
What the CSIS Cyber Incident Record Shows
CSIS (Center for Strategic & International Studies) cyber incident tracking covers only significant events, state-sponsored actions, espionage campaigns, and attacks causing losses exceeding $1 million. Petty cybercrime, minor breaches, and unreported incidents do not appear in this record. The 103-page document represents the floor of global cyber threat activity, not the ceiling.
The targets span every sector, every continent, and every level of government and private industry across 20 consecutive years.
| Year Range | Notable Attack | Target | Loss / Impact |
| 2006–2010 | Operation Aurora | Google, Adobe, 20+ U.S. firms | Intellectual property theft |
| 2012 | Shamoon virus attack | Saudi Aramco | 30,000 computers wiped |
| 2014 | Target retail breach | 40 million credit cards stolen | 70 million accounts compromised |
| 2015 | U.S. Office of Personnel Management | U.S. government clearance records | 21.5 million records exfiltrated |
| 2015 | Ukraine power grid attack | Regional power distribution companies | 225,000 citizens lost power |
| 2016 | Democratic National Committee breach | U.S. political infrastructure | 20,000 emails leaked |
| 2024 | Salt Typhoon telecom breach | 8+ U.S. telecommunications providers | Customer call data and law enforcement surveillance records were stolen |
| 2025 | ByBit cryptocurrency heist | Dubai-based exchange | $1.5 billion stolen — largest crypto theft in history |
| 2025 | Jaguar Land Rover ransomware | UK manufacturing operations | Estimated £1.9 billion damage — most costly cyber event in UK history |
| 2025 | U.S. Congressional Budget Office breach | Federal legislative planning data | Internal communications and policy data accessed |
The 5 Attack Categories Targeting Every Sector Simultaneously
Significant cyberattacks documented by CSIS fall across 5 persistent categories, each active every year since 2006 without interruption.
1. State-Sponsored Espionage:
Nation-state cyber operations constitute the most consistent and damaging category in the CSIS record. Chinese cyber espionage operations surged 150% overall in 2024, with attacks against financial, media, manufacturing, and industrial sectors rising to 300% in a single year. Chinese attacks on Taiwan reached 2.4 million daily attempts in 2024. Russian cyberattacks on Ukraine surged 70% in 2024, producing 4,315 documented incidents against critical infrastructure alone.
2. Critical Infrastructure Attacks:
Power grids, water systems, airports, and healthcare networks represent active and recurring targets. A ransomware attack on Collins Aerospace’s airport operations platform disrupted check-in and boarding at Heathrow, Brussels, and Berlin airports simultaneously in September 2025. Russian hackers briefly seized control of a Norwegian dam in April 2025. The INC ransomware gang halted emergency alerts across multiple U.S. states in November 2025 by compromising the CodeRED alert system.
3. Financial System Penetration:
North Korea’s Lazarus Group stole $1.5 billion in Ethereum from ByBit in February 2025, the largest cryptocurrency theft in recorded history, laundering $160 million within the first 48 hours. The same group stole $30.4 million from South Korea’s Upbit exchange in November 2025. In 2013, a gang of 8 hackers extracted $45 million from UAE and Omani banks within hours by eliminating withdrawal limits on prepaid debit cards.
4. Mass Data Exfiltration:
June 2025 produced the largest known data leak in China’s history; over 4 billion user records from WeChat and Alipay were exposed in a single incident. The 2015 U.S. Office of Personnel Management breach exfiltrated 21.5 million records, including background investigation files for every cleared U.S. government employee. South Korean e-commerce platform Coupang reported 33.7 million compromised customer accounts in December 2025.
5. Political and Election Interference:
Romanian election systems absorbed 85,000 cyberattacks from Russian actors in December 2024, with credential leaks published on Russian hacker forums immediately before voting day. Chinese cyber actors conducted coordinated disinformation campaigns on WeChat targeting Canadian Liberal leadership candidates in February 2025, reaching 2–3 million global users. The DNC breach in 2016 released 20,000 internal emails, traced directly to Russian intelligence agencies.
No Sector, No Country, No Infrastructure Is Exempt
The CSIS record demonstrates that cyberattacks follow no geographic or sectoral boundary. Healthcare, defense, finance, energy, aviation, retail, government, telecommunications, and childcare have all absorbed significant documented breaches. The September 2025 ransomware attack on Kido International exfiltrated photographs and personal data of 8,000 children from 18 London nurseries. The U.S. Treasury Department lost access to 3,000 unclassified files in December 2024 through a compromised third-party vendor. The UK’s National Cyber Security Centre recorded a 3-fold increase in nationally significant cyberattacks in 2024 alone, classifying China, Russia, Iran, and North Korea as “real and enduring threats.”
Interpol’s Operation Serengeti 2.0 arrested 1,200 alleged cybercriminals across 18 countries in August 2025 and recovered nearly $100 million. The arrests did not reduce the incident volume in subsequent months.
The Uncomfortable Conclusion
Twenty years of CSIS documentation establishes 1 consistent finding: the rate of significant cyberattacks increases every year. The tools evolve. From early SCADA malware and DDoS campaigns to AI-assisted spear phishing, supply chain attacks, and OAuth token exploitation. The targets expand. The losses grow larger. The $1.5 billion ByBit theft in February 2025 would have been unimaginable in scale in 2006. The 2025 Jaguar Land Rover attack, estimated at £1.9 billion in damages, represents the most economically destructive cyber event in UK history.
Digital security is not a solved problem with occasional failures. It is an unsolved problem with occasional successes.
Every organisation connected to the internet operates inside an active threat environment documented continuously since 2006, and the document is still being updated.
Cyber threats are evolving faster than most organisations track. Subscribe to The IT Horizon newsletter. We monitor the threat landscape, break down major incidents, and cover what every digital citizen and organisation needs to know to stay one step ahead.
