provocativo_

// incident archive

Cyber attacks that changed the internet

Twelve hand-researched post-mortems on the breaches, worms, and state operations that shaped the security industry. Each entry: who, when, how, what broke, and what we learned. Privacy is not a hobby — these are the receipts.

Nation-state · 2010Stuxnet
Diagram showing how Stuxnet intercepts Step7 communications to modify Siemens PLC code while reporting normal status to operators.
// featured·2010·Nation-stateCatastrophic

Stuxnet

A surgical worm jointly developed by US and Israeli intelligence sabotaged centrifuges at Iran's Natanz uranium enrichment facility, destroying an estimated 1,000 IR-1 centrifuges by spinning them outside design tolerances while reporting normal readings to operators. It was the first malware to cause physical destruction.

read the full post-mortem
decade:
category:

showing 11 of 11 incidents · sorted newest first

Data Breach · 2023MOVEit / Cl0p
Conceptual diagram of a SQL injection attack — the vulnerability class exploited in the MOVEit Transfer breach.
·Data BreachGlobal

MOVEit / Cl0p

One SQL-injection zero-day, 2,700 organisations, 95 million people.

read post-mortem →
Ransomware · 2021Colonial Pipeline
Map of the Colonial Pipeline system carrying refined petroleum products from Texas to New Jersey.
·RansomwareNational

Colonial Pipeline

One stolen VPN password took the largest US fuel pipeline offline.

read post-mortem →
Supply Chain · 2020SolarWinds / SUNBURST
SolarWinds corporate logo.
·Supply ChainCatastrophic

SolarWinds / SUNBURST

Russian intelligence trojanised a single software update — and walked through every door it touched.

read post-mortem →
Ransomware · 2017WannaCry
WannaCry ransom note (Wana Decrypt0r) demanding $300 in Bitcoin in exchange for file decryption, with countdown timers.
·RansomwareGlobal

WannaCry

A leaked NSA exploit met a vulnerable internet and ate hospitals for breakfast.

read post-mortem →
Wiper · 2017NotPetya
The NotPetya / Petya bootloader ransom screen demanding $300 in Bitcoin after the wiper had already destroyed the master file table.
·WiperCatastrophic

NotPetya

The most expensive cyber attack in history — and it was never really ransomware.

read post-mortem →
Data Breach · 2017Equifax
Equifax corporate logo.
·Data BreachNational

Equifax

An unpatched Apache Struts server exposed the credit history of half of America.

read post-mortem →
Data Breach · 2016Yahoo Breaches
Yahoo! corporate logo.
·Data BreachGlobal

Yahoo Breaches

Three billion accounts — every Yahoo user who ever existed.

read post-mortem →
Nation-state · 2015OPM Background-Check Breach
Theodore Roosevelt Federal Building in Washington, DC — headquarters of the US Office of Personnel Management.
·Nation-stateCatastrophic

OPM Background-Check Breach

China obtained the security-clearance file on every cleared American.

read post-mortem →
Wiper · 2014Sony Pictures Hack
Sony Pictures Plaza building in Culver City, California — the corporate headquarters of Sony Pictures Entertainment.
·WiperNational

Sony Pictures Hack

A hermit-kingdom intelligence agency took down a Hollywood studio over a comedy film.

read post-mortem →
Worm · 2000ILOVEYOU
Source code of the ILOVEYOU worm, written in Visual Basic Script.
·WormGlobal

ILOVEYOU

A four-line subject changed how the world thought about email attachments.

read post-mortem →
Worm · 1988The Morris Worm
Floppy disk containing the source code of the Morris Worm, on display at the Computer History Museum.
·WormGlobal

The Morris Worm

The first internet worm — and the wake-up call that birthed the security industry.

read post-mortem →

// next

Stop reading. Start practising.

Every incident in this archive started with a single mistake — an unpatched server, a reused password, a phishing email opened on autopilot. Run the labs to feel the attacker's side. Read the writeups to feel the defender's.

run the labs →read the writeups →