Cyber attacks on companies in the United States

Main article: Cybercrime and cyber conflicts: USA

2025

For 9 months, hackers "sat" on the network of the American manufacturer of communication equipment for governments Ribbon Communications. A lot of secret files stolen

At the end of October 2025, the American telecommunications company Ribbon Communications announced a hack of its IT infrastructure. Cybercriminals have been secretly on Ribbon systems for nine months, with access to a host of classified files. Read more here

Hackers hacked into the American information security company F5 and stole the source of the products

Hackers hacked into the systems of the American cybersecurity company F5 and stole the source code of BIG-IP products along with information about hidden vulnerabilities. The company announced this in mid-October 2025 on the MyF5 portal. The incident itself occurred in August 2025. Read more here.

Hackers hacked into Red Hat's GitLab server and stole 570GB of software source

Red Hat has confirmed the hacking of the organization's internal GitLab server. The Crimson Collective ransomware group claims to have stolen almost 570 gigabytes of data from 28,000 internal development repositories. The incident affected a copy of GitLab used exclusively for Red Hat Consulting projects. This became known on October 3, 2025. Read more here.

Hackers attack U.S. industrials using fake nondisclosure agreements. Scheme

Cybercriminals have launched a massive social engineering campaign against American industrial enterprises in critical global supply chains. Attackers use malicious MixShell software, which functions exclusively in the RAM of infected devices and allows hackers to act unnoticed by security systems. The discovery of a new attack scheme was reported by Check Point Research experts in August 2025.

According to The Hacker News, the cyber attack is codenamed ZipLine and differs from traditional phishing campaigns in a more sophisticated approach. Hackers have abandoned the mass distribution of emails in favor of a personalized approach to each potential victim.

Hackers Attack U.S. Industrial Facilities Using Fake NDAs

The attack scheme begins with the use of the Contact Us form on the official websites of target companies. Criminals initiate business correspondence with employees of enterprises, building trusting relationships for several weeks. Communication is carried out professionally and is supported by fake non-disclosure agreements and other formal documents.

After establishing trust, attackers send the victim a ZIP archive containing the malicious MixShell component. A key feature of this virus is to work exclusively in the computer's RAM without saving files on the hard drive. This approach makes it difficult to detect threats from traditional antivirus systems.

After a successful infection, cybercriminals gain remote access to the victim's computer systems. Controlling infrastructure allows hackers to use compromised machines to further spread attack, industrial espionage or steal sensitive data.^[1]

Insurance company Allianz hacked

In mid-August 2025, it became known that cybercriminals hacked the American company Allianz Life Insurance Company of North America (Allianz Life), which specializes in life insurance. During the hacker invasion, the personal data of almost all customers was stolen. Read more here

Hackers hacked American departments and companies around the world

Cybercriminals have exploited a critical vulnerability in Microsoft SharePoint server software and launched a massive attack on government agencies and corporations around the world. The hacks affected U.S. federal agencies, universities, energy companies and an Asian telecommunications firm. The attack was identified in July 2025. Read more here

United Natural Foods, the largest food supplier in the United States, admitted losses of $400 million due to a cyber attack

At the end of July 2025, it became known that the losses of the largest USA food supplier United Natural Foods Inc. (UNFI) as a result of the massive cyber attacks amounted to from $350 million to $400 million. Due to the incident, the company had to disable some computer systems, which made it difficult to deliver goods to customers. More here

Household appliance maker Presto halts factories over cyber attack

National Presto Industries, a Presto-branded appliance company, was hit by a cyber attack that forced factories to stop. The notification of the hacker invasion of National Presto Industries (owns the Presto brand) in early March 2025 was sent to the US Securities and Exchange Commission (SEC). Read more here.

2024

US chip maker [Microchip Technology plants shutdown over cyber attack

In mid-August 2024, the American chipmaker Microchip Technology fell victim to a cyber attack that affected the work of a number of the company's production facilities. It is known that on August 17, the company discovered suspicious activity in its IT systems, and on August 19 it revealed a number of violations in server service and business operations. In response to the cyber attack, Microchip isolated the affected systems, and turned off some of them completely, which led to a shutdown of the chipmaker's enterprises. The company has brought in external cybersecurity consultants to investigate. Read more here.

AT&T paid hackers $370,000 to delete stolen data from all customers

In mid-July 2024, it became known that the American telecommunications company AT&T paid hackers over $300,000 to delete stolen meta-data of calls and customer messages. As evidence of the operation, the hackers provided the company with a special video. Read more here.

World's largest maker of warehouse loaders Crown Equipment shut down all IT systems after cyber attack

At the end of June 2024, the world's largest forklift manufacturer Crown Equipment confirmed that in early June it had to shut down all IT systems after a cyber attack that disrupted production at factories. Read more here

One of the largest cyber attacks on the United States was recorded: Hackers remotely flashed and took control of 600 thousand routers

At the end of May 2024, data were published on one of the largest cyber attacks in the United States. Between October 25 and October 27, 2023, hackers using a malicious botnet called Pumpkin Eclipse remotely flashed and took control of 600,000 Internet routers in offices and at home. Read more here.

Cyber ​ ​ attacks hit the American hotel company Omni Hotels. Electronic locks, booking and payment systems disabled

On April 1, 2024, the American hotel chain Omni Hotels & Resorts, which operates 50 facilities in the United States and Canada, reported a massive cyber attack on its IT infrastructure. The hacker invasion disrupted the work of electronic locks, booking systems and payment services. Read more here.

2023

Hackers hacked Boeing IT systems and posted secret documents on the Internet

On November 10, 2023, the cybercriminal group Lockbit posted on the Internet secret documents of Boeing, one of the world's largest manufacturers of aviation, space and military equipment. The released data was stolen as a result of the introduction of a ransomware program into Boeing's IT infrastructure. Read more here.

Casino operator Caesars paid hackers $15 million after hacking

On September 7, 2023, the American casino and hotel operator Caesars Entertainment reported a large-scale cyber attack on its computer infrastructure, as a result of which a large amount of customer information was stolen. The company paid hackers about $15 million - half of that amount. Read more here.

In Las Vegas and several US states, hackers disabled slot machines

On September 12, 2023, the American casino operator MGM Resorts International reported a large-scale cyber attack on its information infrastructure, as a result of which slot machines throughout the United States were disabled. Read more here.

The world's largest manufacturer of pleasure craft Brunswick admitted to losing $85 million due to a hacker attack

Brunswick Corporation, the world's largest manufacturer of pleasure craft, disclosed the damage from a serious cyber attack in early August 2023. The hacker invasion became known in June 2023. It is said that the attackers caused damage in the amount of approximately $85 million. Read more here.

American cosmetics manufacturer Estee Lauder reported a cyber attack that paralyzed the company

On July 18, 2023, the American cosmetics manufacturer Estee Lauder announced a hacker invasion, as a result of which the company's information infrastructure was paralyzed. Read more here.

Western Digital powerless before cyber attack: The company's services have been lying for a week

On April 7, 2023, Western Digital offered customers a workaround to access their files stored on the My Cloud cloud service. Serious problems in the operation of this platform arose after a cyber attack, the consequences of which the company could not eliminate even after a week. Read more here.

Western Digital confirms hacking of its IT systems and business disruption over it

On April 3, 2023, Western Digital announced that its information infrastructure had been hacked. Unknown attackers committed a cyber attack, as a result of which some Western Digital systems were damaged, and certain business operations were disrupted. Read more here.

The IT systems of thousands of companies around the world have been hacked due to a cyber attack on a corporate telephony provider 3CX

On March 29, 2023, it became known about a large-scale cyber attack through the supply chain related to the 3SKh VoIP telephony system. The IT systems of thousands of companies around the world are at risk. Read more here.

Largest group of ransomware hackers hacked into computers of key contractor SpaceX

In mid-March 2023, the cybercriminal group LockBit announced IT infrastructures the hacking of Maximum Industries, which is said to be a contractor for a private aerospace corporation. SpaceX Elona Musk More. here

One of the largest web hosting operators GoDaddy stole source codes as a result of a long-term cyber attack

On February 16, 2023, GoDaddy, one of the largest web hosting operators in the United States, reported a cyber attack that lasted several years. During the hack, the attackers, in particular, managed to steal the source codes of the platform. Read more here.

US fast food chain Chick-fil-A has customer accounts hacked

In early January 2023, the popular American fast food chain Chick-fil-A was hacked. Customers of the company complained about the theft of money and other fraudulent actions in their accounts. For example, a Georgia resident reported swindlers using her mobile app to buy food in Maryland, according to WSB-TV. Hackers hacked into its software and spent hundreds of dollars from a personal account, ordering half of the Chick-fil-A menu. Read more here.

Bay Area Rapid Transit (BART) cyber attack

On January 6, 2023, the Vice Society cybercriminal group announced the hacking of the Bay Area Rapid Transit (BART) computer infrastructure, one of the largest high-speed electric train systems in the United States. Read more here.

2022

Hacking of dispatching software and receiving bribes from taxi drivers for a place in line at a New York airport

On December 20, 2022, the US Department of Justice (DOJ) announced the arrest of two men from Queens (New York City area) for allegedly conspiring with Russian hackers to hack into the taxi control system at John F. Kennedy International Airport. Read more here.

FBI: Hackers send state-owned companies USB flash drives with viruses

In early January 2022, the US Federal Bureau of Investigation warned that hackers were mailing malicious USB drives to public and private companies in the hope that recipients would use the devices and thereby infect internal networks. This has been happening with impunity since at least August 2021.

According to ZDNet, the hacker team was FIN7 involved in the spread of malicious devices under the guise of a gift that it sent to various companies by mail. Attackers sent two different types of gifts to different companies. The US Federal Bureau of Investigation (FBI) reports that the first statements about strange parcels were received from a logistics, transport and defense company.

The first package was a letter with a USB drive from the allegedly Department of Health or US Social Security. Hackers motivated employees to connect the device to a computer using the text of a letter stating that the drive contains useful information on countering the spread of coronavirus infection (COVID-19). The second parcel was sent on behalf of Amazon, complete with a decorative gift box, with a letter of thanks or receiving an impressive bonus when performing further procurement operations on the Internet platform.

It's like evolution, only in the opposite direction... At a time when attacks are carried out using third-party software components and open source software, this looks like a step back to a bygone era when the start of an attack depended on human error or event. It could have been an attempt to cash in on lowering the level of defense when everyone is talking about more difficult attacks. Regardless, it demonstrated that attackers will not ignore any path to your wallet, "said Purandar Das, co-founder and CEO of Sotero.

In both of these cases, company employees and their management were simply misled, because of which the latter connected malicious flash drives to personal computers or laptops. The packages were shipped using the United States Postal Service and United Parcel Service. Both options contained LilyGO-branded USB drives that, when connected to the device, carry out a BadUSB attack and infect the victim's computer with malicious software (software) that gives hackers access to the company's internal network.

The BadUSB attack involves exploiting a vulnerability in the USB firmware that allows it to act as a device with a human-computer interface and inject malware. Having gained access through an attack, hackers FIN7 then use various malicious tools to inject ransomware viruses, including Metasploit, Cobalt Strike, PowerShell scripts, Carbanak, Griffon, Diceloader and Titian.^[2]

2021

Ransomware Viruses Attack U.S. Water and Sewer Systems

In mid-October 2021, in a new recommendation, the US Cybersecurity and Infrastructure Protection Agency (CISA) warned operators of the country's water supply and sanitation systems about many cyber threats aimed at disrupting their work. The cybersecurity company Dragos, in conjunction with CISA, the FBI, the NSA and the United States Environmental Protection Agency (EPA), has compiled a list of cyber threats aimed at the information and operating technologies underlying the networks, systems and devices of water supply and sewerage facilities in the United States.

The notification, targeted phishing, names one of the most common methods used by cybercriminals and nation states to gain access to water systems, and explains that it is often used to deliver malware, including ransomware viruses. CISA added that since IT and OT systems are often integrated with each other, access to one of them automatically gives attackers access to the other.

CISA also mentioned the operation of Internet-connected services, such as the Remote Desktop Protocol (RDP), as another tool used to attack water systems. According to information security experts, many water system operators use RDP and other tools to remotely access systems, which makes them vulnerable to outdated operating systems (OS) or software (software).

The notice lists several attacks, including one in August 2021, during which a ransomware virus program called Ghost was implemented on a facility in California. The attackers spent a month inside the system, after which they posted their ransom message on three dispatch control and data collection servers. In July 2021, a ransomware virus attack called ZuCaNo damaged a sewage treatment facility in Maine located in the northeastern United States. In September 2020, the Makop ransomware virus hit a facility in New Jersey, and in March 2019, an attempt was made to threaten drinking water in a Kansas city.

CISA has listed a number of factors that operators should look out for, including the inability to access certain system controls such as dispatch control and data collection (SCADA), unfamiliar data windows or system alerts, abnormal operating parameters, and more. The service called on water bodies to strengthen security controls around RDP and implement robust network segmentation between IT and OT networks. All facilities must have an emergency response plan and take into account the wide range of consequences that a cyber attack can have on the functioning of systems. CISA noted that there should also be systems that physically prevent certain dangerous conditions from occurring even in the event of a system seizure.

Water Infrastructure Incident Response Specialist from cyber security firm Critical Insight, Bjorn Townsend, said alerts like this indicate CISA has specific evidence that threat actors are trying to intervene in our water systems on an ongoing basis and the service is trying to alert water system operators to this fact.

According to Bjorn Townsend, water systems often face a lack of resources, both in terms of management and TECont, and even a lack of investment in regular software and hardware updates for industrial control networks in these systems. Another problem is the lack of cooperation between water system operators and municipal IT specialists. Funding shortages are often the biggest challenge facing operators, as many organizations are limited to just the number of people who can perform these routine tasks. Their available staff are usually close to the minimum number required to respond to support requests.^[3]

FBI: Attacks by ransomware viruses hit food and agricultural companies

On September 1, 2021, the FBI sent out a notice warning food and agriculture companies to beware of ransomware attacks. Read more here.

The White House intends to strengthen the cybersecurity of energy companies in the United States

The authorities of the United States of America intend to strengthen the cybersecurity of the energy system in the country. The so-called "action plan" of the administration of US President Joe Biden is designed to stimulate energy companies to radically change the way they protect themselves from cyber attacks by installing sophisticated new monitoring equipment and faster detection of hacks^[4].

According to a 6-page draft of the US National Security Council plan at the disposal of Bloomberg News journalists, utilities will need to identify critical sites that, if attacked, could have an undue impact on the network.

The plan would also expand the U.S. Department of Energy's partially classified program to identify vulnerabilities in power system components that could be exploited by the country's cyber adversaries, including Russia, Iran and China.

The plan marks the first step in a wide-ranging program to protect utilities from cyber attacks that put millions at risk of being left without electricity, water or gas. According to a source of the news agency, the final version of the plan may be presented this week.

The head of the FBI asked private companies to report hacker attacks

When American companies become aware that they have been attacked by cybercriminals or government-funded hackers, they must report it to the authorities and provide them with all the necessary information that can help the government better contain attacks by so-called "state" hackers. This was announced by FBI Director Christopher Wray, speaking to the US Congress. ^[5].

According to Ray, the correct behavior of companies that are victims of cyber attacks will help the government develop a kind of early warning system for attacks by foreign hackers conducting large-scale cyber operations against many American companies and government agencies. FBI explained, it is very important to identify the organization that became the first victim in a series of cyber attacks by foreign hackers so that the threat can be prevented from spreading further.

Hacking 60,000 companies due to vulnerability in Microsoft Exchange Server

In March 2021, it became known about the hacking of computer systems of at least 60 thousand companies in different countries due to a vulnerability in Microsoft Exchange Server software. Read more here.

2020

Hacker attack on FireEye, theft of information security tools from the company

In December 2020, FireEye reported cyber attacks on the company. The maker of cybersecurity solutions believes government-sponsored hackers are behind the attack. FireEye has a lot of government contracts related to ensuring the national security of the United States and allied countries, Reuters notes. Read more here.

"Almost certainly it was the Russian intelligence services"

"Almost certainly it was the Russian special services":, and USA Canada Great Britain declare that the Russian "commit hackers to cyber attacks organizations related to the search for a vaccine against." coronavirus

A July 2020 publication published by the UK's National Cyber ​ ​ Security Center (NCSC) talks about attacks on organizations looking for a vaccine against COVID-19. The attacks are attributed to hacker group APT29, also known as Cozy Bear, which they claim "almost certainly" works for Russian intelligence agencies.

"APT29's campaign of malicious action continues. The actions are directed mainly against government, diplomatic, analytical, medical and energy facilities. Their likely target is the theft of valuable intellectual property, "the press release said. "With a probability of more than 95%" this group is associated with the Russian special services, the special services say.

"The group uses a variety of tools and techniques, including phishing and malware known as WellMess and WellMail," it said. The statement also mentions that before that Cozy Bear was not associated with these programs,

Earlier today, a statement by the country's Foreign Ministry appeared on the website of the British Parliament that Russia "almost certainly" interfered in the 2019 parliamentary elections: "Although we have no evidence, we consider interference unacceptable," Dominic Raab said in a statement. Here you can also find already familiar "high likes," "this is unacceptable!" and "we leave the right to retaliate."

The Kremlin commented on the accusations: "We do not have information on who could hack pharmaceutical companies and research centers in the UK. We can say one thing - Russia has nothing to do with these attempts, "said Dmitry Peskov, press secretary of the Russian president. The Russian Foreign Ministry also called these accusations unfounded

Ransomware virus attacked American gas pipeline operator and interrupted its operation

In mid-February 2020, it became known that the ransomware virus attacked the American gas pipeline operator and interrupted the compression plant. The date of the attack has not been announced, but technical recommendations are being given for other critical infrastructure operators to take appropriate precautions. Read more here.

2019

Cyber ​ ​ attacks on the aircraft maintenance system in Alaska

In late December 2019, RavnAir canceled nearly 20 flights in Alaska at the height of holiday Christmas travel. The reason was a cyber attack on the aircraft maintenance system. Read more here.

Medium and small businesses in the United States do not believe in the severity of cyber threats

The American SMB segment not only does not believe in the seriousness of the cyber threat, but also does not have any means to prevent the attack. A study conducted by industry experts showed that top managers of non-large enterprises do not even have any idea how to start preventing information security incidents^[6].

Viruses began to attack commercial ships

In July 2019, the U.S. Coast Guard issued two warnings highlighting the issue of cybersecurity on commercial marine vessels affected by viruses. Several ships were victims of email phishing due to many vulnerabilities in onboard systems.

The attackers presented themselves as official authorities of the US port and sent malware designed to hack on-board computer systems. The Coast Guard alerted stakeholders to the ongoing attacks but did not elaborate or provide any copies or hash files.

A second warning was sent out following an incident in February 2019 during an international flight. New York The vessel, bound for, said it was facing a serious one affecting cyber attack the on-board network of computers. A subsequent investigation by the Coast Guard and other agencies found that "while the malicious ON significantly impaired the functionality of the onboard system, the ship's main control systems were not affected." However, the interagency response team found the vessel lacked effective cybersecurity measures, leaving critical control systems vulnerable to hackers.

As a result of the incident, the Coast Guard also issued recommendations on cybersecurity. They include network segmentation and installation of antivirus software with timely updates. Given the growing reliance of ships on electronic mapping and navigation systems, protecting them with proper cybersecurity measures is as important as controlling physical access to a ship or performing routine maintenance.^[7]

2011: Attacks on 760 US organisations

In 2011, 760 American organizations reported hacker attacks, including consulting an audit company, PriceWaterhouseCoopers banks Wells Fargo and, Citigroup an online store, Amazon IT giants,,,,, and IBM. Intel Yahoo Cisco Google Facebook Microsoft

Over the years of the existence of the global network, the US has lost $400 billion from the actions of hackers.

The Barack Obama administration is seriously tightening the screws in the war on botnets, in particular, to neutralize infected PC networks, suggesting cooperation with private companies. According to Howard Schmidt, the White House cyber security officer, one in ten Americans has malicious code on their PC or mobile device.

Speaking to an audience of officials and business representatives, Secretary of the US Department of Homeland Security Janet Napolitano presented cyber crime as the "greatest threat" no less than "al-Qaeda and the activities of related groups."

Citing Symantec data, Napolitano outlined a global annual cyber crime turnover of $388 billion: more than the annual turnover of the global market for heroin, cocaine and marijuana combined. "I consider these estimates conservative, since they are based only on the information that Natzbez has," she added.

The White House views botnets as "heavy artillery cyber criminals." Moreover, any attempts to combat botnets are both expensive and require serious coordination between a number of stakeholders, including antivirus manufacturers and operating systems vendors such as Apple and Microsoft.

US Secretary of National Security Janet Napolitano said that cyber aggression is no less terrible than terrorism, and now network attackers around the world earn more than drug dealers

It is not surprising that the industry is expanding the ranks of volunteers to combat botnets. So, at the end of 2011, an alliance of Industry Botnet Group was founded by a number of trade and non-profit organizations. Earlier in March 2011, another expert group called Communications Security, Reliability and Interoperability Council (CSRIC), which provides advice to the US Federal Communications Commission, released the U.S. Anti-Bot Code of Conduct for Internet Service Providers.

Michael O'Reirdan, who heads one of the CSRIC working groups, as well as the Messaging Anti-Abuse Working Group (MAAWG), said that the purpose of such a code was to encourage service providers to solve problems related to botnets. Providers can set this code on a voluntary basis, it is technologically neutral.

Industry Botnet Group and the US Presidential Administration have also jointly prepared nine fundamental principles for combating botnets. In other words, at the moment they have quite common wording ("share responsibility," "approach the solution of the problem globally," "train users," "promote innovation," and so on). No specific examples of their implementation have yet been presented.

Notes