Student Name: K.A.S.D.

Athapaththu
Student ID: 35417
Course Name: CS - PLY
Acknowledgement
I would like to express my sincere gratitude to my
lecturer,for their guidance and support during the
completion of this assignment. Their
encouragement and clear instruction helped me
better understand the subject of cybersecurity. I
also appreciate the contribution of various credible
sources and researchers who provided detailed
insights into real
-world cyber incidents. This report
is the result of learning from their experiences and
case studies.
Table of Contents
1. Introduction ……………………………………. 1
2. Case Studies of Major Cyberattacks …………... 2
2.1 Operation Shady RAT …………………... 3
2.2 Sony Pictures Hack ………………………4
2.3 NotPetya Cyberattack ……………………5
2.4 Target Corporation Breach……………….6
2.5 Australian Parliament Network Breach ….7
3. Conclusion ……………………………………...8
4. References ………………………………………9
1. Introduction
In today's digital world, cyberattacks have become one of the most
common and severe threats to organizations, governments, and
individuals. These attacks not only lead to financial loss but can also
damage reputations, expose sensitive information, and even
destabilize political structures. Every cyberattack exploits
vulnerabilitieseither technical, human, or both
and usually impacts
at least one of the three foundational pillars of cybersecurity:
Confidentiality, Integrity, and Availability (known as the CIA triad).

This report explores five major cyberattacks that occurred in recent

history. Each case has been selected to highlight different
motivations, actors, vulnerabilities, and consequences. From- state
sponsored espionage to financially motivated breaches, these case
studies aim to provide a deep understanding of the evolving cyber
threat landscape.
2. Case Studies of Major
Cyberattacks
2.1 Operation Shady RAT (2006–2011)

➢ Targeted Entity: Over 70 organizations, including governments,

defense contractors, international bodies, and private sector
companies
➢ Attacker: Suspected Chinese state-sponsored hacking group
➢ Motivation: Cyber espionage—stealing intellectual property,
government secrets, and strategic information.
➢ Vulnerabilities & Exploitation: The attack was executed using
spear-phishing emails containing malicious links. When opened,
these links installed Remote Access Tools (RATs) on victims'
machines, giving attackers long-term access. Many systems
remained compromised for months or years without detection ➢
CIA Principles Violated:
❖ Confidentiality: Sensitive state and corporate data were
stolen.
❖ Integrity: While direct data alteration wasn’t a focus, long-
term unauthorized access posed serious integrity risks.
❖ Availability: The persistent backdoor access allowed ongoing
data extraction, which could lead to service disruption all the
time.

2.2 Sony Pictures Hack (2014)

➢ Targeted Entity: Sony Pictures Entertainment.

➢ Attacker: Lazarus Group, believed to be backed by North
Korea.
➢ Motivation: Political retaliation for the release of “The
Interview,” a satirical film mocking North Korean
leadership.
➢ Vulnerabilities & Exploitation: Attackers used phishing
emails and poor password hygiene to breach Sony’s network.
Once inside, they deployed the “Destover” malware to wipe
data, steal confidential information, and leak unreleased
films and employee emails.
➢ CIA Principles Violated:
❖ Confidentiality: Sensitive internal emails, personal
employee data, and unreleased movies were leaked
online.
❖ Integrity: Data was deleted and systems were
corrupted.
❖ Availability: Key services were shut down, and internal
systems were rendered inoperable for weeks.

2.3 NotPetya Cyberattack (2017)

➢ Targeted Entity: Ukrainian government agencies and

international corporations (e.g., Maersk, Merck, Rosneft).
Attacker: Sandworm group, linked to Russian military
intelligence.
➢ Motivation: Political sabotage disguised as ransomware.
➢ Vulnerabilities & Exploitation: NotPetya spread through a
compromised Ukrainian accounting software, MeDoc. It used
EternalBlue and other NSA-leaked exploits to spread rapidly
across networks. Unlike traditional ransomware, it irreversibly
wiped data.
➢ CIA Principles Violated:
❖ Availability: Thousands of systems were wiped and made
unusable.
❖ Integrity: Data and system configurations were
permanently damaged.
❖ Confidentiality: Not a primary target in this attack,
though some information may have been collected.
2.4 Target Corporation Breach (2013)

➢ Targeted Entity: Target Corporation, one of the largest U.S.

retailers.
➢ Attacker: Cybercriminals from Eastern Europe (group not
publicly identified).
➢ Motivation: Financial gain through credit/debit card fraud.
➢ Vulnerabilities & Exploitation: Attackers gained access via a
third-party HVAC contractor using stolen credentials. After
moving laterally across the network, they installed malware on
point-of-sale (POS) terminals to collect customer payment card
data.
➢ CIA Principles Violated:
❖ Confidentiality: 40 million credit and debit card records
were stolen.
❖ Integrity: POS systems were manipulated to harvest card
data.
❖ Availability: Minimal system downtime, but massive
reputational damage and financial impact.
2.5 Australian Parliament Network Breach
(2019)

➢ Targeted Entity: Australian Federal Parliament.

➢ Attacker: Suspected Advanced Persistent Threat group
(possibly APT10), linked to China.
➢ Motivation: Intelligence gathering for geopolitical
advantage, particularly regarding 5G and trade policies.
➢ Vulnerabilities & Exploitation: The attackers used
phishing campaigns to steal credentials and exploited
unknown software vulnerabilities (zero-days). They
gained access to internal networks, including
parliamentary emails and files.
➢ CIA Principles Violated:
❖ Confidentiality: Emails and documents containing
sensitive political data were accessed.
❖ Integrity: There was a risk of manipulation of official
communications.
❖ Availability: Systems were taken offline temporarily
for forensic investigations and security upgrades

3. Conclusion
These five case studies demonstrate the diverse range of
cyberattacks and the severe implications they can have on
national security, business operations, and personal privacy.
While motivations vary ,from political retaliation and
espionage to financial theft,the common thread is the
exploitation of overlooked or weak security practices.

The good side of these events is that they have sparked

global conversations around cybersecurity. Organizations are
now more aware of the importance of multi-layered security,
employee training, timely software updates, and strong
password policies. Governments have also invested more in
national cybersecurity strategies.

On the negative side, these incidents show that even the

most powerful institutions can be vulnerable. They expose
how interconnected and fragile the digital ecosystem has
become. The line between warfare and cyberwarfare is
increasingly blurred, raising ethical and legal concerns
worldwide.

Ultimately, the lessons learned from these attacks must be

applied continuously to build safer and more resilient digital
infrastructures.
4. References

✓ Alperovitch, D. (2011). *Revealed: Operation Shady RAT*.

McAfee. Available at:
https://www.mcafee.com/blogs/otherblogs/mcafee-labs/operatio
n-shady-rat/
✓ Greenberg, A. (2018). *The Untold Story of NotPetya, the
Most Devastating Cyberattack in History*. Wired. Available at:
https://www.wired.com/story/notpetya-cyberattackukraine-
russia-code-crashed-the-world/
✓ Perlroth, N. (2021). *This Is How They Tell Me the World
Ends*. Bloomsbury Publishing.
✓ Krebs, B. (2014). *Target Hackers Broke in Via HVAC
Company*. Krebs on Security. Available at:
https://krebsonsecurity.com/2014/02/target-hackers-broke-
invia-hvac-company/
✓ Australian Cyber Security Centre. (2019). *Parliamentary
Network Incident Report*. Available at:
https://www.cyber.gov.au/reporting/news/australianparliament-
network-incident