- A collection of companies that disclose adversary TTPs after they have been breached
- Useful for analysis of intrusions launched by adversaries with measurable effects and impact
| Organization | Breach Date | Adversary | Source |
|---|---|---|---|
| MITRE | April 2024 | UTA0178/UNC5325 (CN APT) | MITRE Blog / (archived) |
| Microsoft | January 2024 | CozyBear (RU APT) | microsoft.com (1), microsoft.com (2) / (archived) |
| Mandiant | January 2024 | CLICKSINK | mandiant.com / (archived) |
| Nissan Australia | December 2023 | Akira | nissan.com.au / (archived) |
| Cloudflare | November 2023 | Unknown | cloudflare.com (1), cloudflare.com (2) / (archived) |
| Boeing | November 2023 | LockBit | cisa.gov / (archived) |
| British Library | October 2023 | Rhysida | bl.uk / (archived) |
| BeyondTrust | October 2023 | Unknown | beyondtrust.com / (archived) |
| Okta | October 2023 | Unknown | sec.okta.com / (archived) |
| BHI Energy | October 2023 | Akira | documentcloud.org / (archived) |
| D-Link | October 2023 | "succumb" | dlink.com / (archived) |
| Kroll | August 2023 | Unknown | kroll.com / (archived) |
| Microsoft | July 2023 | Storm-0558 (CN APT) | microsoft.com / (archived) |
| JumpCloud | July 2023 | UNC4899 (DPRK APT) | jumpcloud.com / (archived) |
| Dragos | May 2023 | "KyivWarrior" | dragos.com / (archived) |
| 3CX | March 2023 | UNC4736 (DPRK APT) | mandiant.com / (archived) |
| Coinbase | February 2023 | 0ktapus (suspected) | coinbase.com / (archived) |
| February 2023 | 0ktapus (suspected) | reddit.com / (archived) | |
| CircleCI | January 2023 | Jade Sleet (DPRK APT) | circleci.com / (archived) |
| LastPass | October 2022 | Unknown | blog.lastpass.com / (archived) |
| Uber | September 2022 | Lapsus$ (suspected) | uber.com / (archived) |
| Okta | August 2022 | 0ktapus | sec.okta.com / (archived) |
| Twilio | August 2022 | 0ktapus | twilio.com / (archived) |
| Cisco | May 2022 | Yanluowang | blog.talosintelligence.com / (archived) |
| GitHub | April 2022 | Unknown | github.blog / (archived) |
| Okta | April 2022 | Lapsus$ | okta.com / (archived) |
| Microsoft | March 2022 | Lapsus$ | microsoft.com / (archived) |
| Gloucester Council | November 2021 | Conti | democracy.gloucester.gov.uk / (archived) |
| Kaseya | July 2021 | REvil | helpdesk.kaseya.com / (archived) |
| Viasat KA-SAT | February 2022 | Sandworm (RU APT) | news.viasat.com / (archived) |
| Irish HSE | May 2021 | Conti | hse.ie / (archived) |
| Microsoft | February 2021 | CozyBear (RU APT) | msrc.microsoft.com / archived |
| New Zealand Reserve Bank | January 2021 | FIN11 | rbnz.govt.nz / (archived) |
| FireEye | December 2020 | CozyBear (RU APT) | fireeye.com / (archived) |
| SolarWinds | December 2020 | CozyBear (RU APT) | solarwinds.com / (archived) |
| Equinix | September 2020 | Netwalker | datacenterdynamics.com / (archived) |
| CapitalOne | July 2019 | "ERRAT1C" (aka Paige Thompson) | capitalone.com / (archived) |
| Avast/CCleaner | September 2016 | WickedPanda (CN APT) | blog.avast,com / (archived) |
| Kaspersky | June 2015 | Duqu 2.0 | kaspersky.com / (archived) |
| RSA | April 2011 | CN APT | (archived) |