New Entries in the CFR Cyber Operations Tracker: Q4 2022

This blog post was coauthored by Kyle Fendorf, research associate for the Digital and Cyberspace Policy program.

Srishti Khemka, intern for the Digital and Cyberspace program, oversaw data collection and uploaded new entries.

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between October and December 2022.

Here are some highlights:

• Ocean Lotus, a Vietnamese threat actor, used three zero-day exploits in a campaign against Chinese users in December 2022. The attacks were at least partly aimed at growing the group’s Torii botnet.
• Russian-sponsored group APT 28 infiltrated the networks of a U.S. satellite communications provider although the depth of their intrusion was difficult to determine.
• Chinese threat actor APT 41 targeted the U.S. Small Business Administration and stole at least $20 million in U.S. COVID relief funds in 2021. It was unclear if the hackers were acting for personal gain or at the behest of a government agency.

Edits to Old Entries

APT 41. Added Earth Longzhi as an alias.

APT 37. Added ScarCruft as an alias.

Mustang Panda. Added RedDelta as an alias.

Targeting of Vatican City computer networks. Added Mustang Panda under affiliations. Deleted RedDelta from affiliations.

New Entries

Targeting of Ukrainian government agencies (8/11)

Targeting of governments in the Middle East and Africa (9/29)

Targeting of Mexican journalists and human rights defenders (10/2)

Targeting of medical professionals (10/4)

Targeting of Myanmar government agencies (10/6)

Targeting of Sri Lankan government (10/12)

Targeting of Japanese crypto-asset businesses (10/14)

Targeting of companies in Hong Kong (10/18)

Targeting of Iranian citizens (10/20)

Targeting of Uyghur populations (11/10)

Targeting of Polish and Ukrainian transportation companies (11/10)

Targeting of Uyghur communities (11/10)

Targeting of Asian government agencies and certificate authorities (11/15)

Targeting of U.S. federal agency (11/21)

Targeting of Asian and Australian governments and government partners (11/18)

Targeting of the Pakistani government (11/23)

Targeting of Ukrainian local government organization (11/26)

Targeting of Chinese users with three zero days (12/2)

Targeting of U.S. COVID relief funds (12/5)

Targeting of activists at Human Rights Watch, journalists, and politicians (12/5)

Targeting of the Burmese government and passport storage systems (12/5)

Targeting of users of cryptocurrency applications (12/5)

Targeting of Citrix Systems software (12/5)

Targeting of Amnesty International Canada (12/5)

Targeting of South Korean individuals and organizations with fake Itaewon disaster documents (12/7)

Targeting of U.S. satellite network (12/16)

Targeting of European government trade departments (12/23)

Targeting of non-fungible token (NFT) owners (12/24)