Skip to content
Member Login
Cybersecurity

New Entries in the CFR Cyber Operations Tracker: Q2 2024

An update of the Council on Foreign Relations’ Cyber Operations Tracker for the period between April and June 2024.

By experts and staff

Published

Experts

  • By Adam Segal
    Ira A. Lipman Chair in Emerging Technologies and National Security and Director of the Digital and Cyberspace Policy Program

By

  • Kyle Fendorf
    Research Associate, Digital and Cyberspace Policy

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between April 1, 2024, and June 30, 2024.

A detailed log of the added and modified entries follows. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here

Edits to Old Entries

Sandworm. Added affiliations with online cyber activist personas Xaknet, Cyber Army of Russia Reborn, and Solntsepek. Added update that Sandworm is associated with Telegram accounts which have taken credit for sabotage attacks on critical infrastructure in the U.S., France, and Poland.

Kimusky. Added affiliations. In addition to Thallium and Smoke Screen, also known as Emerald Sleet, TA-406, Sharptongue, Black Banshee, and APT43.   

APT 36. Added that APT 36 has previously been observed targeting South Asian nations with a particular focus on government and military targets in Afghanistan and India.

New Entries

Incidents:

Targeting of telecommunications firms and government agencies in Israel, Turkey, and Africa (4/1)

Targeting of U.S. Departments of Treasury and State, defense contractors, and two New York-based companies (4/23)

Targeting of Czech and German political entities, state institutions, critical infrastructure, and German companies in the logistics, armaments, aerospace, and IT sectors (5/3)

Targeting of Polish government institutions (5/9)

Targeting of Israeli organizations (5/20)

Targeting of governmental organizations in Africa and the Caribbean (5/23)

Targeting of Indian aerospace, defense, and government sectors (5/22)

Targeting of aerospace and defense organizations worldwide (5/28)

Targeting of Ukrainian citizens who were concerned about facing loss of housing in Ukraine (5/30)

Targeting of a high-profile government organization in Southeast Asia (6/5)

Targeting of an unnamed company in East Asia (6/5)

Targeting of TVP, a public service broadcaster in Poland (6/19)

Targeting of Teamviewer, a German-based company that makes widely used remote-access tools for companies (6/27)

Targeting of Google Chrome users in the United States, South Korea, and Europe, particularly those involved in research into North Korean affairs (6/27) 

Actors:

Moonstone Sleet 

UAC-0188

FlyingYeti

Sharp Panda

Storm-842

Velvet Ant

Kyle Fendorf, research associate for the Digital and Cyberspace Policy program and Maya Schmidt, Digital and Cyberspace program intern, oversaw data collection.