Skip to content
Member Login
Cybersecurity

New Entries in the CFR Cyber Operations Tracker: Q3 2021

An update of the Council on Foreign Relations’ Cyber Operations Tracker for the period between July and October 2021. 

Cyber Operations Tracker. Council on Foreign Relations

By experts and staff

Published

Experts

  • By Adam Segal
    Ira A. Lipman Chair in Emerging Technologies and National Security and Director of the Digital and Cyberspace Policy Program

This blog post was coauthored by Kyle Fendorf, research associate for the Digital and Cyberspace Policy program. 

 

Kyle Fendorf, research associate for the Digital and Cyberspace Policy program, oversaw data collection and Jessie Miller, Digital and Cyberspace Policy program intern, uploaded new entries. 

 

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between March and July 2021.  

 

Here are some highlights: 

 

  • In August, Iranian threat actor Charming Kitten used WhatsApp exploits and Android malware to spy on reformist politicians in the country. 

  • Russian hackers launched spearphishing attacks against Slovakian diplomats by posing as the Slovakian National Security Authority. 

  • Afghan telecommunications provider Roshan was targeted by two separate Chinese threat actors throughout 2020 and 2021, with a spike in threat actor activity detected coinciding with the U.S. withdrawal from the country in August and September 2021. 

Edits to Old Entries 

Mustang Panda. Added alias HoneyMyte. 

Gorgon Group. Added alias Aggah. 

New Entries 

Targeting of Philippine dissident websites (7/1) 

Targeting of the Afghan National Security Council (7/1) 

IndigoZebra (7/1) 

Targeting of prospective engineers and programmers (7/6) 

Targeting of Republican National Committee (7/6) 

Targeting of Ukrainian naval exercises (7/9) 

Targeting of civil society groups in Nepal, the Philippines, Taiwan, and Hong Kong (7/9) 

Targeting of academics focusing on the Middle East (7/13) 

Targeting of Philippine and Nepalese governments (7/14) 

Targeting of U.S. defense industry using Facebook (7/15) 

Targeting of U.S. oil and gas companies (7/20) 

Targeting of French corporations using compromised Wi-Fi routers (7/21) 

Targeting of Southeast Asian telecommunication companies (8/3) 

Targeting of Southeast Asian telecommunication companies (8/3) 

Targeting of the United States, Belarus, Canada, Mongolia, and Russia in an espionage operation (8/3) 

Targeting of Iranian reformists (8/4) 

Targeting of Israeli entities (8/10) 

Targeting of manufacturing groups across Asia (8/12)  

Targeting of Air India (8/12) 

Targeting of Slovakian government agencies (8/13) 

Watering-hole attack on popular North Korean news site (8/18) 

Targeting of Israeli software supply chain (8/18) 

Siamesekitten (8/18) 

Targeting of U.S. computer retail business (8/24) 

Targeting of Microsoft Exchange and MySQL servers (9/9) 

Targeting of Indonesian intelligence agencies (9/10) 

Targeting of Indian media organizations (9/21) 

Targeting of Afghan telecommunication firm Roshan (9/28) 

Targeting of Afghan telecommunication firm Roshan (9/28) 

Calypso (9/28)