Skip to content
Member Login
Cybersecurity

New Entries in the CFR Cyber Operations Tracker: Q1 2018

An update of the Council on Foreign Relations’ Cyber Operations Tracker for the period of January 1 to March 31, 2018.

Cyber Tracker
Council on Foreign Relations

By experts and staff

Published

Experts

  • By Adam Segal
    Ira A. Lipman Chair in Emerging Technologies and National Security and Director of the Digital and Cyberspace Policy Program

By

  • Alex Grigsby
    Assistant Director, Digital and Cyberspace Policy

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between January 1, 2018 and March 31, 2018. We also modified some older entries to reflect the latest developments and added a few historical cases we had previously missed. 

A detailed log of the added and modified entries follow. A special thanks to Sasha Romanosky from RAND who submitted data to improve the tracker’s accuracy. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here.  

Deletions from the Database

Compromise at NASDAQ. This entry was deleted because new details reveal that the incident may have been criminal in nature, not a state-sponsored cyber operation. 

Edits to Old Entries

Ocean Lotus. Added the Association of Southeast Asian Nations as a victim.
APT 28. Added that Estonian intelligence services associate this threat actor with Russian military intelligence (GRU) and ascribed new victims to it.
Turla. Added that Estonian intelligence services associate this threat actor with the Russian Federal Security Service (FSB). 
The Dukes. Added that Estonian intelligence services associate this threat actor with the FSB and Russian Foreign Intelligence Service (SVR).
NotPetya. Added a reference to the Australian, Danish, American, and British claims of attribution to Russian state-sponsored actors. 
Leviathan. Added a reference to its alternate name (TEMP.Periscope), state-sponsor, and victims.
Black Energy. Added a reference to its alternate name, Voodoo Bear.
MuddyWater. Added a reference to its alternate name (TEMP.Zagros) and state-sponsor. 
APT 10. Added a source to a Cylance report on this threat actor. 

New Entries

Iron Tiger
Compromise of the Dukes
Compromise of computer networks associated with the 2018 Pyeongchang Winter Olympic Games
APT 37
Compromise of an air-gapped German government network
Indictment of officials from the Mabna Institute
Targeting of foreign ministries
Targeting of a European defense agency
Targeting of global financial organizations and bitcoin users
Targeting of consulates and embassies in Eastern Europe
APT 17
APT 18
Compromise of Community Health Systems
DragonOK
Moafee
admin@338
Stealth Falcon