from Net Politics and Digital and Cyberspace Policy Program

New Entries in the CFR Cyber Operations Tracker: Q1 2018

Council on Foreign Relations

An update of the Council on Foreign Relations' Cyber Operations Tracker for the period of January 1 to March 31, 2018.

April 23, 2018

Council on Foreign Relations
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between January 1, 2018 and March 31, 2018. We also modified some older entries to reflect the latest developments and added a few historical cases we had previously missed. 

A detailed log of the added and modified entries follow. A special thanks to Sasha Romanosky from RAND who submitted data to improve the tracker's accuracy. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here.  

Deletions from the Database

More on:


Compromise at NASDAQ. This entry was deleted because new details reveal that the incident may have been criminal in nature, not a state-sponsored cyber operation. 

Edits to Old Entries

Ocean Lotus. Added the Association of Southeast Asian Nations as a victim.
APT 28. Added that Estonian intelligence services associate this threat actor with Russian military intelligence (GRU) and ascribed new victims to it.
Turla. Added that Estonian intelligence services associate this threat actor with the Russian Federal Security Service (FSB). 
The Dukes. Added that Estonian intelligence services associate this threat actor with the FSB and Russian Foreign Intelligence Service (SVR).
NotPetya. Added a reference to the Australian, Danish, American, and British claims of attribution to Russian state-sponsored actors. 
Leviathan. Added a reference to its alternate name (TEMP.Periscope), state-sponsor, and victims.
Black Energy. Added a reference to its alternate name, Voodoo Bear.
MuddyWater. Added a reference to its alternate name (TEMP.Zagros) and state-sponsor. 
APT 10. Added a source to a Cylance report on this threat actor. 

New Entries

Iron Tiger
Compromise of the Dukes
Compromise of computer networks associated with the 2018 Pyeongchang Winter Olympic Games
APT 37
Compromise of an air-gapped German government network
Indictment of officials from the Mabna Institute
Targeting of foreign ministries
Targeting of a European defense agency
Targeting of global financial organizations and bitcoin users
Targeting of consulates and embassies in Eastern Europe
APT 17
APT 18
Compromise of Community Health Systems
Stealth Falcon

More on:


Creative Commons
Creative Commons: Some rights reserved.
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail