New Entries in the CFR Cyber Operations Tracker: Q1 2019
from Net Politics and Digital and Cyberspace Policy Program

New Entries in the CFR Cyber Operations Tracker: Q1 2019

An update of the Council on Foreign Relations' Cyber Operations Tracker for the period between October 2018 and March 2019. 
Council on Foreign Relations

This blog post was coauthored by Kanzanira Thorington, a research associate for the Digital and Cyberspace studies program. 

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between October 2018 and March 2019. We also modified some old entries to reflect the latest developments.

More on:


Here are some quick facts and interesting tid bits:

  • The United States is taking action against state-sponsored cyberattacks. The United States and allies condemned China for twelve years of cyberattacks on governments and the private sector, including indictments of two hackers associated with APT 10. Previously Washington had cooperated with allies to attribute Russian cyber operations. Furthermore, in November 2018 the U.S. Cyber Command launched an offensive campaign to combat a Russian troll operation known for using disinformation tactics.
  • New reports link the targeting of U.S. Navy contractors and maritime research at universities to Chinese intelligence efforts to steal naval technology.


A detailed log of the added and modified entries follow. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here.

Edits to Old Entries

Compromise of the Czech foreign minister’s computer. Added an affiliation.

APT 10. Added that the United States and allies charged members of the group for economic espionage.

More on:


Compromise of SingHealth. Added affiliation, victim category response.

MuddyWater. Added a reference to its alternate name (Seedworm).

The Dukes. Added that it is believed the group attempted to hack the Democratic National Committee after 2018 midterms.

Leviathan. Added a reference to its alternate name (APT 40) and association with the targeting of Department of Defense sponsored maritime research at US universities.


New Entries


Global bank attacks

Targeting of Austal

Compromise of Ukrainian government

Targeting of Mexican journalists’ mobile devices

Targeting of emails of German lawmakers, military officials, and embassy staff

Compromise of Marriott International

Attempt to compromise Ukraine's judicial system

Targeting of the Parliament of Australia

Compromises of government embassies, telecommunications companies, and a Russian oil company

APT 39

Targeting of U.S. Navy contractors

Compromise of the EU's diplomatic communication network

Attack on Italian oil firm Saipem

Compromise of South Korean resettlement agency

Global hijacking of domain name system (DNS)

Attempted attack on the Democratic National Convention (DNC) during 2018 elections

Cyber espionage by the United Arab Emirates (UAE)

Targeting of U.S. and European think tanks

Targeting of Visma

U.S. Cyber Command offensive attack of Russian troll farm

Targeting of universities' maritime military secrets


2019 Indonesian elections



Creative Commons
Creative Commons: Some rights reserved.
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail