This blog post was coauthored by Connor Fairman, research associate for the Digital and Cyberspace Policy program.
Nathan Marx, Digital and Cyberspace Policy program intern, oversaw data collection for new entries.
The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between January 2020 and March 2020. We also modified some older entries to reflect the latest developments.
Here are some highlights:
- After several instances of North Korean hacking of cryptocurrency exchanges and banks, we have added a new category of incident, “Financial Theft.” Our incident categories now include Financial Theft, DDoS, Esionage, Defacement, Data Destruction, Sabotage, and Doxing.
- For the first time, we have observed a state (Israel) publicly admitting that they have hacked back against another state-affiliated cyber actor. In response, we have added a new policy response category, “Hack Back.” We will continue to be on the lookout for additional examples of states hacking back in the future.
- The Hamas-associated threat actor APT-C-23 targeted Israeli soldiers by pretending to be women looking for romantic partners. Duped soldiers were then enticed to download apps that contained spyware onto their phones. In response, the Israel Defense Forces hacked back and dismantled the infrastructure used by APT-C-23 to launch its attacks.
- DarkHotel, an advanced threat actor possibly associated with the South Korean government, attempted to phish World Health Organization employees during the coronavirus pandemic.
A detailed log of the added and modified entries follow. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here.
Edits to Old Entries
Darkhotel. Changed title to DarkHotel. Also added DUBNIUM, Fallout Team, Karba, and Luder as aliases.
Apt 28. Added Hades to list of aliases.
Kingdom. Changed title to KINGDOM.
Compromise of Bapco (1/8)
Targeting of U.S. grid (1/9)
Targeting of Burisma (1/13)
Konni Group (1/23)
Tonto Team (3/5)
Vicious Panda (3/12)
APT 36 (3/16)
Storm Cloud (3/31)