This blog post was coauthored by Kyle Fendorf, research associate for the Digital and Cyberspace Policy program.
Eyako Heh, Digital and Cyberspace Policy program intern, oversaw data collection and Jessie Miller, Digital and Cyberspace Policy program intern, uploaded new entries.
The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between January and March 2021.
Here are some highlights:
In January, law enforcement agencies from several countries collaborated to take down the command and control servers of the EMOTET botnet.
In February, Chinese threat actors inserted malware into the Indian power grid during a border dispute between the two countries. The malware may have caused a failure in the Mumbai power grid.
In March, the Chinese threat actor Hafnium exploited a vulnerability in Microsoft Exchange to access user emails. The vulnerability was widely used by other groups after it was revealed.
A detailed log of the added and modified entries follows. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here.
Edits to Old Entries
The Dukes. Added alias Dark Halo
Lucky Cat. Added alias TA413
Targeting of SolarWinds customers. Added sanctions.
Take down of EMOTET botnet (1/27)
Targeting of SolarWinds (2/2)
Domestic Kitten (2/8)