Skip to content
Member Login
Cybersecurity

New Entries in the CFR Cyber Operations Tracker: Q1 2022

An update of the Council on Foreign Relations’ Cyber Operations Tracker for the period between January and March 2022. 

Cyber Operations Tracker. Council on Foreign Relations

By experts and staff

Published

Experts

  • By Adam Segal
    Ira A. Lipman Chair in Emerging Technologies and National Security and Director of the Digital and Cyberspace Policy Program

This blog post was coauthored by Kyle Fendorf, research associate for the Digital and Cyberspace Policy program. 

 

Jessie Miller, intern for the Digital and Cyberspace program, oversaw data collection and Kyle Fendorf, research associate for the Digital and Cyberspace Policy program, uploaded new entries. 

 

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between January and March 2022. 

 

Here are some highlights: 

  • In February, Russian hackers targeted the networks of satellite internet provider Viasat and managed to bring down the service for several weeks, hindering Ukrainian military communication links. 

  • A newly identified Chinese threat actor was detected orchestrating a long-term campaign to steal data from the Taiwanese financial sector. 

  • Researchers discovered a new Indian threat actor which is believed to have planted evidence on an activist’s computer during his trial on terrorism charges. 

 

Edits to Old Entries 

Trisis. Assigned to Russian Federation, added indictment to read more section. 

Kimsuky. Added breakdown of North Korean threat actors to read more section. 

Lazarus Group. Added alias BlueNoroff. Added breakdown of North Korean threat actors to read more section. 

Gamaredon. Added alias InvisiMole. 

MuddyWater. Added U.S. Cyber Command analysis of malware to read more section. 

New Entries 

Targeting of Russian diplomats in Asia (1/3) 

Targeting of Pakistani research institutions (1/7) 

Targeting of journalists in El Salvador (1/12) 

Targeting of Ukrainian government websites (1/16) 

Targeting of cryptocurrency start-ups (1/15) 

Targeting of dissidents and opposition political candidates in Ghana (1/20) 

Targeting of Israeli activist (1/20) 

Targeting of local Israeli officials (1/23) 

Earth Lusca (1/17) 

Targeting of Middle Eastern government institutions in phishing campaign (1/20) 

Targeting of transportation companies via UEFI firmware implant (1/20) 

Targeting of German pharmaceutical and technology firms (1/27) 

Targeting of American defense industry (1/29) 

Targeting of Ukrainian organizations and Western government entity (1/29) 

Targeting of Turkish government organizations (1/31) 

Targeting of German companies (1/26) 

Targeting of Palestinian entities and activists (2/2) 

Targeting of financial institutions in Taiwan (2/2) 

Antlion (2/2) 

Targeting of journalists at News Corp (2/4) 

Targeting of Middle Eastern governments, foreign policy think tanks, and a state-affiliated airline (2/8) 

Targeting of the International Atomic Energy Agency and South Korean defense contractor (2/8) 

ModifiedElephant (2/9) 

Targeting of Australian media outlet (2/10) 

Targeting of Ukrainian banks and defense ministry (2/16) 

Targeting of American defense contractors (2/16) 

Targeting of Bahraini activists with Pegasus spyware (2/18) 

Targeting of VMWare Horizon servers with Log4Shell vulnerability (2/18) 

Targeting of Taiwanese financial institutions (2/21) 

Targeting of Latvian, Lithuanian, and Ukrainian computer systems (2/23) 

Targeting of Ukrainian government websites (2/23) 

Targeting of Ukrainian and Polish military personnel (2/25) 

Targeting of Moscow Stock Exchange and Sberbank websites (2/28) 

Ukrainian IT Army (2/28) 

Targeting of Viasat’s satellite broadband service (3/5) 

Targeting of Ukrainian state entities (3/7) 

Targeting of American state governments‘ networks (3/8) 

Targeting of European diplomatic entities, research entities, and internet service providers (3/7) 

Targeting of entities in Turkey and the Arabian Peninsula (3/10) 

Targeting of Russian aerospace and defense conglomerate (3/11) 

Targeting of Asus routers (3/17) 

Targeting of Ukrainian state bodies (3/18) 

Targeting of Ukrainian government officials (3/24) 

Targeting of American news media and IT companies (3/24) 

Targeting of Ukrainian telecommunication company’s internet service (3/28) 

Targeting of Indian government and military officials (3/29) 

Targeting of Hungary’s foreign ministry networks (3/29)