New Entries in the CFR Cyber Operations Tracker: Q2 2021

This blog post was coauthored by Kyle Fendorf, research associate for the Digital and Cyberspace Policy program. 

Kyle Fendorf, research associate for the Digital and Cyberspace Policy program, oversaw data collection and Jessie Miller, Digital and Cyberspace Policy program intern, uploaded new entries. 

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between March and July 2021.  

Here are some highlights: 

• In April, Chinese hackers targeted a Russian submarine design firm with spearphishing attacks with the aim of stealing nuclear submarines schematics. 

• Dutch police investigating the downing of Malaysian Airlines Flight MH17 were hacked by Russian intelligence services in 2017. 

• In June, a new Chinese threat actor was identified running a long-term espionage campaign targeting former Soviet republics in Central Asia. 

A detailed log of the added and modified entries follows. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here. 

Edits to Old Entries 

Gamaredon. Added alias Primitive Bear. 

TempTick. Added alias Tick and updated description. 

New Entries 

Targeting of the Vietnamese and Thai governments and military (4/5) 

Targeting of South African freight companies (4/8) 

Targeting of Lebanese job seekers (4/8) 

Targeting of Ukrainian elected officials by Russian-sponsored hackers (4/19) 

Targeting of Japanese businesses and research groups (4/19) 

Targeting of U.S. federal agencies via PulseSecure VPN (4/20) 

Targeting of Russian submarine designer (4/30) 

Targeting of Indian military and defense organizations (5/13) 

Targeting of Uyghurs in China and Pakistan (5/27) 

Targeting of U.S. Agency for International Development (5/27) 

Targeting of South Korean government (6/1) 

Targeting of Myanmar's presidential website (6/2) 

Targeting of Southeast Asian ministry of foreign affairs (6/3) 

Targeting of cloud computing servers in brute force attacks (6/6) 

Targeting of Ukrainian agencies in Russian spear-phishing campaign (6/7) 

Targeting of Russian government agencies (6/8) 

Targeting of Dutch police in the investigation of flight MH17 shootdown (6/9) 

Targeting of South Korean companies with ransomware (6/15)

Targeting of major companies and government organizations in seven countries (6/16) 

RedFoxTrot (6/16) 

Targeting of South Korean nuclear research center (6/18) 

Targeting of Polish members of parliament's email accounts (6/18) 

Targeting of Norwegian government's IT network (6/19) 

Targeting of government and energy organizations in India and Afghanistan (6/22) 

UNC1151 (4/28)