New Entries in the CFR Cyber Operations Tracker: Q2 2023
Kyle Fendorf is the research associate for the Digital and Cyberspace Policy program.
Natasha White, intern for the Digital and Cyberspace program, oversaw data collection.
More on:
The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between April and June 2023.
Here are some highlights:
-
The FBI announced it had disrupted a Russian malware network, Snake, that was active in over fifty countries and had been operating in some form for at least twenty years.
-
A new Chinese threat actor, Volt Typhoon, was detected on U.S. military networks in Guam and other areas of the western Pacific and had established a presence in some critical infrastructure systems in the United States. The U.S. government said the group’s presence could be leveraged to attack critical infrastructure in the event of a future conflict.
-
North Korea’s Lazarus Group used a backdoor placed during a supply chain attack on the financial software firm Trading Technologies to access the systems of 3CX, a voice calling and video conferencing software provider, and distribute malware to 3CX customers. The attack marks the first known case of a group using access gained in an initial supply chain hack to launch a second one against a new network of customers.
Edits to Old Entries
Kimsuky. Added APT43 as an alias.
Emissary Panda. Added Budworm as an alias.
More on:
Nodaria. Added Cadet Blizzard as an alias.
New Entries
Targeting of military and government networks in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka (2/15)
Targeting of 3CXDesktopApp customers and crypto firms (3/30)
SideWinder (3/30)
Targeting of organizations of strategic interest to the Chinese government (3/30)
Targeting of experts in North Korea policy issues (4/5)
Targeting of Indian education sector (4/13)
Targeting of European government agencies and diplomats (4/13)
Targeting of a Taiwanese media organization (4/17)
Targeting of Indian government agencies (4/17)
Targeting of human rights groups and activists related to human rights advocacy in North Korea (4/20)
Targeting of Mac users at financial institutions (4/24)
Targeting of U.S. critical infrastructure and civil-society groups (4/18)
Targeting of South Korean institutions (4/25)
Targeting Linux systems in Nepal and South Africa (4/28)
Targeting of Ukrainian government bodies (4/30)
Targeting of military personnel in South Asia (5/3)
Targeting of military personnel and activists in Southeast Asia (5/3)
Targeting of the Ukrainian public sector (5/4)
Targeting of minority groups in Iran (5/4)
Targeting of Pakistani government officials and networks in Turkey (5/8)
Targeting of government networks with Snake malware (5/9)
Targeting of South Korean hospital network (5/10)
Targeting of cryptocurrency exchanges in DangerousPassword campaign (5/12)
Targeting of Ukrainian civil-society groups (5/17)
Targeting of users of Israeli shipping and logistics websites (5/23)
Volt Typhoon (5/24)
Targeting of telecommunications equipment in Guam (5/24)
Targeting of Kenyan government (5/25)
Targeting of Russian iPhone users (6/1)
Targeting of Taiwanese government and critical infrastructure operators (6/2)
Targeting of Islamic State group militants in Iraq (6/4)
Targeting of analysts of North Korean affairs (6/6)
Targeting of Vietnamese agriculture business (6/9)
Targeting of South Korean professors, dissidents, and human rights advocates (6/12)
Targeting of Atomic Wallet cryptocurrency users (6/13)
Targeting of government organizations in Eastern Europe and Western Asia (6/14)
Targeting of users of Naver (6/15)
Targeting of organizations using Barracuda email security gateway devices (6/15)
Targeting of the Indian defense sector (6/15)
Targeting of Ukrainian government agencies in phishing attack (6/16)