This blog post was coauthored with Alex Grigsby, assistant director, digital and cyberspace policy.
The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between July 2018 and September 2018. We also modified some older entries to reflect the latest developments.
A significant number of changes to the tracker were a result of a mix of public attribution, criminal charges, and sanctions leveled by the United States and its allies as part of an effort to impose consequences against states they view as reckless in cyberspace.
Congratulations to Panama and Saudi Arabia, which have been added to the tracker for their suspected state-sponsored operations against dissident groups using the Pegaus tool from the NSO Group.
A detailed log of the added and modified entries follow. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here.
Edits to Old Entries
APT 28. Added that the United Kingdom and United States associate this threat actor with Russian military intelligence (GRU), and noted its suspected responsibility for a number of newly reported incidents.
Turla. Added that it is believed to have been responsible for the compromise of the German and Finnish foreign ministries.
Compromise of the World Anti-Doping Agency. Added a reference to Swiss authorities investigating Russia's suspected involvement, and the attribution statements from Australia, Canada, New Zealand, the United Kingdom, and the United States.
Compromise of Sony Pictures Entertainment. Added a reference to the U.S. Department of Justice criminal complaint against North Korean actors responsible for this incident.
SWIFT-related bank heists. Added a reference to the U.S. Department of Justice criminal complaint against North Korean actors responsible for this incident.
WannaCry. Added a reference to the U.S. Department of Justice criminal complaint against North Korean actors responsible for this incident.
Lazarus Group. Added a reference to the U.S. Department of Justice criminal complaint against North Korean actors believed to be behind this threat actor.
APT 10. Added a reference that this threat actor is believed to be part of the Tianjin bureau of the Chinese Ministry of State Security.
TempTick. Added a reference that this threat actor is known for compromising USB sticks used to transfer data to air-gapped networks.
Compromise of the International Association of Athletics Federations. Added a reference to U.S. authorities attributing this incident to Russian military intelligence.
Black Energy. Added that the UK government attributed this incident to Russian military intelligence (GRU).
Compromise of the Democratic National Committee. Added that the UK government attributed this incident to Russian military intelligence (GRU).
Targeting of the office of U.S. Senator Claire McCaskill Raspite
Denial of service incident against media websites in Sweden
Targeting of organizations associated with trade activity with China
Compromise of the German Foreign Office
Targeting of AMC Theatres
Targeting of Mammoth Screen
Targeting of U.S. defense contractors
Targeting of the personal email accounts of U.S. senators and staff
Targeting of Omar Abdulaziz
Targeting of Yahya Assiri
Targeting of certain individuals in Panama
Targeting of Japanese companies
Targeting of the Organization for the Prohibition of Chemical Weapons
Compromise of the U.S. Anti-Doping Agency
Compromise of the Court of Arbitration for Sport
Compromise of the Canadian Centre for Ethics in Sport
Compromise of FIFA
Targeting of Westinghouse Electric Corporation
Compromise of email accounts of a UK TV station