Elizabeth Merrigan, Digital and Cyberspace Policy program intern, oversaw data collection for new entries.
The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between July 2019 and September 2019. We also modified some older entries to reflect the latest developments.
Here are some highlights:
- Chinese state-sponsored hackers targeted apps used by protesters in Hong Kong, popular websites and telecommunications networks used by the Uighur diaspora, and mobile phones used by senior members of the Tibetan government-in-exile, signaling attempts by Beijing to track and control populations it considers threatening to domestic security interests.
- Hackers from the Russian-backed APT 28 exploited vulnerabilities in Internet of Things (IoT) devices, such as phones and printers, to gain access to other accounts on connected networks with more privileges and data. Microsoft researchers warned that these attacks will likely increase, making the reduction of vulnerabilities in IOT devices a pressing challenge for governments around the world.
A detailed log of the added and modified entries follow. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here.
Edits to Old Entries
Lazarus Group. Added the sanctions imposed by the U.S. Treasury Department.
Thrip. Added its recently-uncovered affiliation with the Lotus Blossom threat actor.
APT 33. Added its affiliation with the Elfin cyber espionage group and attribution for Shamoon malware attacks in 2016 and 2017.
APT 17. Added the identification of three members of this threat actor, who are believed to be operating as contractors for the Chinese Ministry of State Security.
Axiom. Added its relationship with Winnti.
Inception Framework. Added its aliases, Cloud Atlas and Red October, and additional victim states, including Afghanistan, Kyrgyzstan, Russia, and Turkey.