New Entries in the CFR Cyber Operations Tracker: Q3 2020
from Digital and Cyberspace Policy Program and Net Politics

New Entries in the CFR Cyber Operations Tracker: Q3 2020

An update of the Council on Foreign Relations' Cyber Operations Tracker for the period between July and September 2020.
Cyber Operations Tracker
Cyber Operations Tracker Council on Foreign Relations

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between July 2020 and September 2020.

Here are some highlights:

More on:



North Korea


Election 2020

  • In September, Microsoft reported that Russian, Chinese, and Iranian threat actors were targeting people and organizations involved in the upcoming U.S. elections.
  • For the first time, Togo is suspected of using NSO Group spyware to target opposition politicians and religious leaders. This brings the total number of nation-state attackers in the tracker to thirty-four.
  • Suspected North Korean-affiliated threat actor Lazarus Group continued to compromise automated teller machines in dozens of countries to steal money through fraudulent transactions.

A detailed log of the added and modified entries follows. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here.

New Entries 

Fox Kitten (2/16)

Targeting of Israeli water management facilities (7/17)

Targeting of Western entities involved in COVID-19 vaccine development (7/21)

More on:



North Korea


Election 2020

Targeting of Vatican City computer networks (7/28)

RedDelta (7/28)

Targeting of websites in Latvia, Lithuania, and Poland (7/29)

Ghostwriter (7/29)

Targeting of entities focusing on Taiwan (8/3)

Targeting of United Kingdom trade minister’s email account (8/3)

Targeting of opposition politicians and religious leaders in Togo (8/3)

Targeting of U.S. companies and government agencies (8/10)

Targeting of defense companies in Israel and the Middle East (8/14)

Targeting of Taiwanese government agencies and officials’ email accounts (8/19)

BlackTech (8/19)

Targeting of U.S. defense contractors (8/19)

Targeting of automated teller machines worldwide (8/26)

Targeting of UN officials (8/28)

Pioneer Kitten (8/31)

Targeting of U.S. political campaigns, advocacy groups, and political consultancies (9/10)

Targeting of former Vice President Joe Biden’s campaign staff and U.S. international affairs community (9/10)

Zirconium (9/10)

Targeting of the Donald J. Trump presidential campaign (9/10)

Targeting of U.S. government agency networks (9/14)

Targeting of U.S. information technology, government, health-care, finance, and media industries (9/15)

Targeting of Iranian expats and dissidents (9/18)

Targeting of Azerbaijani government networks (9/22)

Penetration of unnamed U.S. federal agency (9/24)

Creative Commons
Creative Commons: Some rights reserved.
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail