New Entries in the CFR Cyber Operations Tracker: Q3 2022

This blog post was coauthored by Kyle Fendorf, research associate for the Digital and Cyberspace Policy program.

Pragya Jain, intern for the Digital and Cyberspace program, oversaw data collection and Srishti Khemka, intern for the Digital and Cyberspace Program, uploaded new entries.

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between July and September 2022.

Here are some highlights:

• The Ukrainian IT Army attacked the systems of the Saint Petersburg Economic Forum in June and delayed Russian President Vladimir Putin’s speech by over an hour.
• In July, the Belgian government accused several Chinese threat actors of attacking the networks of the interior ministry and Ministry of Defense as part of a multi-year espionage campaign.
• Iranian threat actors attacked Albanian networks after the country hosted a conference of MEK, the People’s Mojahedin Organization of Iran, a group that violently opposes Iran’s government. The Albanian government severed diplomatic relations with Iran after the attacks.

Edits to Old Entries

The Dukes. Added Cloaked Ursa as an alias.

APT 18. Added TA428 as an alias.

New Entries

Targeting of St. Petersburg Economic Forum (6/17)

Targeting of various industries with Maui ransomware (7/6)

Targeting of pro-democracy organizations and activists in Thailand (7/17)

Targeting of government, military, and energy sectors in Pakistan (7/13)

Targeting of U.S. political reporters and White House correspondents (7/14)

Targeting of the Belgian Federal Public Service Interior by Chinese threat actors (7/18)

Targeting of the Belgian Federal Public Service Interior as part of espionage campaign (7/18)

Targeting of the Belgian Federal Public Service Interior in Chinese espionage campaign (7/18)

Targeting of Belgian Defense Ministry (7/18)

Targeting of the Ukrainian Azov Regiment (7/19)

Targeting of high-profile individuals at European embassies (7/19)

Targeting of European Union (EU) member states (7/23)

Targeting of South Korea with multiple spear-phishing campaigns (7/25)

Targeting of military personnel, government officials, employees of human rights and other nonprofit organizations, and students in Afghanistan, India, Pakistan, Saudi Arabia, and the United Arab Emirates (UAE) (8/4)

Targeting of Albanian government (8/4)

Targeting of military and public institutions in Afghanistan and several east European countries (8/7)

Targeting of industrial enterprises and public institutions in Central Asia and Eastern Europe (8/8)

Targeting of humanitarian, think tank, and governmental organizations (8/16)

Targeting of Israeli organizations using SysAid (8/25)

Targeting of South Korean diplomats, professors, and researchers (8/25)

Targeting of Montenegrin government infrastructure (8/25)

Targeting of Australian, Malaysian, and European organizations and organizations operating in and around the South China Sea (8/30)

Targeting of Northwestern Polytechnical University (9/5)

APT 42 (9/7)

Targeting of organizations in an Iranian ransomware campaign (9/7)

Targeting of government officials in Europe, the Middle East, and South America (9/8)

Targeting of nuclear security researcher (9/13)

Targeting of an Asian IT provider (9/15)

Space Pirates (9/15)

Targeting of Ukrainian government agencies in espionage campaign (9/15)

Targeting of Ukrainian networks via fake telecommunications firms (9/19)