New Entries in the CFR Cyber Operations Tracker: Q3 2023

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between July and September 2023.

Here are some highlights:

• Chinese threat actor Mirage distributed trojanized versions of the messaging apps Signal and Telegram to Uyghurs living outside of China. The malicious apps were downloaded at least thirteen thousand times.
• A North Korean threat actor, APT 37, broke into the systems of Russian missile design firm NPO Mashinostroyeniya and may have stolen important intellectual property. The firm has previously been involved in designing both newer generation ballistic missiles and hypersonic missiles.
• Charming Kitten, an Iranian hacking group, sent phishing emails to nuclear security experts in the United States and Western Europe, likely to learn more about ongoing negotiations over the Joint Comprehensive Plan of Action, commonly referred to as the Iran nuclear deal.

Edits to Old Entries

APT 33. Added Holmium and Peach Sandstorm as aliases.

Targeting of Northwestern Polytechnical University. Added indicators of compromise to sources.

Tick. Added TAG-74 as an alias.

New Entries

Targeting of government agencies across Eastern Europe (7/3)

Targeting of nuclear security experts in phishing campaign (7/6)

Targeting of IT company as part of a supply-chain attack (7/12)

Targeting of Ukrainian defense forces with Capibar and Kazuar spyware (7/18)

Targeting of GitHub users with an interest in cryptocurrency (7/18)

Targeting of CoinsPaid cryptocurrency service (7/26)

Targeting of diplomatic agencies in Eastern Europe (7/27)

Targeting of government employees and researchers (7/30)

Flax Typhoon (8/2)

Targeting of Russian missile design firm (8/7)

Targeting of Ukrainian armed forces planning operations system with Infamous Chisel (8/8)

Targeting of internet infrastructure provider in Europe (8/24)

Targeting of Japan's National Center of Incident Readiness and Strategy for Cybersecurity (8/28)

Targeting of Uyghurs outside China with trojanized Signal and Telegram apps (8/30)

Targeting of the German Federal Agency for Cartography and Geodesy (8/31)

Targeting of South Korean defense industry and an electronics manufacturer (8/31)

Targeting of Ukrainian energy facility (9/5)

Targeting of Stake virtual currency service (9/6)

Targeting of organizations in Brazil, Israel, and the United Arab Emirates (9/11)

Targeting of CoinEx cryptocurrency exchange (9/12)

Targeting of satellite, defense, and pharmaceutical organizations (9/14)

Targeting of South Korean academics, government agencies, and political groups (9/19)

Targeting of foreign embassies in Kyiv (9/21)

Targeting of a telecommunications provider in North Africa (9/21)

Targeting of a southeast Asian government (9/22)

Targeting of subsidiaries of global companies (9/27)

Targeting of a telecommunications firm in the Middle East and a government network in Asia (9/28)