This blog post was coauthored by Connor Fairman, research associate for the Digital and Cyberspace Policy program.
Nathan Marx, Digital and Cyberspace Policy program intern, oversaw data collection for new entries.
The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between October 2019 and December 2019. We also modified some older entries to reflect the latest developments.
Here are some highlights:
- The Russian cyber espionage unit Turla hijacked hacking infrastructure belonging to Iranian threat group Oilrig and used it to launch attacks in over thirty-five countries while masquerading as Iran. Russia has carried out “false flag” operations like this in the past. Last year, U.S. intelligence uncovered Russian hackers’ use of code associated with Lazarus Group, a North Korean threat actor.
- Amnesty International released a report showing how the Moroccan government used NSO Group’s Pegasus malware to target two prominent human rights activists in Morocco. The report noted that the targeted attacks are symptomatic of a larger pattern of reprisals against human rights activists by Moroccan authorities. We also added reports of Egypt, Saudi Arabia, Uzbekistan, and United Arab Emirates using malicious software to spy on dissidents and NGOs. An increasing number of entries in the tracker are of states using commercially available and self developed malware against their political opponents.
A detailed log of the added and modified entries follow. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here.
Edits to Old Entries
Mustang Panda. Added its alias Bronze President.
Newscaster. Added its aliases APT 35, Ajax Security Team, and Phosphorus.
OilRig. Added that in October 2019, Oilrig’s hacking infrastructure was revealed to have been compromised by Turla. Noted that some operations previously attributed to the group may be Turla false flags.
Targeting of Russian speakers (10/10)
Targeting of Moroccan activists (10/10)
U.S. retaliation against Iran (10/16)
Targeting of European ministries (10/17)
Targeting of Avast (10/21)
Compromise of Kazakh individuals (11/23)
Golden Falcon (11/23)
Targeting of BMW and Hyundai (12/6)