This blog post was coauthored by Kyle Fendorf, research associate for the Digital and Cyberspace Policy program.
Srishti Khemka, intern for the Digital and Cyberspace program, oversaw data collection and uploaded new entries.
The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between October and December 2022.
Here are some highlights:
- Ocean Lotus, a Vietnamese threat actor, used three zero-day exploits in a campaign against Chinese users in December 2022. The attacks were at least partly aimed at growing the group’s Torii botnet.
- Russian-sponsored group APT 28 infiltrated the networks of a U.S. satellite communications provider although the depth of their intrusion was difficult to determine.
- Chinese threat actor APT 41 targeted the U.S. Small Business Administration and stole at least $20 million in U.S. COVID relief funds in 2021. It was unclear if the hackers were acting for personal gain or at the behest of a government agency.
Edits to Old Entries
APT 41. Added Earth Longzhi as an alias.
APT 37. Added ScarCruft as an alias.
Mustang Panda. Added RedDelta as an alias.
Targeting of Vatican City computer networks. Added Mustang Panda under affiliations. Deleted RedDelta from affiliations.
Targeting of Iranian citizens (10/20)
Targeting of Uyghur populations (11/10)
Targeting of Uyghur communities (11/10)
Targeting of U.S. federal agency (11/21)