The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between July and September 2023.

Here are some highlights:

More on:

Cybersecurity

North Korea

Russia

China

  • Chinese threat actor Mirage distributed trojanized versions of the messaging apps Signal and Telegram to Uyghurs living outside of China. The malicious apps were downloaded at least thirteen thousand times.
  • A North Korean threat actor, APT 37, broke into the systems of Russian missile design firm NPO Mashinostroyeniya and may have stolen important intellectual property. The firm has previously been involved in designing both newer generation ballistic missiles and hypersonic missiles.
  • Charming Kitten, an Iranian hacking group, sent phishing emails to nuclear security experts in the United States and Western Europe, likely to learn more about ongoing negotiations over the Joint Comprehensive Plan of Action, commonly referred to as the Iran nuclear deal.

Edits to Old Entries

Net Politics

CFR experts investigate the impact of information and communication technologies on security, privacy, and international affairs. 2-4 times weekly.

Digital and Cyberspace Update

Digital and Cyberspace Policy program updates on cybersecurity, digital trade, internet governance, and online privacy. Bimonthly.

Daily News Brief

A summary of global news developments with CFR analysis delivered to your inbox each morning. Most weekdays.

The World This Week

A weekly digest of the latest from CFR on the biggest foreign policy stories of the week, featuring briefs, opinions, and explainers. Every Friday.

By entering your email and clicking subscribe, you're agreeing to receive announcements from CFR about our products and services, as well as invitations to CFR events. You are also agreeing to our Privacy Policy and Terms of Use.

APT 33. Added Holmium and Peach Sandstorm as aliases.

Targeting of Northwestern Polytechnical University. Added indicators of compromise to sources.

Tick. Added TAG-74 as an alias.

New Entries

Targeting of government agencies across Eastern Europe (7/3)

More on:

Cybersecurity

North Korea

Russia

China

Targeting of nuclear security experts in phishing campaign (7/6)

Targeting of IT company as part of a supply-chain attack (7/12)

Targeting of Ukrainian defense forces with Capibar and Kazuar spyware (7/18)

Targeting of GitHub users with an interest in cryptocurrency (7/18)

Targeting of CoinsPaid cryptocurrency service (7/26)

Targeting of diplomatic agencies in Eastern Europe (7/27)

Targeting of government employees and researchers (7/30)

Flax Typhoon (8/2)

Targeting of Russian missile design firm (8/7)

Targeting of Ukrainian armed forces planning operations system with Infamous Chisel (8/8)

Targeting of internet infrastructure provider in Europe (8/24)

Targeting of Japan's National Center of Incident Readiness and Strategy for Cybersecurity (8/28)

Targeting of Uyghurs outside China with trojanized Signal and Telegram apps (8/30)

Targeting of the German Federal Agency for Cartography and Geodesy (8/31)

Targeting of South Korean defense industry and an electronics manufacturer (8/31)

Targeting of Ukrainian energy facility (9/5)

Targeting of Stake virtual currency service (9/6)

Targeting of organizations in Brazil, Israel, and the United Arab Emirates (9/11)

Targeting of CoinEx cryptocurrency exchange (9/12)

Targeting of satellite, defense, and pharmaceutical organizations (9/14)

Targeting of South Korean academics, government agencies, and political groups (9/19)

Targeting of foreign embassies in Kyiv (9/21)

Targeting of a telecommunications provider in North Africa (9/21)

Targeting of a southeast Asian government (9/22)

Targeting of subsidiaries of global companies (9/27)

Targeting of a telecommunications firm in the Middle East and a government network in Asia (9/28)

magnifier linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram