New Entries in the CFR Cyber Operations Tracker: Q2 2022

This blog post was coauthored by Kyle Fendorf, research associate for the Digital and Cyberspace Policy program. 

Pragya Jain, intern for the Digital and Cyberspace program, oversaw data collection and uploaded new entries. 

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between March and June 2022. 

Here are some highlights: 

• In April, the Russian-linked threat actor Sandworm targeted electrical substations in Ukraine in an attempt to disable parts of the power grid. 

• Mustang Panda, a threat actor linked to the Chinese government, targeted Russian government systems with a phishing campaign in April. 

• In June, a threat actor associated with the Indian government was accused of remotely planting evidence on over sixteen suspects’ computers, including several opponents of the ruling Bharatiya Janata Party. 

Edits to Old Entries 

Targeting of Asus routers. Added victim government response. 

The Dukes. Added UNC2452 as an alias. 

APT 10. Added TA410 as an alias. 

Crouching Yeti. Added Bromine as an alias. 

OilRig and Siamesekitten. Added a connection between the two groups. 

New Entries 

Targeting of Ukrainian organizations (4/5) 

Targeting of government agencies in the European Union (4/5) 

Targeting of Jordanian activists (4/5) 

Targeting of Israeli officials (4/6) 

Targeting of organizations in Europe, Asia, and North America (4/5) 

Targeting of Ukrainian institutions and U.S. and European foreign policy institutions and think tanks (4/7) 

Targeting of Indian power grid (4/6) 

Targeting of Ukrainian power stations (4/12) 

Targeting of telecommunication companies, internet service providers, and the data services sector (4/12) 

Targeting of Axie Infinity’s Ronin Network (4/14) 

Targeting of South Korean chemical sector organizations (4/14) 

Targeting of UK government officials (4/18) 

Targeting of cryptocurrency company employees (4/19) 

Targeting of journalists reporting on North Korea (4/21) 

Targeting of Russian military officials (4/27) 

Targeting of Catalan separatists (4/18) 

Targeting of Ukrainian, Latvian, and Lithuanian computer systems (2/23) 

Targeting of specialized engineering companies (4/27) 

Targeting of Ukrainian users of Chrome, Edge, and Firefox browsers (5/3) 

Targeting of a defense and cybersecurity organization in the Baltics (5/3) 

Targeting of technology and manufacturing companies in Asia, Europe, and North America (5/4) 

Targeting of diplomatic organizations in the Americas, Asia, and Europe (4/28) 

Targeting of Russian and Belarusian websites (5/4) 

Targeting of Ukrainian government and IT sector systems with WhisperGate malware (1/15) 

Targeting of government network in Vinnytsia, Ukraine (4/27) 

Targeting of Ukrainian organizations with CaddyWiper (3/15) 

Targeting of major Ukrainian broadcasting company (4/27) 

Targeting of Ukrainian agricultural firm (4/27) 

Targeting of a Ukrainian transportation and logistics provider (4/27) 

Red Menshen (5/7) 

Targeting of telecommunications providers across the United States, Asia, and the Middle East (5/7) 

Targeting of Ukrainian organizations in phishing campaign (5/6) 

Targeting of Jordanian government (5/10) 

Targeting of Rostec (5/19) 

Targeting of Tibetans living abroad (6/1) 

Targeting of Boston Children’s Hospital (6/1) 

Targeting of Palauans via an Australian telecommunications company (6/3) 

Targeting of major telecommunications and network service providers (6/8) 

Aoqin Dragon (6/9) 

Targeting of telecommunications companies operating in Africa, Europe, and Southeast Asia (6/13) 

Targeting of high-level U.S. and Israeli officials (6/14) 

Targeting of media stations such as newspapers and radio stations in Ukraine (6/9) 

Targeting of Indian activists (6/16) 

Targeting of Middle Eastern countries (6/21)  

Targeting of individual suspects in serious criminal investigations within Canada (6/29) 

Targeting of UN Interim Force in Lebanon (UNIFIL) (6/29)