New Entries in the CFR Cyber Operations Tracker: Q2 2024
from Net Politics and Digital and Cyberspace Policy Program
from Net Politics and Digital and Cyberspace Policy Program

New Entries in the CFR Cyber Operations Tracker: Q2 2024

An update of the Council on Foreign Relations' Cyber Operations Tracker for the period between April and June 2024.

Post by Adam Segal and Kyle Fendorf

February 20, 2025 11:56 am (EST)

Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between April 1, 2024, and June 30, 2024.

A detailed log of the added and modified entries follows. If you know of any state-sponsored cyber incidents that should be included, you can submit them to us here

Edits to Old Entries

More on:

Cybersecurity

Digital Policy

Ukraine

China

Sandworm. Added affiliations with online cyber activist personas Xaknet, Cyber Army of Russia Reborn, and Solntsepek. Added update that Sandworm is associated with Telegram accounts which have taken credit for sabotage attacks on critical infrastructure in the U.S., France, and Poland.

Kimusky. Added affiliations. In addition to Thallium and Smoke Screen, also known as Emerald Sleet, TA-406, Sharptongue, Black Banshee, and APT43.   

APT 36. Added that APT 36 has previously been observed targeting South Asian nations with a particular focus on government and military targets in Afghanistan and India.

New Entries

Incidents:

Targeting of telecommunications firms and government agencies in Israel, Turkey, and Africa (4/1)

Targeting of U.S. Departments of Treasury and State, defense contractors, and two New York-based companies (4/23)

More on:

Cybersecurity

Digital Policy

Ukraine

China

Targeting of Czech and German political entities, state institutions, critical infrastructure, and German companies in the logistics, armaments, aerospace, and IT sectors (5/3)

Targeting of Polish government institutions (5/9)

Targeting of Israeli organizations (5/20)

Targeting of governmental organizations in Africa and the Caribbean (5/23)

Targeting of Indian aerospace, defense, and government sectors (5/22)

Targeting of aerospace and defense organizations worldwide (5/28)

Targeting of Ukrainian citizens who were concerned about facing loss of housing in Ukraine (5/30)

Targeting of a high-profile government organization in Southeast Asia (6/5)

Targeting of an unnamed company in East Asia (6/5)

Targeting of TVP, a public service broadcaster in Poland (6/19)

Targeting of Teamviewer, a German-based company that makes widely used remote-access tools for companies (6/27)

Targeting of Google Chrome users in the United States, South Korea, and Europe, particularly those involved in research into North Korean affairs (6/27) 

Actors:

Moonstone Sleet 

UAC-0188

FlyingYeti

Sharp Panda

Storm-842

Velvet Ant

Kyle Fendorf, research associate for the Digital and Cyberspace Policy program and Maya Schmidt, Digital and Cyberspace program intern, oversaw data collection.

Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close