This report surveys North Korea's cyber capabilities, offers potential motivations for North Korea's strategy, and examines four case studies.
In her testimony, Ms. Ravich discusses the evolving cyberspace battlefield, state adversaries (including China and North Korea), and offers policy recommendations.
This alert - intended to help cyber defenders detect malicious cyber activity conducted by the North Korean government (designated HIDDEN COBRA) - contains indicators of compromise, malware descriptions, and network signatures.
In their joint statement, the DNI, Under Secretary Defense for Intelligence, and the Director of NSA/Commander, U.S. Cyber Command discuss a variety of consequences of cyber threats - physical, commercial, psychological consequences - as cyber policy, diplomacy, and warfare. In addition, the statement discusses a number of cyber threat actors - nation states (Russia, China, North Korea, Iran), terrorists, and criminals - and responses to cyber threats.
"}}}, {"id":"elem-2RxLDfpd","key":"Element","value":{"_id":"elem-2RxLDfpd","_rev":"20-23c0f45156c6d06e7179ce0f26c98bde","type":"Element","created_at":"2018-06-07T18:23:52.024Z","updated_at":"2018-07-03T16:23:52.868Z","attributes":{"label":"DarkSeoul","element type":"Event","(yyyymmdd) begin":"20130320","(yyyymmdd) report":"20130320","(yyyymmdd) end":"20130320","intermediate target":[],"intermediate effect":[],"operation target":["Organization"],"operation layer":["Logical"],"operation effect":["Disruption"]}}}, {"id":"elem-2VBdxepo","key":"Element","value":{"_id":"elem-2VBdxepo","_rev":"3-c7f2de63e6a2bdf6e230a2b98d7a9482","type":"Element","created_at":"2017-07-19T15:17:00.855Z","updated_at":"2018-06-07T17:25:48.252Z","attributes":{"label":"Saudi Arabia","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/c96ba2ed-26f9-4778-aeed-5f6ea2d30c48.png"}}}, {"id":"elem-2u7A5FRX","key":"Element","value":{"_id":"elem-2u7A5FRX","_rev":"2-77e577a741c19c3503458379c253b010","type":"Element","created_at":"2018-06-07T19:57:02.293Z","updated_at":"2018-06-07T19:57:06.233Z","attributes":{"label":"Nashi","element type":"Actor"}}}, {"id":"elem-37ZiLeDG","key":"Element","value":{"_id":"elem-37ZiLeDG","_rev":"4-e486658bc18126da53b8171031f3e323","type":"Element","created_at":"2017-07-17T17:36:55.261Z","updated_at":"2017-07-17T18:39:49.417Z","attributes":{"label":"Sony","element type":"Target"}}}, {"id":"elem-3RrxnnyG","key":"Element","value":{"_id":"elem-3RrxnnyG","_rev":"13-be4ce881466e4ea918b5572b7be4a979","type":"Element","created_at":"2017-08-01T17:02:00.358Z","updated_at":"2018-06-15T17:27:13.179Z","attributes":{"label":"Sandworm","element type":"Actor","a/k/a":"Electrum","documents":"Dragos, ELECTRUM, June 7 2018. Not classified.
","summary":"Note: Sandworm and Electrum may be two separate but coordinated actors."}}}, {"id":"elem-3hhKSTYf","key":"Element","value":{"_id":"elem-3hhKSTYf","_rev":"2-ca59f3ac01b2581fdd19c560dbc325cb","type":"Element","created_at":"2017-07-18T15:45:22.971Z","updated_at":"2017-07-18T15:45:25.782Z","attributes":{"label":"US Economy","element type":"Target"}}}, {"id":"elem-3tzY4gfB","key":"Element","value":{"_id":"elem-3tzY4gfB","_rev":"5-27015923b13390947d7a7c92e1164e90","type":"Element","created_at":"2018-06-07T20:39:14.082Z","updated_at":"2018-06-15T17:27:17.848Z","attributes":{"label":"Cutting Kitten","element type":"Actor","a/k/a":"TG-2889, Ghambar, Cobalt Gypsy"}}}, {"id":"elem-428MQIxb","key":"Element","value":{"_id":"elem-428MQIxb","_rev":"2-0b79c419e15b7ba52cb5d2c5f250c568","type":"Element","created_at":"2017-07-19T15:33:43.382Z","updated_at":"2017-07-19T15:33:46.495Z","attributes":{"label":"US Hospitality","element type":"Event"}}}, {"id":"elem-4saMjLg3","key":"Element","value":{"_id":"elem-4saMjLg3","_rev":"44-fe6980508ed0b94f8174d3e09d9540f5","type":"Element","created_at":"2017-07-17T17:15:26.027Z","updated_at":"2018-07-03T16:36:16.161Z","attributes":{"label":"Stuxnet","element type":"Event","documents":"This short paper provides an overview of the Stuxnet worm, an exploration of possible developers and future users, a discussion of whether Iran was the intended target, as well as industrial control systems vulnerabilities and critical infrastructure, national security implications, and issues for Congress.
The catalyst for this paper were the reports of the Stuxnet worm. It explores issues raised by \"sophisticated yet virulent malware\" - including the nature of the threats, the vulnerabilities exploited and the difficulties in defending against Stuxnet-type worms, and the problems posed by organizational and legal restrictions. It also provides a short assessment of the status of U.S. defensive capabilities and efforts required to improve those capabilities.
This study, prepared by the Symantec computer security firm, provides a technical analysis of the Stuxnet malware - exploring the attack scenario, timeline, Stuxnet architecture, installation, load point, command and control, propagation methods, payload exports, payload resources and other topics.
This analysis follows up on Symantec's earlier examination of the Stuxnet worm (Document 44, also see Document 40). It reports that Symantec \"discovered an older version of Stuxent that can answer the questions about [its] evolution.\"
","a/k/a":"Olympic Games","operation effect":["Physical Damage"],"operation layer":["Physical"],"operation target":["National Decision-Making and Execution"]}}}, {"id":"elem-57bWfMGK","key":"Element","value":{"_id":"elem-57bWfMGK","_rev":"4-02da6e644bde8ecc1e75069f5cb6f531","type":"Element","created_at":"2017-08-01T16:29:59.980Z","updated_at":"2017-08-01T16:32:21.118Z","attributes":{}}}, {"id":"elem-5L871kds","key":"Element","value":{"_id":"elem-5L871kds","_rev":"17-bb603410742f8a66d33245d38a4de883","type":"Element","created_at":"2017-07-19T15:16:04.663Z","updated_at":"2018-06-21T14:48:59.751Z","attributes":{"label":"Estonia","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/535c8790-93b8-483c-bdc5-2177708ffb20.png","documents":"\n
This document analyzes Estonia's chief security concerns and includes an in-depth analysis of Russian strategy as a whole as well as the state of cyber threats.
\n\n\nThis paper examines both the theoretical and practical underpinnings of the Russian approach to cyber warfare. It contains chapters on cyber as a subcomponent of information warfare, organizations and agencies, hacktivists and criminals, three case studies of Russian cyber operations (Estonia in 2007, Georgia in 2008, and the Ukraine from 2013 to the present), and chapters on bots, leaks, and trolls.
\n\n\nThis report discusses 2014 cyber incidents, studies and guidelines, the prevention of cyber risks, international cooperation in 2014, and significant changes in Estonia's legislative and strategic framework for cyber security.
\n\nCentral Intelligence Agency, Foreign Computer Capabilities, September 25, 1969. Secret.
\nThis document provided a brief assessment of foreign computer capabilities of the USSR and Eastern Europe, France, West Germany, Japan, Israel, India, the United Arab Republic, Communist China, and Sweden.
\n","coalitions":["European Union","NATO"]}}}, {"id":"elem-5gfdgU2j","key":"Element","value":{"_id":"elem-5gfdgU2j","_rev":"2-8e24b0edf320359640b38e89844e3d08","type":"Element","created_at":"2019-08-14T19:17:01.226Z","updated_at":"2019-08-14T19:17:12.976Z","attributes":{"label":"Unit 74455","element type":"Actor"}}}, {"id":"elem-5mUdu95d","key":"Element","value":{"_id":"elem-5mUdu95d","_rev":"5-29051b47e7ba4260da6ef2ff61686f96","type":"Element","created_at":"2017-07-13T15:45:16.733Z","updated_at":"2018-06-07T17:23:21.190Z","attributes":{"label":"Vietnam","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/9221b27f-b381-41b2-bff5-d2c1b61d6581.png"}}}, {"id":"elem-7OmPJ4lc","key":"Element","value":{"_id":"elem-7OmPJ4lc","_rev":"2-23a92f7df3b5c506f1d08247f9646260","type":"Element","created_at":"2018-06-06T14:54:36.654Z","updated_at":"2018-06-06T14:54:48.332Z","attributes":{"label":"TempTick","element type":"Actor"}}}, {"id":"elem-7bRkFE5q","key":"Element","value":{"_id":"elem-7bRkFE5q","_rev":"6-826e564ba0786051f5b508e3ad358e75","type":"Element","created_at":"2018-06-08T17:22:10.525Z","updated_at":"2018-06-15T17:27:23.486Z","attributes":{"label":"Switzerland","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/e01a1e3e-fc95-49d9-971d-c390e59df003.png","element type":"Nation","documents":"\n
This document reports on the status of implementation of 16 different cybersecurity measures in four categories (prevention, response, continuity and crisis management, and support processes) - measures that had been specified in the Swiss Federation's 2012 cyber security strategy document."}}}, {"id":"elem-7iu05K4n","key":"Element","value":{"_id":"elem-7iu05K4n","_rev":"4-64aa7d40376c9ec548d571156619850d","type":"Element","created_at":"2017-08-01T16:30:18.729Z","updated_at":"2017-08-01T16:32:21.555Z","attributes":{}}}, {"id":"elem-7tTuRVM6","key":"Element","value":{"_id":"elem-7tTuRVM6","_rev":"2-cba346382cdb9ad846d9c392beba5962","type":"Element","created_at":"2017-08-29T16:57:26.200Z","updated_at":"2017-08-29T16:59:06.941Z","attributes":{"label":"Singapore","element type":"Nation"}}}, {"id":"elem-8VCwhIqz","key":"Element","value":{"_id":"elem-8VCwhIqz","_rev":"4-fcae7a7859a9e79e55d0e819f5897af9","type":"Element","created_at":"2018-06-07T20:52:12.456Z","updated_at":"2018-06-21T14:42:54.624Z","attributes":{"label":"Belgium","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/1d2ebb3b-b8ce-4bf9-8e79-3e7e3c5caa6f.png","coalitions":["European Union","NATO"]}}}, {"id":"elem-8YG07AsJ","key":"Element","value":{"_id":"elem-8YG07AsJ","_rev":"6-fedd4d43d292737afb54ef90b9dcfe54","type":"Element","created_at":"2018-06-07T20:35:59.286Z","updated_at":"2018-06-15T17:27:15.407Z","attributes":{"label":"APT34","element type":"Actor","a/k/a":"OilRig, Cobalt Gypsy, Twisted Kitten, Helix Kitten"}}}, {"id":"elem-8dHq6ZUf","key":"Element","value":{"_id":"elem-8dHq6ZUf","_rev":"34-dbe82d57caaff9bb6371208a217a0288","type":"Element","created_at":"2018-06-21T18:25:35.584Z","updated_at":"2018-07-02T17:43:36.367Z","attributes":{"label":"Attack on Turkish Oil Pipeline","element type":"Event","documents":"
","integration":"Independent Operation","(yyyymmdd) begin":"20080806","(yyyymmdd) end":"20080806","(yyyymmdd) report":"20080806","operation target":["Critical Infrastructure"],"operation layer":["Physical"],"operation effect":["Physical Damage"]}}}, {"id":"elem-94mPT9MK","key":"Element","value":{"_id":"elem-94mPT9MK","_rev":"9-898971272e84b549856fd1652ff04580","type":"Element","created_at":"2017-08-29T16:55:30.439Z","updated_at":"2018-06-21T14:43:40.038Z","attributes":{"label":"Sweden","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/01054861-2539-4956-b161-60c3f7533046.png","documents":"Central Intelligence Agency, Foreign Computer Capabilities, September 25, 1969. Secret.
\nThis document provided a brief assessment of foreign computer capabilities of the USSR and Eastern Europe, France, West Germany, Japan, Israel, India, the United Arab Republic, Communist China, and Sweden.
\n","coalitions":["European Union"]}}}, {"id":"elem-9SmkyUz4","key":"Element","value":{"_id":"elem-9SmkyUz4","_rev":"26-ac5ab604e616682cca33d10933fde536","type":"Element","created_at":"2017-07-17T16:58:37.450Z","updated_at":"2018-06-15T18:36:48.608Z","attributes":{"label":"USCYBERCOM","element type":"Government Entity","documents":"
This hearing document contains the prepared statement and testimony of the commander of the U.S. Cyber Command as well as responses to questions asked during and after the hearing.
The purpose of this heavily redacted operations order is to guide and direct \"the Department of Defense (DoD) and, as authorized, designated missions partners for cyberspace operations to secure, operate and defend the critical mission elements of the DoD Global Information Grid.\" It provides a concept of operations, and specifies tasks for the relevant DoD components - CYBERCOM headquarters, CYBERCOM service components (e.g. the U.S. Fleet Cyber Command), combatant commands, the military services, the National Security Agency, Defense Intelligence Agency, and other entities.
This memo from the head of the U.S. Strategic Command, the parent command of the U.S. Cyber Command, recommends that the latter, established that May (Document 6), be declared fully operational. It also summarizes the Cyber Command's six key missions, including one that is partially classified.
This brief history focuses on the task force (initially named the Joint Task Force for Computer Network Defense and subsequently 'for Computer Network Operations' and then 'for Global Network Operations') that would serve as a key component of the foundation for the U.S. Cyber Command. It does not discuss operations but key decisions and developments with regard to the evolution of the task force's mission, structure, and capabilities.
This message notifies recipients that the U.S. Strategic Command has established a subordinate command, the U.S. Cyber Command, with initial operational capability as of May 21, 2010. It also specifies the mission of the new command, its responsibilities, organization, and command relationships.
This memo from the Secretary of Defense directs the commander of the U.S. Strategic Command to establish a U.S. Cyber Command and that the command reach an initial operating capability by October 2009 and a full operating capability by October 2010. It also informs the recipients of the Secretary's plan to recommend to the president that the National Security Agency director also become commander of the Cyber Command.
"}}}, {"id":"elem-9mSzhlpm","key":"Element","value":{"_id":"elem-9mSzhlpm","_rev":"3-91aabf0e7d9eabd3a3eda5df455052f3","type":"Element","created_at":"2018-06-18T17:33:15.101Z","updated_at":"2018-06-18T17:35:24.227Z","attributes":{"label":"Mexico","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/dd42393e-c9d1-4068-9a73-618197791994.png"}}}, {"id":"elem-AFjCpjyO","key":"Element","value":{"_id":"elem-AFjCpjyO","_rev":"35-5422c5881d2bd644ac186bdcf0ba4339","type":"Element","created_at":"2017-07-17T17:15:02.550Z","updated_at":"2018-06-22T16:12:48.876Z","attributes":{"label":"OPM Breach","element type":"Event","documents":"
This letter from Rep. Cummings reports on his committee's investigation of the claim that CyTech Services discovered the 2015 cyber-attacks against the Office of Personnel Management before OPM did. The letter concludes with the statement that \"claims that CyTech was responsible for first detecting the OPM data breaches are inaccurate.\"
This report from the Republican staff of the House committee investigating the data breach at the Office of Personnel Management discusses the significance of what the attackers stole, charges that the exfiltration of security clearance files could have been prevented, alleges that OPM misled both Congress and the public in order to downplay the apparent damage, and offers a 'bottom line.'
","operation target":["National Decision-Making and Execution"],"operation layer":["Logical"],"operation effect":["Enabling/Espionage"],"intermediate target":[],"intermediate effect":[]}}}, {"id":"elem-B21uK1B0","key":"Element","value":{"_id":"elem-B21uK1B0","_rev":"2-21a995e031204e509a8be5ccaeca1c48","type":"Element","created_at":"2019-08-14T19:16:51.099Z","updated_at":"2019-08-14T19:17:18.247Z","attributes":{"label":"Unit 26165","element type":"Actor"}}}, {"id":"elem-B656x4O0","key":"Element","value":{"_id":"elem-B656x4O0","_rev":"6-0f094b1ffcfcdf074951dc3b685ca5ec","type":"Element","created_at":"2017-08-01T19:00:26.066Z","updated_at":"2018-06-15T17:27:14.760Z","attributes":{"label":"APT35","element type":"Actor","a/k/a":"Magic Hound"}}}, {"id":"elem-BFaG1JmY","key":"Element","value":{"_id":"elem-BFaG1JmY","_rev":"10-13de23f379e693472ae65827b5af2b37","type":"Element","created_at":"2017-07-17T17:11:28.666Z","updated_at":"2018-06-21T18:55:10.438Z","attributes":{"label":"Operation Aurora","element type":"Event"}}}, {"id":"elem-BLijbi08","key":"Element","value":{"_id":"elem-BLijbi08","_rev":"18-f20cb03fa6d7bf5ee1fc5547b31e4f02","type":"Element","created_at":"2017-07-13T15:37:34.565Z","updated_at":"2018-06-15T17:27:19.961Z","attributes":{"label":"Russia","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/d2b39a0d-042d-440d-bda4-ad38c0eccb6a.png","documents":"\n
In their joint statement, the DNI, Under Secretary Defense for Intelligence, and the Director of NSA/Commander, U.S. Cyber Command discuss a variety of consequences of cyber threats - physical, commercial, psychological consequences - as cyber policy, diplomacy, and warfare. In addition, the statement discusses a number of cyber threat actors - nation states (Russia, China, North Korea, Iran), terrorists, and criminals - and responses to cyber threats.
\n\nThis paper examines both the theoretical and practical underpinnings of the Russian approach to cyber warfare. It contains chapters on cyber as a subcomponent of information warfare, organizations and agencies, hacktivists and criminals, three case studies of Russian cyber operations (Estonia in 2007, Georgia in 2008, and the Ukraine from 2013 to the present), and chapters on bots, leaks, and trolls.
\n\nThe central questions of this thesis are whether Russian cyber capabilities reflect an investment in offensive or defensive cyber weapons and whether Russia's cyber technology, doctrine, and policy indicate an offensive or defensive cyber posture. The discussion of Russian cyber capability includes several case studies of Russian cyber activity.
\nDefense Intelligence Agency, Russian Military Power, June 2017. Unclassified.
\nOne section of this study addresses Russian cyber activities, including cyber-enabled psychological operations (including the use of hacktivists, trolls, and bots) and information defense.
\nCentral Intelligence Agency, Foreign Computer Capabilities, September 25, 1969. Secret.
\nThis document provided a brief assessment of foreign computer capabilities of the USSR and Eastern Europe, France, West Germany, Japan, Israel, India, the United Arab Republic, Communist China, and Sweden.
\n"}}}, {"id":"elem-Bx3AhmpK","key":"Element","value":{"_id":"elem-Bx3AhmpK","_rev":"15-94d2a386a394b2892640d3bca6ff2264","type":"Element","created_at":"2018-06-08T14:56:42.099Z","updated_at":"2018-06-22T16:11:08.790Z","attributes":{"label":"Operation Hellsing","element type":"Event","operation target":["Organization"],"operation layer":["Logical"],"operation effect":["Enabling/Espionage"]}}}, {"id":"elem-CbL26eL7","key":"Element","value":{"_id":"elem-CbL26eL7","_rev":"15-38c31cbe662a2cb497ba9b4e963df980","type":"Element","created_at":"2017-08-01T16:49:07.106Z","updated_at":"2018-06-01T19:56:32.892Z","attributes":{"label":"","element type":"Actor"}}}, {"id":"elem-CbWdoBKa","key":"Element","value":{"_id":"elem-CbWdoBKa","_rev":"3-a7df556b06efc724632f4afeeb3cf35d","type":"Element","created_at":"2017-07-17T16:05:59.382Z","updated_at":"2017-07-17T17:11:11.345Z","attributes":{"label":"FIN4","element type":"Actor"}}}, {"id":"elem-DcOJF7Nf","key":"Element","value":{"_id":"elem-DcOJF7Nf","_rev":"6-52c55e334789e992fdaf8ba42277fae0","type":"Element","created_at":"2018-06-07T20:46:59.474Z","updated_at":"2018-06-21T18:55:25.705Z","attributes":{"label":"Woolen Goldfish","element type":"Event"}}}, {"id":"elem-E9GL2puT","key":"Element","value":{"_id":"elem-E9GL2puT","_rev":"27-c4c10dc538b9a96f1b369efc15b81004","type":"Element","created_at":"2018-06-08T14:43:26.712Z","updated_at":"2018-07-02T17:43:13.079Z","attributes":{"label":"Anthem Medical Data Breach","element type":"Event","integration":"Independent Operation","documents":"","(yyyymmdd) begin":"20140218","(yyyymmdd) end":"20150120","(yyyymmdd) report":"20150127","operation target":["Organization","Critical Infrastructure"],"operation layer":["Logical"],"operation effect":["Enabling/Espionage"]}}}, {"id":"elem-EJ3RIQjl","key":"Element","value":{"_id":"elem-EJ3RIQjl","_rev":"14-b39b6bf1988bc6b26880c77d220458c0","type":"Element","created_at":"2017-08-01T17:32:45.616Z","updated_at":"2018-06-21T18:55:10.604Z","attributes":{"label":"European Election Interference Campaigns","element type":"Event","documents":"
In his testimony before the Senate Select Committee on Intelligence, Sarts presents case-study research conducted at the NATO Strategic Communications Centre of Excellence on the tools used by Russia in conducting influence operations and Western responses before making a series of policy recommendations.
"}}}, {"id":"elem-EOezxKtc","key":"Element","value":{"_id":"elem-EOezxKtc","_rev":"2-1774e68dd3482957f83d9109de784950","type":"Element","created_at":"2018-06-08T14:19:42.662Z","updated_at":"2018-06-08T14:20:26.161Z","attributes":{"label":"People's Liberation Army","element type":"Government Entity"}}}, {"id":"elem-EgfqvrXz","key":"Element","value":{"_id":"elem-EgfqvrXz","_rev":"8-278b852f231f191ac7771b951cd6c267","type":"Element","created_at":"2017-07-18T15:34:54.957Z","updated_at":"2018-06-15T17:27:21.724Z","attributes":{"label":"Japan","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/633883ac-de9c-468e-860a-b801e66cf01c.png","documents":"
Central Intelligence Agency, Foreign Computer Capabilities, September 25, 1969. Secret.
\nThis document provided a brief assessment of foreign computer capabilities of the USSR and Eastern Europe, France, West Germany, Japan, Israel, India, the United Arab Republic, Communist China, and Sweden.
\n"}}}, {"id":"elem-EiP6XFi2","key":"Element","value":{"_id":"elem-EiP6XFi2","_rev":"3-613f8e9d3a2102c1474719532e1aca54","type":"Element","created_at":"2018-07-02T18:17:08.161Z","updated_at":"2019-01-11T17:03:21.070Z","attributes":{"label":"Bureau 121","element type":"Government Entity"}}}, {"id":"elem-FIuguxhi","key":"Element","value":{"_id":"elem-FIuguxhi","_rev":"13-338edc4470de786a6d783a50ae85dc5c","type":"Element","created_at":"2018-06-15T18:55:35.977Z","updated_at":"2018-06-22T16:15:58.657Z","attributes":{"label":"Kaspersky Compromise","element type":"Event","operation target":["Organization"],"operation layer":["Logical"],"operation effect":["Enabling/Espionage"]}}}, {"id":"elem-FkKneSIa","key":"Element","value":{"_id":"elem-FkKneSIa","_rev":"13-81a01439e943496c1318bb0655aa6401","type":"Element","created_at":"2017-07-19T15:17:35.167Z","updated_at":"2018-06-21T14:48:46.851Z","attributes":{"label":"France","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/6af9dfe3-c15a-4bd4-8986-7bb47d930ecd.png","documents":"\n
This brief examination of French cyber security explores the \"information society in France,\" strategic national cyber security objectives, and the national organizational structure for cyber security and cyber defense (including military cyber defense and cyber components of cyber management).
\nPrime Minister, Republic of France. French National Digital Security Strategy, 2015. Unclassified.
\nThis strategy document focuses on five objectives associated with French national digital security strategy - including digital trust, education, commerce involving digital technology, and cyberspace stability.
\nCentral Intelligence Agency, Foreign Computer Capabilities, September 25, 1969. Secret.
\nThis document provided a brief assessment of foreign computer capabilities of the USSR and Eastern Europe, France, West Germany, Japan, Israel, India, the United Arab Republic, Communist China, and Sweden.
\n","coalitions":["European Union","NATO"]}}}, {"id":"elem-GNHM3AT5","key":"Element","value":{"_id":"elem-GNHM3AT5","_rev":"2-de3891c89e4d38c3ed65ddf5f14d6c11","type":"Element","created_at":"2018-07-23T15:42:25.995Z","updated_at":"2018-07-23T15:42:39.198Z","attributes":{"label":"OpOlympics","element type":"Event"}}}, {"id":"elem-H9qXF7XM","key":"Element","value":{"_id":"elem-H9qXF7XM","_rev":"8-89dc0500e2446c330cf8a0ef303c1e09","type":"Element","created_at":"2017-07-19T16:10:53.880Z","updated_at":"2018-06-15T17:27:25.541Z","attributes":{"label":"NSA","element type":"Government Entity","documents":"\n
The purpose of this heavily redacted operations order is to guide and direct \"the Department of Defense (DoD) and, as authorized, designated missions partners for cyberspace operations to secure, operate and defend the critical mission elements of the DoD Global Information Grid.\" It provides a concept of operations, and specifies tasks for the relevant DoD components - CYBERCOM headquarters, CYBERCOM service components (e.g. the U.S. Fleet Cyber Command), combatant commands, the military services, the National Security Agency, Defense Intelligence Agency, and other entities.
"}}}, {"id":"elem-HZY4Dp2V","key":"Element","value":{"_id":"elem-HZY4Dp2V","_rev":"22-eb12dc49e6243e4f7f2d6dc7e39a6704","type":"Element","created_at":"2018-06-21T18:14:04.248Z","updated_at":"2018-07-02T18:06:33.531Z","attributes":{"label":"Buckshot Yankee","element type":"Event","integration":"Independent","(yyyymmdd) begin":"20080000","(yyyymmdd) report":"20081119","documents":"Brian Knowlton, The New York Times, \"Military Computer Attack Confirmed,\" August 25 2010.
","operation effect":["Enabling/Espionage"],"operation layer":["Logical"],"operation target":["National Decision-Making and Execution"]}}}, {"id":"elem-Hr2a7nvR","key":"Element","value":{"_id":"elem-Hr2a7nvR","_rev":"3-8227445c0319c27537b454f86b8a58b3","type":"Element","created_at":"2018-07-09T16:58:30.474Z","updated_at":"2018-07-09T16:59:04.344Z","attributes":{"label":"Hamas","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/c5ea9cf0-9217-4c13-8d88-832ec0c8ec77.png","element type":"Nation"}}}, {"id":"elem-HzkrAyjq","key":"Element","value":{"_id":"elem-HzkrAyjq","_rev":"2-3c2d944a628ee336fa3f169dc9535854","type":"Element","created_at":"2017-08-01T16:58:48.398Z","updated_at":"2017-08-01T16:58:56.382Z","attributes":{"label":"CRASHOVERRIDE","element type":"Event"}}}, {"id":"elem-IQ7jwmta","key":"Element","value":{"_id":"elem-IQ7jwmta","_rev":"5-89b8b9ab172c858fbeebb311dcb5ccaa","type":"Element","created_at":"2018-06-08T15:53:19.958Z","updated_at":"2018-06-15T17:27:16.316Z","attributes":{"label":"APT2","element type":"Actor","a/k/a":"PLA Unit 61486, Putter Panda, TG-6952"}}}, {"id":"elem-IoytRHLw","key":"Element","value":{"_id":"elem-IoytRHLw","_rev":"12-1b7863c81f1485182c0e21afe590fb0e","type":"Element","created_at":"2017-08-29T17:05:43.432Z","updated_at":"2018-06-21T14:43:10.188Z","attributes":{"label":"United Kingdom","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/3e1a5a51-d4b0-4d55-a0cf-b5d30c14a4d7.png","documents":"\nThis document describes the United Kingdom's unclassified cyber security strategy, which focuses on four elements - defense, deterrence, research and development, and international action - and notes some of the actions in those areas.
\n\n\nThis parliamentary report followed a cyber attack on the telecommunications and internet provider TalkTalk, which resulted in the company taking down its consumer website. The report covers, inter alia, the cyber attack and response, consumer compensation and contracts, data protection in third party supplies, and tensions between the criminal investigation and potential victims.
\n\n","coalitions":["European Union","NATO"]}}}, {"id":"elem-J81lKdYY","key":"Element","value":{"_id":"elem-J81lKdYY","_rev":"8-f31704faac4bee0d602b401c63c92332","type":"Element","created_at":"2018-06-08T17:30:30.020Z","updated_at":"2018-06-21T14:49:47.398Z","attributes":{"label":"Turkey","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/19ef6b9e-7e1c-4057-98c8-af9e7041c20e.png","documents":"\n
This strategy document discusses the principles underlying the Turkish government's cyber security strategy, cyber security risks, and cyber security objectives and actions.
","coalitions":["NATO"]}}}, {"id":"elem-JIM4GABR","key":"Element","value":{"_id":"elem-JIM4GABR","_rev":"4-f011392c28b6a2fa766dde45b132274d","type":"Element","created_at":"2017-07-17T17:02:25.928Z","updated_at":"2018-06-21T17:48:49.710Z","attributes":{"label":"ISIS","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/d7a1ed67-a764-4f1e-9c32-f19033951e69.png"}}}, {"id":"elem-JW4qDHzq","key":"Element","value":{"_id":"elem-JW4qDHzq","_rev":"6-27f67b18d47571d253e1bcc96e6f52d9","type":"Element","created_at":"2018-06-08T14:26:29.679Z","updated_at":"2018-06-21T18:55:13.456Z","attributes":{"label":"Shady RAT","element type":"Event"}}}, {"id":"elem-JjeAt9DM","key":"Element","value":{"_id":"elem-JjeAt9DM","_rev":"29-ed17bada39fa7530a85f3681f389b8ab","type":"Element","created_at":"2017-07-13T15:22:33.124Z","updated_at":"2018-06-15T17:27:18.065Z","attributes":{"label":"APT3","documents":"In this presentation at the 2015 RSA Conference in Singapore, FireEye analyst Craig Hall explains typical corporate cyber defense strategies and how cyber threat actors have defeated these strategies.
","element type":"Actor","a/k/a":"UPS, Gothic Panda, TG-0110, Buckeye, Group 6, Boyusec - The Guangzhou Boyu Information Technology Company"}}}, {"id":"elem-KBXWF0iV","key":"Element","value":{"_id":"elem-KBXWF0iV","_rev":"14-6c56ee7e9b941be177d84129ff5f3cc0","type":"Element","created_at":"2017-07-13T15:22:50.494Z","updated_at":"2018-06-15T17:27:28.765Z","attributes":{"label":"APT5","documents":"
In this presentation at the 2015 RSA Conference in Singapore, FireEye analyst Craig Hall explains typical corporate cyber defense strategies and how cyber threat actors have defeated these strategies.
","element type":"Actor"}}}, {"id":"elem-KUfpgoOk","key":"Element","value":{"_id":"elem-KUfpgoOk","_rev":"6-d525a9d084976b303103b530b39de28a","type":"Element","created_at":"2018-06-08T14:33:49.976Z","updated_at":"2018-06-21T18:55:07.489Z","attributes":{"label":"Operation Double Tap","element type":"Event"}}}, {"id":"elem-L8huqJPm","key":"Element","value":{"_id":"elem-L8huqJPm","_rev":"2-ab4b0861468f505a7dcc8597513332e0","type":"Element","created_at":"2017-07-19T15:29:30.461Z","updated_at":"2017-07-19T15:46:22.087Z","attributes":{"label":"Dozer","element type":"Event"}}}, {"id":"elem-LGW6haKC","key":"Element","value":{"_id":"elem-LGW6haKC","_rev":"14-71ab4edaaef7139111bef272249b9d3b","type":"Element","created_at":"2018-06-07T21:00:19.836Z","updated_at":"2018-06-21T18:55:08.587Z","attributes":{"label":"Project Sauron","element type":"Event","a/k/a":"Strider"}}}, {"id":"elem-Lb7WwtzJ","key":"Element","value":{"_id":"elem-Lb7WwtzJ","_rev":"2-f318c6318d4218eda4b9f42f0f21cd0d","type":"Element","created_at":"2018-07-23T15:43:49.956Z","updated_at":"2018-07-23T15:44:00.990Z","attributes":{"label":"Bundestag Attack","element type":"Event"}}}, {"id":"elem-Lqi5jZDk","key":"Element","value":{"_id":"elem-Lqi5jZDk","_rev":"2-5c933323b49cb76e72b667efced50b49","type":"Element","created_at":"2017-07-19T15:31:58.660Z","updated_at":"2017-07-19T15:32:03.334Z","attributes":{"label":"Jokra","element type":"Event"}}}, {"id":"elem-MeXsTlP2","key":"Element","value":{"_id":"elem-MeXsTlP2","_rev":"3-c4485e43a82507466a08d484752c4f05","type":"Element","created_at":"2018-07-16T15:00:34.992Z","updated_at":"2018-07-16T15:01:04.891Z","attributes":{"label":"Cambodia","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/93d96936-19f8-43aa-aa1d-4217b8b898ff.png"}}}, {"id":"elem-Moh4y1rA","key":"Element","value":{"_id":"elem-Moh4y1rA","_rev":"13-fe8d1d678876247145020f526c98d849","type":"Element","created_at":"2018-06-08T16:34:02.374Z","updated_at":"2018-06-22T16:14:58.936Z","attributes":{"label":"Equation Group Breach","element type":"Event","operation target":["National Decision-Making and Execution"],"operation layer":["Logical"],"operation effect":["Enabling/Espionage"]}}}, {"id":"elem-NFWM4AD8","key":"Element","value":{"_id":"elem-NFWM4AD8","_rev":"11-f2a34b04939defd19713745af17f7ce9","type":"Element","created_at":"2017-08-01T17:05:53.669Z","updated_at":"2018-06-21T18:55:11.948Z","attributes":{"label":"Palmetto Fusion","element type":"Event","documents":""}}}, {"id":"elem-NJ78rCK1","key":"Element","value":{"_id":"elem-NJ78rCK1","_rev":"10-4f24502949a5ff7bd81b7e611acc7890","type":"Element","created_at":"2017-07-17T17:37:56.112Z","updated_at":"2018-06-15T17:27:20.180Z","attributes":{"label":"Ukraine","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/528f1006-eeb4-4769-8c2a-27f12e8fee9d.png","documents":"\nThis paper examines both the theoretical and practical underpinnings of the Russian approach to cyber warfare. It contains chapters on cyber as a subcomponent of information warfare, organizations and agencies, hacktivists and criminals, three case studies of Russian cyber operations (Estonia in 2007, Georgia in 2008, and the Ukraine from 2013 to the present), and chapters on bots, leaks, and trolls.
\nCentral Intelligence Agency, Foreign Computer Capabilities, September 25, 1969. Secret.
\nThis document provided a brief assessment of foreign computer capabilities of the USSR and Eastern Europe, France, West Germany, Japan, Israel, India, the United Arab Republic, Communist China, and Sweden.
\n"}}}, {"id":"elem-O3af14KH","key":"Element","value":{"_id":"elem-O3af14KH","_rev":"28-50604bb30f0b27e64d7b5c4bac808918","type":"Element","created_at":"2018-06-07T20:00:21.312Z","updated_at":"2018-07-02T17:43:59.163Z","attributes":{"label":"Bronze Soldier","element type":"Event","integration":"Independent Operation","(yyyymmdd) begin":"20070427","(yyyymmdd) end":"20070427","(yyyymmdd) report":"20070427","operation effect":["Disruption"],"operation layer":["Logical"],"operation target":["Organization","Critical Infrastructure","National Decision-Making and Execution"]}}}, {"id":"elem-OA0mMRrD","key":"Element","value":{"_id":"elem-OA0mMRrD","_rev":"2-fa930950a41345e1d44475a16daa9008","type":"Element","created_at":"2018-06-07T20:48:20.725Z","updated_at":"2018-06-07T20:48:50.179Z","attributes":{"label":"Unit 8200","element type":"Actor"}}}, {"id":"elem-P42P2cJS","key":"Element","value":{"_id":"elem-P42P2cJS","_rev":"14-d35f125543fe8a824ced786a6752cf10","type":"Element","created_at":"2017-07-17T17:15:32.852Z","updated_at":"2018-06-15T17:27:21.920Z","attributes":{"label":"Israel","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/99fcc810-d332-4eae-becd-dcc9d479cde0.png","documents":"
Deborah Housen-Couriel, National Cyber Security Organisation: Israel, May 2017. Unclassified.
\nThis study on Israeli cybersecurity organization discusses the digital society in Israel, strategic national cyber security objectives, and national organizational structure for cyber security and cyber defense.
\n\nThis website post describes the mission of the National Cyber Bureau, the background of its creation, and the bureau's activities.
\n\nThis translation of an Israeli government resolution concerning cyberspace capabilities and a National Cyber Bureau, states, inter alia, its mission, lists the Bureau's goals, specifies its organizational structure, and also contains an addendum on regulating responsibilities in dealing with the cyber field.
\nCentral Intelligence Agency, Foreign Computer Capabilities, September 25, 1969. Secret.
\nThis document provided a brief assessment of foreign computer capabilities of the USSR and Eastern Europe, France, West Germany, Japan, Israel, India, the United Arab Republic, Communist China, and Sweden.
\n"}}}, {"id":"elem-PKQGoY3n","key":"Element","value":{"_id":"elem-PKQGoY3n","_rev":"23-9eec1efa5294fe07e29b498f997a9e6e","type":"Element","created_at":"2017-07-13T15:23:06.290Z","updated_at":"2018-06-15T17:27:12.793Z","attributes":{"label":"APT17","element type":"Actor","documents":"","a/k/a":"Deputy Dog"}}}, {"id":"elem-PaTa6RVT","key":"Element","value":{"_id":"elem-PaTa6RVT","_rev":"9-88a9ee88c91f7618bc201c3ca721f085","type":"Element","created_at":"2017-08-01T17:20:48.809Z","updated_at":"2018-06-21T16:53:11.965Z","attributes":{"label":"FSB","element type":"Government Entity","documents":"
This indictment details the efforts of Russian Federal Security Service (FSB) officers and associated hackers to \"gain unauthorized access to the computers of companies [including Yahoo] providing webmail and internet-related services located in the Northern District of California and elsewhere, to maintain unauthorized access to those computers, and to steal information from those computers, including information regarding, and communications of, the providers' users.\"
These three pages are part of the controversial \"Trump Dossier,\" prepared by a former British intelligence officer. It discusses FSB (Russian Federal Security Service) recruitment, operations, targets, and cyber crime.
"}}}, {"id":"elem-Plo7ivZn","key":"Element","value":{"_id":"elem-Plo7ivZn","_rev":"3-0d014113fadda6c37393449080055d06","type":"Element","created_at":"2018-06-06T14:58:39.296Z","updated_at":"2018-06-07T18:31:51.247Z","attributes":{"label":"Tonto Team","element type":"Actor"}}}, {"id":"elem-QKlGpqSa","key":"Element","value":{"_id":"elem-QKlGpqSa","_rev":"8-e36caf8c68beaf572c0787a2ec0ab8e2","type":"Element","created_at":"2017-08-29T16:26:10.982Z","updated_at":"2018-06-15T17:27:21.252Z","attributes":{"label":"India","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/062b3b81-e034-4191-8a91-4aa7a937ef79.png","documents":"Central Intelligence Agency, Foreign Computer Capabilities, September 25, 1969. Secret.
\nThis document provided a brief assessment of foreign computer capabilities of the USSR and Eastern Europe, France, West Germany, Japan, Israel, India, the United Arab Republic, Communist China, and Sweden.
\n"}}}, {"id":"elem-QLHySTnW","key":"Element","value":{"_id":"elem-QLHySTnW","_rev":"9-4ffbe4b31f7591230bd12883279dca5b","type":"Element","created_at":"2018-06-11T16:48:09.268Z","updated_at":"2018-06-15T17:27:14.363Z","attributes":{"label":"TEMP.Periscope","element type":"Actor","a/k/a":"Leviathan","documents":""}}}, {"id":"elem-ReClk3VY","key":"Element","value":{"_id":"elem-ReClk3VY","_rev":"8-b4583089ef581152c6547c593a411472","type":"Element","created_at":"2017-07-19T15:46:06.207Z","updated_at":"2018-06-15T17:27:19.352Z","attributes":{"label":"Norway","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/4a3a6683-e88a-437b-9632-ff6da59a7f86.png","documents":"\n
This strategy document identifies security challenges and trends, roles and responsibilities of assorted ministries for cyber security, seven overarching goals and strategic priorities, responsibility for implementation, and economic and administrative implications.
\n"}}}, {"id":"elem-Rr3Nay7i","key":"Element","value":{"_id":"elem-Rr3Nay7i","_rev":"3-14b1db2cd8bc55f8902828cb6b2647f1","type":"Element","created_at":"2018-06-01T16:18:42.555Z","updated_at":"2018-06-08T16:17:35.428Z","attributes":{"label":"USSOCOM","element type":"Government Entity"}}}, {"id":"elem-RzsVu6f0","key":"Element","value":{"_id":"elem-RzsVu6f0","_rev":"8-e80cf236688745c295af62d3cc8575aa","type":"Element","created_at":"2018-06-08T17:25:46.292Z","updated_at":"2018-06-21T14:49:50.615Z","attributes":{"label":"Croatia","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/2a21d9b3-4863-45c3-aeb0-9b82b5257f5c.png","documents":"
Republic of Croatia, The National Cyber Security Strategy of Croatia, October 7, 2015. Unclassified.
This strategy document discusses basic principles, general goals of the strategy, cooperation among cyber security stakeholders, cyber security areas, the interrelation between cyber security areas, and the implementation of the strategy.
","coalitions":["NATO"]}}}, {"id":"elem-S4Df4RyF","key":"Element","value":{"_id":"elem-S4Df4RyF","_rev":"8-90ee9ed8bd962c306853e51a68a024d8","type":"Element","created_at":"2018-06-21T18:20:02.440Z","updated_at":"2018-07-03T16:41:23.625Z","attributes":{"label":"Operation Cupcake","element type":"Event","documents":"Public Intelligence, \"Al-Qaeda Magazine is Cupcake Recipe Book\", July 12 2010.
"}}}, {"id":"elem-SWBBZKzA","key":"Element","value":{"_id":"elem-SWBBZKzA","_rev":"17-8e998db2b046ef2e0411f2bd47a24611","type":"Element","created_at":"2017-07-13T18:37:04.363Z","updated_at":"2018-06-21T18:55:11.554Z","attributes":{"label":"Operation Clandestine Fox","element type":"Event","documents":"In this presentation at the 2015 RSA Conference in Singapore, FireEye analyst Craig Hall explains typical corporate cyber defense strategies and how cyber threat actors have defeated these strategies.
"}}}, {"id":"elem-SwH655gu","key":"Element","value":{"_id":"elem-SwH655gu","_rev":"2-929fb76ad107bfb8e350a2f4bdf1b1e0","type":"Element","created_at":"2017-07-18T15:45:31.658Z","updated_at":"2017-07-18T15:45:33.640Z","attributes":{"label":"US Infrastructure","element type":"Target"}}}, {"id":"elem-TZNRA34y","key":"Element","value":{"_id":"elem-TZNRA34y","_rev":"2-58c27cb3a6041da8db5c840a78f72685","type":"Element","created_at":"2018-06-08T16:34:44.722Z","updated_at":"2018-06-08T16:34:55.662Z","attributes":{"label":"Shadow Brokers","element type":"Actor"}}}, {"id":"elem-TuerNoHK","key":"Element","value":{"_id":"elem-TuerNoHK","_rev":"10-a92a986cfb069f22243a46ea65da84e2","type":"Element","created_at":"2017-08-01T19:03:57.607Z","updated_at":"2018-06-21T18:55:26.150Z","attributes":{"label":"Operation Troy","element type":"Event"}}}, {"id":"elem-U7Qcj5mg","key":"Element","value":{"_id":"elem-U7Qcj5mg","_rev":"3-6ef671f5f15a662c30f6dfb92d8fce11","type":"Element","created_at":"2018-06-21T16:48:56.217Z","updated_at":"2018-07-16T15:33:10.356Z","attributes":{"label":"GRU","element type":"Government Entity","documents":"
United States District Court for the District of Columbia, \"US v Viktor Borisovich Netyksho, et al - Indictment\", July 13 2018. Unclassified.
This document indicts 12 Russian intelligence officers for operations against DCCC computer networks to interfere in the 2016 election.
This study focuses on three topics - China's cyber background and related challenges, China's cyber strategy and its main objectives (via the examination of three key documents), and China's strategic cyber governance - both civilian and military.
\n\n\nIn their joint statement, the DNI, Under Secretary Defense for Intelligence, and the Director of NSA/Commander, U.S. Cyber Command discuss a variety of consequences of cyber threats - physical, commercial, psychological consequences - as cyber policy, diplomacy, and warfare. In addition, the statement discusses a number of cyber threat actors - nation states (Russia, China, North Korea, Iran), terrorists, and criminals - and responses to cyber threats.
\n\n\nThe major focus of this thesis is the attempt to answer the question \"what does China's cyber behavior tell us about the role of economic interdependence in U.S-China relations?\" Three key chapters address U.S.-China economic interdependence, Chinese cyber-enabled economic espionage, and whether China can \"rise peacefully.\"
\n\n\nThis study, prepared for the U.S.-China Economic and Security Review Commission, focuses largely on Chinese computer network exploitation (CNE) as a strategic intelligence collection tool. It examines Chinese CNE operations strategy and operations during conflict, key entities in Chinese computer network operations, cyber-espionage, an operational profile of an advanced cyber intrusion, and a chronology of alleged Chinese computer network exploitation events.
\n\n\nThis report, prepared for the U.S.-China Economic and Security Review Commission, focuses on six topics: information warfare strategy, Chinese use of network warfare against the United States, key entities and institutions supporting Chinese computer network operations (the Third and Fourth Departments of the Peoples Liberation Army's General Staff Department), potential risks to the U.S. telecommunications supply chain, the comparison between criminal and state-sponsored network exploitation, and the risks and reality of collaboration between U.S. and Chinese information security firms.
\n\n\nThis research paper examines the growth of Chinese cyber capabilities - including those for offensive, defensive, and computer network exploitation operations. It also compares China's capacity and potential in cyberspace to United States efforts with regard to cybersecurity. In addition, the author suggests a number of steps to improve U.S. cybersecurity policy.
\n\nCentral Intelligence Agency, Foreign Computer Capabilities, September 25, 1969. Secret.
\nThis document provided a brief assessment of foreign computer capabilities of the USSR and Eastern Europe, France, West Germany, Japan, Israel, India, the United Arab Republic, Communist China, and Sweden.
\n\n\nThis report, by a private organization, examines the role of several Chinese organizations - including the Third Department of the PLA General Staff Department, its Second Bureau, and its Beijing North Computing Center - in cyber operations. It also explores a number of possible reactions - including deception, an international code of conduct, an Asian cyber defense alliance, and what the report terms a \"forceful response.\"
\n\n\nThis strategy document specifies opportunities and challenges, basic principles (\"peace,\" \"sovereignty,\" \"shared governance\"), strategic goals (including promoting \"fair internet governance\"), and a nine-component plan of action - whose components include international cooperation on cyber terrorism and cyber crimes, partnership in cyberspace, and the sharing of the digital dividends from the digital economy).
\n"}}}, {"id":"elem-ViSpQGIZ","key":"Element","value":{"_id":"elem-ViSpQGIZ","_rev":"8-a056a8ba80f80a3cedc07ca9d9f4f31e","type":"Element","created_at":"2017-08-29T15:49:41.750Z","updated_at":"2018-06-01T19:56:54.594Z","attributes":{"label":"Operation Flame","element type":"Event"}}}, {"id":"elem-Vu4pV11M","key":"Element","value":{"_id":"elem-Vu4pV11M","_rev":"20-cda31ec47ce56386e17cb1f9ebe67f5b","type":"Element","created_at":"2018-06-06T14:55:55.766Z","updated_at":"2018-06-22T16:52:35.701Z","attributes":{"label":"US-North Korea Peace Talks Espionage","element type":"Event","documents":"","operation layer":["Logical"],"operation effect":["Enabling/Espionage"]}}}, {"id":"elem-WdZGWi7v","key":"Element","value":{"_id":"elem-WdZGWi7v","_rev":"3-1379520ee18a3f8cbc2aee3b6d257218","type":"Element","created_at":"2018-06-18T13:51:57.793Z","updated_at":"2018-06-18T13:53:09.802Z","attributes":{"label":"Mongolia","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/c962975f-e9b8-4c59-82f4-30ff32edf241.png"}}}, {"id":"elem-X4btB8FQ","key":"Element","value":{"_id":"elem-X4btB8FQ","_rev":"10-d32d7c0f63fc7462c9485c3d4525afbb","type":"Element","created_at":"2018-06-19T16:22:40.748Z","updated_at":"2018-06-21T18:55:08.833Z","attributes":{"label":"Olympic Destroyer","element type":"Event","documents":" ","a/k/a":"Gold Dragon"}}}, {"id":"elem-XKBJXHsT","key":"Element","value":{"_id":"elem-XKBJXHsT","_rev":"10-ae4b7f0f0a3d69afda2f4e4d4116aa7b","type":"Element","created_at":"2018-06-07T20:50:06.473Z","updated_at":"2018-06-22T15:26:08.430Z","attributes":{"label":"Duqu 2.0","element type":"Event"}}}, {"id":"elem-XNeN6veQ","key":"Element","value":{"_id":"elem-XNeN6veQ","_rev":"12-1512b0298547dff9f9ba91d35034126a","type":"Element","created_at":"2018-06-08T14:29:00.411Z","updated_at":"2018-06-21T18:55:07.135Z","attributes":{"label":"Operation Clandestine Wolf","element type":"Event","documents":"
In this presentation at the 2015 RSA Conference in Singapore, FireEye analyst Craig Hall explains typical corporate cyber defense strategies and how cyber threat actors have defeated these strategies.
"}}}, {"id":"elem-Y6JGrmjT","key":"Element","value":{"_id":"elem-Y6JGrmjT","_rev":"2-d5aa3438acb3849b31737e0d86785eb0","type":"Element","created_at":"2017-07-17T18:03:14.946Z","updated_at":"2017-07-17T18:03:55.981Z","attributes":{"label":"Wall Street","element type":"Business/Business network"}}}, {"id":"elem-YB54tKFC","key":"Element","value":{"_id":"elem-YB54tKFC","_rev":"18-3e5125f55cb408a7ccc42998aa7c99b1","type":"Element","created_at":"2017-07-19T15:21:37.164Z","updated_at":"2018-06-21T18:55:19.208Z","attributes":{"label":"Shamoon","element type":"Event","documents":"
These talking points, prepared for the NSA director's meeting with the head of the United Kingdom's Government Communications Headquarters, includes a section devoted to Iranian cyber attacks on U.S. financial institutions and Saudi Aramco.
"}}}, {"id":"elem-Yc9BXeyQ","key":"Element","value":{"_id":"elem-Yc9BXeyQ","_rev":"8-6063c2019e130a6a8dc66f15dc117b14","type":"Element","created_at":"2017-08-10T16:55:46.685Z","updated_at":"2018-06-15T17:27:28.333Z","attributes":{"label":"JTF ARES","element type":"Actor","documents":"
The unit established by this order, the subject of an article in the Washington Post, was assigned the mission of developing malware and other cyber-tools in order to escalate operations to damage and destroy ISIS networks, computers, and mobile phones.
This document outlines the cyber mission to counter ISIL.
"}}}, {"id":"elem-YjM2U8KL","key":"Element","value":{"_id":"elem-YjM2U8KL","_rev":"2-e9efbf937dba43be559139e0d2e892c0","type":"Element","created_at":"2017-07-19T15:36:39.933Z","updated_at":"2017-07-19T15:36:44.617Z","attributes":{"label":"WhoamI","element type":"Event"}}}, {"id":"elem-ZC4iTUD7","key":"Element","value":{"_id":"elem-ZC4iTUD7","_rev":"6-3b27c8b13e158f1e61d03f81c29f980a","type":"Element","created_at":"2018-06-07T18:10:53.907Z","updated_at":"2018-06-15T17:27:34.343Z","attributes":{"label":"Bluenoroff","element type":"Actor","documents":"Kaspersky Lab, Lazarus Under the Hood, 2017. Not classified.
This report focuses on a group (Lazarus) whose cyber activities go back at least to 2009, and whose malware has been discovered in a number of serious cyber attacks (including the 2014 intrusion into the Sony Pictures computer system in 2014 and a 2013 cyber espionage campaign in South Korea). It reports on the results of the lab's forensic investigations in two geographically dispersed banks.
","summary":"Bluenoroff is a spinoff organization from the Lazarus group focusing on banks and financial institutions."}}}, {"id":"elem-a3DyCqbO","key":"Element","value":{"_id":"elem-a3DyCqbO","_rev":"24-3a5ccd361c6d0d6fb552fc8b95b468b7","type":"Element","created_at":"2018-06-11T18:54:07.948Z","updated_at":"2018-06-22T16:13:40.298Z","attributes":{"label":"Triton/Trisis","element type":"Event","documents":"Dragos, \"TRISIS Malware: Analysis of Safety System Targeted Malware\"
","operation target":["Critical Infrastructure"],"operation layer":["Physical","Logical"],"operation effect":["Disruption"],"intermediate target":[],"intermediate effect":[]}}}, {"id":"elem-a6kAwBSJ","key":"Element","value":{"_id":"elem-a6kAwBSJ","_rev":"8-1eeb3d7a2c8c5ebc3c3a71cd469e3ec3","type":"Element","created_at":"2017-08-29T17:16:58.291Z","updated_at":"2018-06-15T19:40:49.519Z","attributes":{"label":"EU","element type":"International Organization","documents":"\nThis 86-page report contains key chapters on cyber threat intelligence, a variety of cyber threats (including botnets, phishing, denial of service, identity theft, and cyber espionage), threat agents, and attack vectors. It also offers conclusions with regard to policy, commercial activity, and future research.
"}}}, {"id":"elem-aED2Ar6h","key":"Element","value":{"_id":"elem-aED2Ar6h","_rev":"2-f04e5abcb5b801dbd36c6e79a6472a3d","type":"Element","created_at":"2017-07-17T18:01:30.059Z","updated_at":"2017-07-17T18:01:37.516Z","attributes":{"label":"Night Dragon","element type":"Event"}}}, {"id":"elem-aX4qGsKN","key":"Element","value":{"_id":"elem-aX4qGsKN","_rev":"2-f06b141108244e019851d4462b590e3b","type":"Element","created_at":"2017-07-18T15:45:46.874Z","updated_at":"2017-07-18T15:45:49.265Z","attributes":{"label":"US Military","element type":"Target"}}}, {"id":"elem-bgILYpSx","key":"Element","value":{"_id":"elem-bgILYpSx","_rev":"24-0bec5a32b71128e53e8c3f4a8d6fc265","type":"Element","created_at":"2017-07-13T15:22:55.531Z","updated_at":"2018-06-15T17:27:14.152Z","attributes":{"label":"APT12","element type":"Actor","documents":"","a/k/a":"IXESHE, Numbered Panda"}}}, {"id":"elem-bnUwgyiI","key":"Element","value":{"_id":"elem-bnUwgyiI","_rev":"2-6e8e777424b496057f54226049dcbac3","type":"Element","created_at":"2018-06-08T14:27:33.237Z","updated_at":"2018-06-08T14:27:40.120Z","attributes":{"label":"Ministry of State Security","element type":"Government Entity"}}}, {"id":"elem-byjggK0p","key":"Element","value":{"_id":"elem-byjggK0p","_rev":"3-1dd773dd0f01f1f059535d67f49a1dd3","type":"Element","created_at":"2018-06-27T15:18:03.396Z","updated_at":"2018-06-27T15:23:49.287Z","attributes":{"label":"RedAlpha Campaigns","element type":"Event","documents":""}}}, {"id":"elem-cF2Ra1GU","key":"Element","value":{"_id":"elem-cF2Ra1GU","_rev":"11-222d072fcccc84366d3e14c2c13fccc2","type":"Element","created_at":"2018-06-07T19:38:27.320Z","updated_at":"2018-06-22T16:10:40.551Z","attributes":{"label":"stopgeorgia.ru","element type":"Event","operation target":["Organization","Critical Infrastructure"],"operation layer":["Logical"],"operation effect":["Disruption"]}}}, {"id":"elem-csTKjjHI","key":"Element","value":{"_id":"elem-csTKjjHI","_rev":"2-90869b3f36a16af8e16196552f8c01fc","type":"Element","created_at":"2018-07-16T17:26:22.377Z","updated_at":"2018-07-16T17:27:45.850Z","attributes":{"label":"Steel Plant Attack","element type":"Event"}}}, {"id":"elem-dUe0Ya4l","key":"Element","value":{"_id":"elem-dUe0Ya4l","_rev":"2-bdd27eb4adf8b26cfb2c6a2485922608","type":"Element","created_at":"2017-07-17T18:50:54.742Z","updated_at":"2017-07-17T18:51:04.082Z","attributes":{"label":"Australia","element type":"Nation"}}}, {"id":"elem-dhXFGbSQ","key":"Element","value":{"_id":"elem-dhXFGbSQ","_rev":"18-30d0359b190db0bde904886b02c18bbf","type":"Element","created_at":"2018-05-30T18:35:09.218Z","updated_at":"2018-06-22T15:26:08.431Z","attributes":{"label":"VPNFilter Botnet","element type":"Event"}}}, {"id":"elem-e1TvqMAq","key":"Element","value":{"_id":"elem-e1TvqMAq","_rev":"2-adc4e1ee430f262987b90fc7607e790b","type":"Element","created_at":"2018-07-02T17:33:11.944Z","updated_at":"2018-07-02T17:33:34.720Z","attributes":{"label":"Titan Rain","element type":"Event"}}}, {"id":"elem-eDRruzpF","key":"Element","value":{"_id":"elem-eDRruzpF","_rev":"6-07b7e2ce0f170fdc6c34a1a26b238bf7","type":"Element","created_at":"2017-07-17T18:54:19.022Z","updated_at":"2018-06-15T17:27:11.976Z","attributes":{"label":"APT33","element type":"Actor","a/k/a":"Charming Kitten"}}}, {"id":"elem-eStJap10","key":"Element","value":{"_id":"elem-eStJap10","_rev":"2-ad67f11f239cdd7fd2fb4a01e87403fa","type":"Element","created_at":"2018-07-23T15:39:34.746Z","updated_at":"2018-07-23T15:39:43.156Z","attributes":{"label":"Operation Pawn Storm","element type":"Event"}}}, {"id":"elem-efxv7Ujm","key":"Element","value":{"_id":"elem-efxv7Ujm","_rev":"22-5d5baa237f9626e94f5ab2fe741175f0","type":"Element","created_at":"2017-07-13T15:23:26.933Z","updated_at":"2019-08-14T19:15:10.885Z","attributes":{"label":"APT28","documents":"United States District Court for the District of Columbia, \"US v Viktor Borisovich Netyksho, et al - Indictment\", July 13 2018. Unclassified.
This document indicts 12 Russian intelligence officers for operations against DCCC computer networks to interfere in the 2016 election.
This report is a greatly expanded version of the GRIZZLY STEPPE analysis released in late December 2016, and focuses on the use of the Cyber Kill Chain model (whose components are reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on the objective) to analyze malicious cyber activity.
","element type":"Actor","a/k/a":"APT28, Fancy Bear, Pawn Storm"}}}, {"id":"elem-fAs95VRc","key":"Element","value":{"_id":"elem-fAs95VRc","_rev":"8-961df9def314bda1368a1df18e7d191e","type":"Element","created_at":"2017-08-01T17:57:31.480Z","updated_at":"2018-06-15T17:27:20.617Z","attributes":{"label":"Qatar","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/6e29d883-511f-4c3c-a20a-eb23fac8cede.png","documents":"Qatari Government, Qatar National Cyber Security Strategy, May 2014, Unclassified.
\nThis document outlines Qatar's approach to cybersecurity and gives the government's action and implementation plan through 2018.
\n"}}}, {"id":"elem-fBiwGiwz","key":"Element","value":{"_id":"elem-fBiwGiwz","_rev":"17-7d2b6cd7e7336572807557886a71183d","type":"Element","created_at":"2017-08-01T18:02:06.272Z","updated_at":"2018-06-21T14:48:32.237Z","attributes":{"label":"Germany","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/05b30e6b-25f8-4b1f-aff4-e74ae8988c28.png","documents":"\n
This document examines the current exposure of various elements of German information technology to attack, different attack methods and means, federal government exposure, and the issue of protecting critical infrastructure. It concludes with an overall assessment and summary.
\n\nThis report, by the Federal Republic of Germany's internal security service, discusses risks to the modern information society, Germany as a target of espionage, methods of attack, attacks on trade and industry, cyber-sabotage directed at national critical infrastructures, and the National Cyber Response Center.
\nFederal Ministry of the Interior, Cyber Security Strategy for Germany, February 2011. Unclassified.
\nThis public description of Germany's cyber security strategy includes an information technology threat assessment, a description of the basic principles of the strategy, a statement of strategic objectives and measures, and a discussion of 'sustainable implementation.'
\nCentral Intelligence Agency, Foreign Computer Capabilities, September 25, 1969. Secret.
\nThis document provided a brief assessment of foreign computer capabilities of the USSR and Eastern Europe, France, West Germany, Japan, Israel, India, the United Arab Republic, Communist China, and Sweden.
\n\nThis wide-ranging report, issued by the German internal security service, includes a discussion (on pp. 20-32) of \"electronic attacks,\" which \"come primarily from China and Russia,\" -although in 2015 a number of attacks were thought to come from Iranian sources.
\n","coalitions":["European Union","NATO"]}}}, {"id":"elem-fGn1S7I8","key":"Element","value":{"_id":"elem-fGn1S7I8","_rev":"3-5cdc9285424b536574c529d68cba94ae","type":"Element","created_at":"2018-06-07T20:05:21.106Z","updated_at":"2019-01-11T17:02:24.969Z","attributes":{"label":"GCHQ","element type":"Government Entity"}}}, {"id":"elem-fhusYzgk","key":"Element","value":{"_id":"elem-fhusYzgk","_rev":"3-ce0b462a8d7212880d9dca5bfae70bb9","type":"Element","created_at":"2018-06-01T15:29:53.475Z","updated_at":"2018-06-07T17:27:31.278Z","attributes":{"label":"Syria","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/117cba5c-2172-46a7-b072-6c774c1e572a.png"}}}, {"id":"elem-gMh8T6PP","key":"Element","value":{"_id":"elem-gMh8T6PP","_rev":"16-8a2b8df57ec2e61cff0843bb51e0f027","type":"Element","created_at":"2017-07-17T16:58:45.969Z","updated_at":"2018-06-21T14:43:29.796Z","attributes":{"label":"United States","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/5254229c-8d9b-4223-8c4f-f009ca6c648e.png","documents":"\n
The Consolidated Appropriations Act of 2016 required the State Department to report on its activities taken in support of the President's International Strategy for Cyberspace. This report concerns, inter alia, the Department's efforts with regard to the digital economy, international security, promotion of cyber due diligence, combating cybercrime, Internet freedom, and the mainstreaming of cyber issues in the Department of State.
","coalitions":["NATO"]}}}, {"id":"elem-gUtILBXh","key":"Element","value":{"_id":"elem-gUtILBXh","_rev":"4-f6ccb23357a7279d76da622c469a4bc0","type":"Element","created_at":"2018-06-28T18:36:56.016Z","updated_at":"2018-06-28T18:40:18.088Z","attributes":{"label":"APT37","element type":"Actor","a/k/a":"Reaper, Scarcruft, Group123","documents":"Fireeye, \"APT37 (Reaper): The Overlooked North Korean Actor,\" 2018.
"}}}, {"id":"elem-gbCA8xT6","key":"Element","value":{"_id":"elem-gbCA8xT6","_rev":"11-4013d6ddec44a19ac276f9735903ce32","type":"Element","created_at":"2017-07-13T18:42:59.344Z","updated_at":"2018-06-15T17:27:17.206Z","attributes":{"label":"APT10","element type":"Actor","documents":"","a/k/a":"Stone Panda, menuPass"}}}, {"id":"elem-ggalqSQo","key":"Element","value":{"_id":"elem-ggalqSQo","_rev":"13-05cfb910936e75f478e16163bf6e18de","type":"Element","created_at":"2017-07-18T15:32:08.434Z","updated_at":"2018-06-15T17:27:13.912Z","attributes":{"label":"Lazarus Group","element type":"Actor","a/k/a":"Hidden Cobra, Dark Seoul","documents":"Kaspersky Lab, Lazarus Under the Hood, 2017. Not classified.
This report focuses on a group (Lazarus) whose cyber activities go back at least to 2009, and whose malware has been discovered in a number of serious cyber attacks (including the 2014 intrusion into the Sony Pictures computer system in 2014 and a 2013 cyber espionage campaign in South Korea). It reports on the results of the lab's forensic investigations in two geographically dispersed banks.
"}}}, {"id":"elem-gs14YJ2B","key":"Element","value":{"_id":"elem-gs14YJ2B","_rev":"13-91743039fccc1f6fc1fc982da0b5c9a5","type":"Element","created_at":"2018-06-08T16:12:50.935Z","updated_at":"2018-06-21T18:55:10.071Z","attributes":{"label":"Operation KE3CHANG","element type":"Event","documents":""}}}, {"id":"elem-hB9mz00K","key":"Element","value":{"_id":"elem-hB9mz00K","_rev":"8-44abe27e9fecddff6aa7111f9c7a2f45","type":"Element","created_at":"2018-06-07T18:18:49.327Z","updated_at":"2018-06-21T18:55:06.442Z","attributes":{"label":"MYDOOM","element type":"Event"}}}, {"id":"elem-he8nunHk","key":"Element","value":{"_id":"elem-he8nunHk","_rev":"3-5f3c9d78cb6a2630f7988fe7e6f7556f","type":"Element","created_at":"2018-07-16T15:00:15.772Z","updated_at":"2018-07-16T15:03:20.216Z","attributes":{"label":"Operation Airbreak","element type":"Event","documents":""}}}, {"id":"elem-htDIvX8f","key":"Element","value":{"_id":"elem-htDIvX8f","_rev":"3-b607bf344c381e89f9bc1ee55503aef6","type":"Element","created_at":"2017-07-18T15:44:25.354Z","updated_at":"2018-06-07T17:25:11.910Z","attributes":{"label":"Bangladesh","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/3f760c3f-ecce-4aeb-b2c2-7f561ac67e03.png"}}}, {"id":"elem-iFScQiAH","key":"Element","value":{"_id":"elem-iFScQiAH","_rev":"8-012772c1ed01c6cd989418287df31514","type":"Element","created_at":"2017-07-19T18:42:30.423Z","updated_at":"2018-06-15T17:27:17.632Z","attributes":{"label":"Equation Group","element type":"Actor","a/k/a":"Tailored Access Operations, Lamberts, Longhorn","documents":"Kaspersky Lab, Equation Group Questions and Answers v1.5, February 2015
"}}}, {"id":"elem-iJN6ko2M","key":"Element","value":{"_id":"elem-iJN6ko2M","_rev":"29-7eee7e0bb3548a57fa066e06ffdb1a90","type":"Element","created_at":"2017-08-29T16:20:00.405Z","updated_at":"2018-07-02T17:42:09.159Z","attributes":{"label":"#OpIsrael","element type":"Event","documents":"This notification provides background and an alert to private industry concerning a possible hacktivist operation, lists defensive measures that can be taken, and provides information on reporting suspicious or criminal cyber activity.
","(yyyymmdd) begin":"20130407","(yyyymmdd) end":"20130407","(yyyymmdd) report":"20130327","operation effect":["Disruption"],"operation layer":["Logical"],"operation target":["Organization"]}}}, {"id":"elem-iZB18HCp","key":"Element","value":{"_id":"elem-iZB18HCp","_rev":"3-d7a6f89b27c5dcc98a5acc25f47c606a","type":"Element","created_at":"2017-08-01T17:56:56.582Z","updated_at":"2018-06-07T17:27:52.035Z","attributes":{"label":"United Arab Emirates","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/732bb077-8889-4dae-ae5b-bce20111cb7c.png"}}}, {"id":"elem-ippBiNeM","key":"Element","value":{"_id":"elem-ippBiNeM","_rev":"3-41c6e3868fca491a38f99751f726e7ab","type":"Element","created_at":"2018-06-01T17:34:18.296Z","updated_at":"2018-06-08T16:17:29.303Z","attributes":{"label":"CIA","element type":"Government Entity"}}}, {"id":"elem-jHTdlgXd","key":"Element","value":{"_id":"elem-jHTdlgXd","_rev":"5-967f605e79ff1e9afe68122ca60c088c","type":"Element","created_at":"2018-06-07T20:43:53.782Z","updated_at":"2018-06-15T17:27:16.763Z","attributes":{"label":"CopyKittens","element type":"Actor","a/k/a":"Slayer Kitten"}}}, {"id":"elem-jgRpwM5b","key":"Element","value":{"_id":"elem-jgRpwM5b","_rev":"2-c2e704e4bb79a207af7ef7d2c5a5717e","type":"Element","created_at":"2018-06-07T20:46:27.568Z","updated_at":"2018-06-07T20:46:34.478Z","attributes":{"label":"Rocket Kitten","element type":"Actor"}}}, {"id":"elem-jixLXvnD","key":"Element","value":{"_id":"elem-jixLXvnD","_rev":"12-9cb8ad597fb128d141d0573f07456b7a","type":"Element","created_at":"2018-06-07T20:53:10.145Z","updated_at":"2018-07-03T16:41:41.791Z","attributes":{"label":"Operation Socialist","element type":"Event","operation target":["Organization","Critical Infrastructure"],"operation effect":["Enabling/Espionage"],"operation layer":["Logical"]}}}, {"id":"elem-jmijG3Qt","key":"Element","value":{"_id":"elem-jmijG3Qt","_rev":"11-e0ae29a61b13053ac29a47c54724d851","type":"Element","created_at":"2017-07-19T15:53:39.135Z","updated_at":"2018-06-15T17:27:26.277Z","attributes":{"label":"Qassam Cyber Fighters","element type":"Actor","documents":"
This document is the legal instrument employed to indict a group of Iranian hackers on three counts. The indictment focuses on distributed denial of service attacks on the U.S. financial sector as well as cyber intrusion into the supervisory control and data acquisition system of a dam in upstate New York.
This Justice Department press release announces the indictment of seven Iranians charged with engaging in hacking activities under the auspices of the Iran's Revolutionary Guard Corps. Those activities were alleged to be targeted against U.S. financial institutions as well as, in the case of one of the indicted, the supervisory control and data acquisition (SCADA) systems of an upstate New York dam.
"}}}, {"id":"elem-jnKKF70M","key":"Element","value":{"_id":"elem-jnKKF70M","_rev":"2-4b58582fd02e397d6e90176a587d7049","type":"Element","created_at":"2017-07-19T15:32:53.118Z","updated_at":"2017-07-19T15:32:57.421Z","attributes":{"label":"Castov","element type":"Event"}}}, {"id":"elem-jsGGyF8Y","key":"Element","value":{"_id":"elem-jsGGyF8Y","_rev":"20-f662b8ba53beb363cce833e1edf0900e","type":"Element","created_at":"2017-07-13T15:23:41.509Z","updated_at":"2018-06-15T17:27:14.942Z","attributes":{"label":"APT30","documents":"Threat Connect, Camera Shy: Closing the Aperture on China's Unit 78020, 2015. Not classified.
This private sector study of a Chinese cyber intelligence unit examines the techniques employed, targets throughout Southeast Asia, and the unit's focus on the South China Sea, \"where China's increasingly aggressive assertion of its territorial claims has been accompanied by high-tempo intelligence gathering.\"
In this presentation at the 2015 RSA Conference in Singapore, FireEye analyst Craig Hall explains typical corporate cyber defense strategies and how cyber threat actors have defeated these strategies.
","element type":"Actor","a/k/a":"Naikon, PLA Unit 78020"}}}, {"id":"elem-jvNAGCMh","key":"Element","value":{"_id":"elem-jvNAGCMh","_rev":"20-e7cb8642c2aa5bc96707d079dbb08b34","type":"Element","created_at":"2017-07-13T15:23:37.303Z","updated_at":"2019-08-14T19:15:04.134Z","attributes":{"label":"APT29","documents":"United States District Court for the District of Columbia, \"US v Viktor Borisovich Netyksho, et al - Indictment\", July 13 2018. Unclassified.
This document indicts 12 Russian intelligence officers for operations against DCCC computer networks to interfere in the 2016 election.
This report is a greatly expanded version of the GRIZZLY STEPPE analysis released in late December 2016, and focuses on the use of the Cyber Kill Chain model (whose components are reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on the objective) to analyze malicious cyber activity.
","element type":"Actor","a/k/a":"Cozy Bear"}}}, {"id":"elem-jxO9b8uY","key":"Element","value":{"_id":"elem-jxO9b8uY","_rev":"11-1f2117afcec2a12e3038bc9e64df9a63","type":"Element","created_at":"2017-07-19T15:46:09.463Z","updated_at":"2018-06-21T14:45:35.606Z","attributes":{"label":"Denmark","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/a99aca2b-8866-48d4-8aa6-01aadde54d6d.png","documents":"Government of Denmark, The cyber threat against Denmark, February 2017. Unclassified.
\nThis annual report notes differing threat levels to Denmark from different forms of cyber action – from low (cyber terrorism) to very high (cyber espionage and cyber crime). It also discusses the range of cyber threats, their components, and their perpetrators, and includes a number of recommendations.
\n\nThis 86-page report contains key chapters on cyber threat intelligence, a variety of cyber threats (including botnets, phishing, denial of service, identity theft, and cyber espionage), threat agents, and attack vectors. It also offers conclusions with regard to policy, commercial activity, and future research.
\n","coalitions":["European Union","NATO"]}}}, {"id":"elem-k8CW93td","key":"Element","value":{"_id":"elem-k8CW93td","_rev":"2-25b946de04b8d65b0e28f92aaf7c1f61","type":"Element","created_at":"2018-06-15T19:40:55.343Z","updated_at":"2018-06-15T19:41:35.004Z","attributes":{"label":"UN","element type":"International Organization"}}}, {"id":"elem-khhjWQqO","key":"Element","value":{"_id":"elem-khhjWQqO","_rev":"4-d93a62340abbc1b26139c1ff2b39c714","type":"Element","created_at":"2017-07-17T17:36:58.012Z","updated_at":"2017-07-17T18:39:55.175Z","attributes":{"label":"Google","element type":"Target"}}}, {"id":"elem-l8HmcVY3","key":"Element","value":{"_id":"elem-l8HmcVY3","_rev":"18-404676f08881ccbeadd3c9acad1e1ce7","type":"Element","created_at":"2018-06-07T20:38:50.966Z","updated_at":"2018-07-02T18:14:44.679Z","attributes":{"label":"Operation Cleaver","element type":"Event","date begin":"","(yyyymmdd) report":"20141202","documents":"
Cylance, \"Operation Cleaver\"
","operation effect":["Enabling/Espionage"],"operation layer":["Logical"],"operation target":["Organization","Critical Infrastructure","National Decision-Making and Execution"]}}}, {"id":"elem-lGfJBgDp","key":"Element","value":{"_id":"elem-lGfJBgDp","_rev":"19-2358efc9a7715ff9ad728c4a403639bd","type":"Element","created_at":"2017-07-17T17:16:48.380Z","updated_at":"2018-06-22T15:26:08.432Z","attributes":{"label":"WannaCry","element type":"Event","documents":"This FBI report provides a summary and technical details with regard to the WannaCry ransomware campaign. It also recommends steps for prevention and remediation.
In her testimony, Ms. Ravich discusses the evolving cyberspace battlefield, state adversaries (including China and North Korea), and offers policy recommendations.
"}}}, {"id":"elem-lq4BWIUv","key":"Element","value":{"_id":"elem-lq4BWIUv","_rev":"12-979eec28de219fb9fd562f0f5271b328","type":"Element","created_at":"2017-07-17T17:17:12.168Z","updated_at":"2018-06-22T15:26:06.367Z","attributes":{"label":"Petya/NotPetya 2017","element type":"Event"}}}, {"id":"elem-lxScj2Y9","key":"Element","value":{"_id":"elem-lxScj2Y9","_rev":"3-94c5a93034d27e177fe0de6d3f3f9dfe","type":"Element","created_at":"2017-07-19T15:34:34.361Z","updated_at":"2017-07-19T15:48:08.086Z","attributes":{"label":"CyberBerkut","element type":"Actor"}}}, {"id":"elem-mvQvAjJW","key":"Element","value":{"_id":"elem-mvQvAjJW","_rev":"3-3f3d293ccdcf64e1f5058c5d02f9853b","type":"Element","created_at":"2017-07-19T15:16:39.465Z","updated_at":"2018-06-07T17:23:54.118Z","attributes":{"label":"South Korea","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/8e983d3e-172f-4e0a-880f-6d1d95ef33ab.png"}}}, {"id":"elem-nZggkKPq","key":"Element","value":{"_id":"elem-nZggkKPq","_rev":"3-cd971252cf63d54ad0ceab77cddb6636","type":"Element","created_at":"2018-06-18T17:33:10.010Z","updated_at":"2018-06-18T17:34:52.466Z","attributes":{"label":"Chile","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/5117f8fc-bf57-44b7-ad0f-2b08297684fb.png"}}}, {"id":"elem-nbCkedIu","key":"Element","value":{"_id":"elem-nbCkedIu","_rev":"39-637475adcf9602111be219d10d692c3f","type":"Element","created_at":"2017-07-13T18:52:12.245Z","updated_at":"2018-07-16T15:18:27.965Z","attributes":{"label":"Grizzly Steppe","element type":"Event","documents":"
United States District Court for the District of Columbia, \"US v Viktor Borisovich Netyksho, et al - Indictment\", July 13 2018. Unclassified.
This document indicts 12 Russian intelligence officers for operations against DCCC computer networks to interfere in the 2016 election.
This report is a greatly expanded version of the GRIZZLY STEPPE analysis released in late December 2016, and focuses on the use of the Cyber Kill Chain model (whose components are reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on the objective) to analyze malicious cyber activity.
This reports presents the information that the U.S. government is willing to make public concerning the \"the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sectors entities.\"
","operation effect":["Enabling/Espionage"],"operation layer":["Logical"],"operation target":["Organization"]}}}, {"id":"elem-nyFMT0tf","key":"Element","value":{"_id":"elem-nyFMT0tf","_rev":"15-e3920a10b0364f820b13db3c0d88a9d0","type":"Element","created_at":"2017-07-19T15:37:34.561Z","updated_at":"2018-06-22T16:16:44.743Z","attributes":{"label":"TV5Monde","element type":"Event","operation target":["Organization"],"operation layer":["Logical"],"operation effect":["Disruption"]}}}, {"id":"elem-oeqpzByj","key":"Element","value":{"_id":"elem-oeqpzByj","_rev":"15-38861cf4e4ca3ce0b612567f84d76d8c","type":"Element","created_at":"2017-07-13T15:23:15.211Z","updated_at":"2018-06-15T17:27:18.274Z","attributes":{"label":"APT18","element type":"Actor","documents":"","a/k/a":"Wekby, Dynamite Panda"}}}, {"id":"elem-p7efzyXP","key":"Element","value":{"_id":"elem-p7efzyXP","_rev":"7-67b61fdc2d9aafd81503f9ec30d21b25","type":"Element","created_at":"2018-06-07T20:43:36.042Z","updated_at":"2018-06-21T18:55:11.741Z","attributes":{"label":"Wilted Tulip","element type":"Event"}}}, {"id":"elem-pOH3cdSb","key":"Element","value":{"_id":"elem-pOH3cdSb","_rev":"37-926d863af166a6c8bd4f9d9656c1a64c","type":"Element","created_at":"2017-07-19T15:35:38.326Z","updated_at":"2018-06-22T16:11:56.890Z","attributes":{"label":"Sony Hack","element type":"Event","a/k/a":"Operation Blockbuster","documents":"
A Breakdown and Analysis of the December, 2014 Sony Hack, December 5 2014, RBS
Operation Blockbuster: Unraveling the Long Thread of the Sony Attack, Novetta
","operation target":["Organization"],"operation layer":["Logical"],"operation effect":["Enabling/Espionage"]}}}, {"id":"elem-q9ZyfQfM","key":"Element","value":{"_id":"elem-q9ZyfQfM","_rev":"10-1c05fd0dc589ee604d971067861e6535","type":"Element","created_at":"2018-06-07T20:47:14.258Z","updated_at":"2018-06-21T18:55:06.248Z","attributes":{"label":"Thamar Reservoir","element type":"Event"}}}, {"id":"elem-qNByeJ8h","key":"Element","value":{"_id":"elem-qNByeJ8h","_rev":"14-ee1279930546e0c70bd8667dff1add43","type":"Element","created_at":"2017-08-01T17:07:31.080Z","updated_at":"2018-06-15T17:27:12.991Z","attributes":{"label":"Energetic Bear","element type":"Actor","a/k/a":"DragonFly, Koala, Iron Liberty","documents":"
NY Times: Russian Hackers Targeting Oil and Gas Companies, By Nicole Perlroth June 30, 2014
Symantec White Paper: Emerging Threat: Dragonfly / Energetic Bear – APT Group
"}}}, {"id":"elem-qOFF2zJ4","key":"Element","value":{"_id":"elem-qOFF2zJ4","_rev":"24-51560ffdb7630b87739ab24412d5a4db","type":"Element","created_at":"2017-07-17T17:12:33.348Z","updated_at":"2018-06-15T17:27:19.768Z","attributes":{"label":"Iran","element type":"Nation","image":"https://s3.amazonaws.com/cloud.kumu.io/accounts/38286/49040/0a853c61-4bc9-4460-beb8-b539d9a9c3eb.png","documents":"\nIn their joint statement, the DNI, Under Secretary Defense for Intelligence, and the Director of NSA/Commander, U.S. Cyber Command discuss a variety of consequences of cyber threats - physical, commercial, psychological consequences - as cyber policy, diplomacy, and warfare. In addition, the statement discusses a number of cyber threat actors - nation states (Russia, China, North Korea, Iran), terrorists, and criminals - and responses to cyber threats.
\n\n\n\n\nSubstantial attention has been devoted to Chinese cyberwarfare activities in the reports of private and government organizations as well as in Congressional hearings. While Iranian cyber activities were noted in the 2012 testimony of Director of National Intelligence James Clapper, who characterized them as \"dramatically increasing in recent years in depth and complexity,\" they have received less attention that those of the People's Republic of China. These hearings, before a subcommittee of the House Committee on Homeland Security, involve assessments of the Iranian cyber threat by two Congressmen and representatives of two private organizations.
\n\nThese talking points, prepared for the NSA director's meeting with the head of the United Kingdom's Government Communications Headquarters, includes a section devoted to Iranian cyber attacks on U.S. financial institutions and Saudi Aramco.
\n\nThis recently unsealed indictment charges two Iranian nationals with stealing software from an engineering company specializing in projectiles and aerodynamics analysis for resale to individuals related to Iranian universities, military, and government in direct violation of US sanctions and \"defense article\" licensing.
\n\nThis thesis is part of a Naval Postgraduate School project to assess the utility of open sources for assessing the computer network operations threat from foreign countries - in this case Iran. Among the topics covered are academic computer network activity, government activity, and computer network attack/exploitation activity.
\n\nThis flash alert warns that Iran-based cyber actors are using US private networks to launch attacks against rivals in the Middle East.
\n"}}}, {"id":"elem-qTa48az5","key":"Element","value":{"_id":"elem-qTa48az5","_rev":"2-cca4191f6ab7daf14282d737013c0d6d","type":"Element","created_at":"2018-07-23T15:43:02.458Z","updated_at":"2018-07-23T15:43:10.038Z","attributes":{"label":"EFF Attack","element type":"Event"}}}, {"id":"elem-qVw6UYFa","key":"Element","value":{"_id":"elem-qVw6UYFa","_rev":"6-b94f96e778079d958ede388818813cfb","type":"Element","created_at":"2018-07-09T16:59:32.109Z","updated_at":"2018-07-09T17:00:23.111Z","attributes":{"label":"Operation Broken Heart","element type":"Event","integration":"Independent","operation effect":["Enabling/Espionage"],"operation layer":["Logical","Human"],"operation target":["National Decision-Making and Execution"]}}}, {"id":"elem-r8VRpjA5","key":"Element","value":{"_id":"elem-r8VRpjA5","_rev":"47-6a79e071026205320da3e6f8535adc3c","type":"Element","created_at":"2017-07-13T15:22:02.298Z","updated_at":"2018-06-15T17:27:16.058Z","attributes":{"label":"APT1","documents":"
Mandiant, APT 1: Exposing One of China's Cyber Espionage Units, February 2013. Not classified.
As a result of its investigation into computer security breaches around the world, Mandiant identified 20 groups designated Advanced Persistent Threat (APT) groups. The focus of this report is APT 1 - which the report concludes is the People Liberation Army's Unit 61398 - the military unit cover designator for the 2nd Bureau of the Third Department of the PLA General Staff Department (also discussed in Document 79). The key elements of the report are the discussions of tasking to the unit, its past espionage operations, attack lifecycle, and the unit's infrastructure and personnel.
","element type":"Actor","a/k/a":"PLA Unit 61398, Comment Crew, Comment Panda, TG-8223, BrownFox, Group 3, GIF89a, ShadyRAT, Shanghai Group, Byzantine Candor"}}}, {"id":"elem-rNd27rzD","key":"Element","value":{"_id":"elem-rNd27rzD","_rev":"1-8d2ad57257a5aaa7c28145e70f039fc4","type":"Element","created_at":"2017-07-17T18:10:34.558Z","updated_at":"2017-07-17T18:10:34.558Z","attributes":{"label":"Financial Institutions"}}}, {"id":"elem-rVwhEa3a","key":"Element","value":{"_id":"elem-rVwhEa3a","_rev":"15-c1422bc9d7580133a39e7873580c45c1","type":"Element","created_at":"2017-07-13T15:23:45.773Z","updated_at":"2018-06-15T17:27:15.170Z","attributes":{"label":"APT32","documents":"","element type":"Actor","a/k/a":"OceanLotus"}}}, {"id":"elem-rpdutfZJ","key":"Element","value":{"_id":"elem-rpdutfZJ","_rev":"17-728aa8604ceb9a4fb52978b871901539","type":"Element","created_at":"2018-06-21T18:16:30.990Z","updated_at":"2018-06-22T15:26:08.434Z","attributes":{"label":"Dyn","element type":"Event","a/k/a":"Mirai"}}}, {"id":"elem-s0Cu0ky2","key":"Element","value":{"_id":"elem-s0Cu0ky2","_rev":"18-d01386f7d7f7725cc36ed8231409f5e4","type":"Element","created_at":"2018-06-01T15:32:33.507Z","updated_at":"2018-07-03T16:38:03.090Z","attributes":{"label":"Internet Shutdown","element type":"Event","(yyyymmdd) begin":"20141217","(yyyymmdd) report":"20141222","operation effect":["Disruption"],"operation layer":["Physical","Logical"],"operation target":["Critical Infrastructure"]}}}, {"id":"elem-s8YRnMB5","key":"Element","value":{"_id":"elem-s8YRnMB5","_rev":"5-a6e70e151660a16a44a8002fb9c5c818","type":"Element","created_at":"2018-06-18T13:28:51.940Z","updated_at":"2018-06-18T13:51:37.479Z","attributes":{"label":"APT27","element type":"Actor","a/k/a":"EmissaryPanda, IronPanda, LuckyMouse","documents":"Chris Bing, Cyberscoop, \"This Chinese hacking group pwned a bunch of Mongolian government sites,\" June 15 2018 "}}},
{"id":"elem-sIjRePZK","key":"Element","value":{"_id":"elem-sIjRePZK","_rev":"29-19b7e7bd5596075d01ed59aa2f197a34","type":"Element","created_at":"2017-08-01T17:04:13.680Z","updated_at":"2018-06-22T16:15:29.726Z","attributes":{"label":"Ukrainian Infrastructure Attacks","element type":"Event","documents":" Dragos, ELECTRUM, June 7 2018. Not classified. Dragos, CRASHOVERRIDE: Analyzing the Threat to Electric Grid Operations, June 2017. Not classified. This report informs the electric sector and security community of the potential implications of malware that was employed to attack the Kiev transmission substation in December 2016. This report was intended to be a lessons-learned study from the cyber attack on the Ukranian power grid, and provides specific mitigation concepts for power system Supervisory Control and Data Acquisition defense. The focus of this alert is the series of outages suffered by Ukrainian power companies in late December 2015. The report provides an account of the events and mitigation activities, as well as recommendations for detection of possible Black Energy malware. Michael Connell and Sarah Vogler, Center for Naval Analysis, Russia's Approach to Cyber Warfare, March 2017. Unclassified. Central Intelligence Agency, Foreign Computer Capabilities, September 25, 1969. Secret. This document provided a brief assessment of foreign computer capabilities of the USSR and Eastern Europe, France, West Germany, Japan, Israel, India, the United Arab Republic, Communist China, and Sweden. Colin Clarke, \"How Hezbollah Came to Dominate Information Warfare,\" September 19 2017. Substantial attention has been devoted to Chinese cyberwarfare activities in the reports of private and government organizations as well as in Congressional hearings. While Iranian cyber activities were noted in the 2012 testimony of Director of National Intelligence James Clapper, who characterized them as \"dramatically increasing in recent years in depth and complexity,\" they have received less attention that those of the People's Republic of China. These hearings, before a subcommittee of the House Committee on Homeland Security, involve assessments of the Iranian cyber threat by two Congressmen and representatives of two private organizations. Kaspersky Lab, The Slingshot APT, March 6 2018 This document is the legal instrument employed to indict a group of Iranian hackers on three counts. The indictment focuses on distributed denial of service attacks on the U.S. financial sector as well as cyber intrusion into the supervisory control and data acquisition system of a dam in upstate New York. This Justice Department press release announces the indictment of seven Iranians charged with engaging in hacking activities under the auspices of the Iran's Revolutionary Guard Corps. Those activities were alleged to be targeted against U.S. financial institutions as well as, in the case of one of the indicted, the supervisory control and data acquisition (SCADA) systems of an upstate New York dam. This document discusses the role of cybersecurity in Canada's digital economy, the current threat environment, the fundamentals of cybersecurity, basic questions about cybersecurity, and the monitoring and measuring of progress. This document outlines the objectives and structure of Poland's cyber security sector and includes a short description of Poland's digital society. In this testimony Lt.-Gen Nakasone gives an update on the US Army's progress in operationalizing cyberspace. He describes the integration of electronic warfare and cyber warfare to create CEMA teams, the creation of active and reserve Cyber Mission Force teams, training efforts at the US Army Cyber Center of Excellence (CyberCoE), the building of a new Army Cyber Headquarters facility in Fort Gordon, Georgia, and partnerships designed to leverage emerging technologies. Department of Defense, The DOD Cyber Strategy, April 17, 2015. Unclassified. The two main components of this strategy document are the identification of five strategic goals (including establishing forces and capabilities to conduct cyberspace operations and the ability to defend against disruptive or destructive cyber attacks) and the implementation objectives associated with the strategic goals. Kaspersky Lab, Lazarus Under the Hood, 2017. Not classified. This report focuses on a group (Lazarus) whose cyber activities go back at least to 2009, and whose malware has been discovered in a number of serious cyber attacks (including the 2014 intrusion into the Sony Pictures computer system in 2014 and a 2013 cyber espionage campaign in South Korea). It reports on the results of the lab's forensic investigations in two geographically dispersed banks.
This paper examines both the theoretical and practical underpinnings of the Russian approach to cyber warfare. It contains chapters on cyber as a subcomponent of information warfare, organizations and agencies, hacktivists and criminals, three case studies of Russian cyber operations (Estonia in 2007, Georgia in 2008, and the Ukraine from 2013 to the present), and chapters on bots, leaks, and trolls.