Tracer - Civil society organizations
Leveraging AI to Expose Cyberattacks and Disinformation Impacting Civil Society
Data Driven Accountability
We expose the harm of cyberattacks and manipulation of information.
We collect, process, and analyse structured and unstructured data through a combination of AI tools, manual processing and expert knowledge.
We deliver actionable data to judicial authorities, underserved organisations, storytellers and policy makers.
Key 
Numbers
Incidents
0
Incidents recorded since 2018
Incidents
0
alerts sent to our community
Incidents
0
attacks blocked
Analysis
0
number of data sources
Analysis
0
criterias of analysis applied
Analysis
0
analytical reports produced
Analysing cyber incidents…
Cyberattacks
Malware – Malicious software
These are pieces of code designed to damage, destroy or subvert computer systems.
Ransomware
Type of a malware that is used to encrypt a target’s data and/or systems to extort a ransom payment in return for decryption/preventing sale or public release of stolen data. We separated ransomware-related incidents from other malware infections because ransomware attacks have a distinctive and multifaceted impact.
DDoS – Distributed Denial of Service
Type of cyberattack technique to flood a network, service or server with excessive traffic to cause it to cease functioning normally. It is said to be distributed when the source of the attack is composed of a multitude of devices or systems.
Phishing
Type of cyberattack in which a threat actor impersonates a legitimate entity to attain sensitive information (e.g. usernames, passwords, or any other private information).
Spoofing
Type of cyberattack in which a threat actor impersonates a legitimate online source to deceive a target they are interacting with the legitimate entity, whereas the threat actor aims to obtain sensitive information, or conduct a subsequent cyberattack, through said interaction.
Identity theft
Type of cyberattack in which a threat actor impersonates an individual’s or entity’s digital identity to gain unauthorized access to online resources, systems, or data.
Code injection
Type of cyberattack in which a threat actor exploits a vulnerability in a system or application by injecting malicious code into it.
Supply chain
Type of cyberattack that targets an entity’s supply chain to compromise the security of its systems, exploiting vulnerabilities in the relationships between the main entity and its supply chain partners.
Social engineering
A type of cyberattack exploiting human psychology to obtain confidential information in order to access online resources and systems.
DNS tunneling
Type of cyberattack in which a threat actor exploits the DNS protocol, which is primarily used for translating human-readable domain names into IP addresses, to send and receive arbitrary data between users and servers.
IoT exploit
Type of cyberattack which exploits vulnerabilities of Internet of Things devices and networks connected to them.
Proliferation of harmful content
Disinformation
The deliberate spread of false information with the intent to mislead, manipulate, or deceive individuals or groups, often used to influence public opinion or create confusion.
AI generated harmful content
The creation and dissemination of harmful or malicious content (such as text, images, or videos) through artificial intelligence systems, often used to mislead, defraud, or manipulate individuals.
Information operations
Coordinated efforts, often involving disinformation, psychological manipulation, or other deceptive techniques, aimed at influencing or disrupting a target audience’s beliefs, behaviors, or decisions, often for political, strategic, or ideological purposes.
Hack and leak
Type of cyberattack which extracts confidential information, which is later used for political and/or ideological purposes.
Defacement
The illicit or unauthorized modification of the appearance and content of a target’s websites and/or web applications.
…to expose harm
Our human centric intelligence Cycle
we use AI to process DATA.
We have human to produce knowledge.
Data collection
manually, automatically or somewhere in between, we collect data from primary data sources, open sources and closed sources which when combined together gives us a more comprehensive understanding of the cyber risks faced by vulnerable communities.
Processing
using data pipelines we clean and normalize data and evaluate its relevance and reliability to transform it from its raw form to exploitable information usable for analysis. This step of our intelligence cycle requires close collaboration between our analysts and technical engineers.
Analysis
from data discovery, statistical analysis, Social Network Analysis to geotemporal analysis, we find hidden connections within large datasets. Using data visualization and analysis tools, including dashboards and graphical link analysis software, our analysts can connect information from disparate sources to find the answers to our research questions.
Disseminate
andShare
complex analysis must be accompanied by simple storytelling. Developing data-visualization platforms tailored to each research project and publishing clear reports and infographics allow us to communicate our findings with our community.
Feedback
we learn from every project we deliver on. Taking on feedback from our community, our governance bodies and our partners we strive to produce improved analytical products in the future.
Direction
every research project begins with the setting of clear intelligence requirements and the definition of research questions that need to be answered. This ensures our research stays within scope, respects ethical research principles and avoids mission creep.
Our AI powered 
analytical pipeline
Data Discovery
Our activity to identify relevant datasets
OSINT (Open-Source Intelligence)
Using the OBSINT framework, identifying reliable data sources and indicators of harm.
Partnership NegotiationSecuring access to privileged APIs and exclusive datasets.
Threat Intelligence Aggregation
Our processes to organise datasets
Threat Intelligence Aggregation
Collecting structured and unstructured data from diverse sources to track emerging threats.
Incident ReportingReceiving reports from NGOs about cyberattacks.
Social Media & Web ScrapingExtracting relevant threat intelligence signals.
Dark Web MonitoringHarvesting cyber threat data from forums and marketplaces.
Automated Data IngestionCollecting and structuring data from APIs and real-time sources.
Data Protection and security
Our processes to protect and secure data
Data Processing Mapping
Documenting the purpose and flow of data to comply with security and regulatory standards.
Data Weeding & SanitizationRemoving redundant, outdated, or erroneous information.
Chain of Evidence AssuranceImplementing forensic techniques to maintain data integrity for legal and investigative purposes.
Privacy & Compliance ControlsEnsuring adherence to GDPR and other relevant regulations
AI Powered Analytical Pipeline
Data normalization.
Named Entity Extraction based on provided schema
Semantic deduplication through embeddings stored in our vector store
Inclusion criteria through Prompt Engineering
Data Analysis
Our processes to organise datasets
Graph-Based Analysis
Mapping relationships between actors, threats, and vulnerabilities.
Data Dashboarding & VisualizationProviding real-time insights through interactive dashboards.
Threat Actor MappingProfiling adversaries based on tactics, techniques, and procedures (TTPs).
Vulnerability MappingIdentifying systemic weaknesses and their potential exploitation.
Behavioral & Trend AnalysisDetecting emerging cyber threats and disinformation patterns.
Data Processing
Our processes to transform data into intelligence
Entity & Indicator Extraction
Identifying key actors, threats, and cyberattack patterns from unstructured data.
Automated Entity NormalizationStandardizing extracted information for consistency.
Multimedia AnalysisUsing object, text, and speech recognition to process images, videos, and audio content.
Vectorization & EmbeddingTransforming textual and numerical data into machine-readable formats for AI analysis.
Anonymization & PseudonymizationProtecting sensitive data while maintaining analytical utility.
Our analytical Products
Access in-depth analytical cyber threat landscape reports, interactive platforms for real-time exploration of cyber threats, and collaborative investigations conducted with partner organizations.
Platforms
Tracer - Healthcare
Cyberattacks on healthcare are attacks on people.
Tracer - Ukraine
Monitoring the harm to civilians from cyberattacks, in the quest for cyberpeace.
Threat landscape analysis - Sectors
Global
Ransomware
Follow the Threat Actor
Playing with Lives
Cyberattacks on Healthcare are Attacks on People
Europe
APAC
Cyber Resilience for Financial Inclusion
Threat Landscape Report
From Vulnerability to Resilience
Cybersecurity Challenges for MSMEs in the APAC Region
Switzerland
Digital Resilience of Swiss Foundations
Threat Landscape and Recommendations
CyberPeace Analytical Report
NGOs serving Humanity at risk: Cyber Threats affecting "International Geneva"
Netherlands
Cyber Resilience for NGOs
A Collective Intelligence Effort
Threat landscape analysis - Conflicts
Cyber Dimensions of the Armed Conflict in Ukraine
The report combines analysis of data collected in the Cyber Attacks in Times of Conflict Platform #Ukraine and information gathered through OSINT research. The CyberPeace Institute invites you to read about the trends and emerging issues relating to cyber incidents taking place in Ukraine, the Russian Federation and other countries impacted by cyberattacks in the context of the armed conflict. Looking into the sectors affected, the types of cyber threats they face and the most active threat actors we provide a greater understanding of the cyber threat landscape. We also address the cyber dimensions of the conflict through an assessment of the impact and harm of cyberattacks on civilians and people and addresswider considerations relating to key events, economic and geopolitical activities.
Read our reports