Weekly Current Source Sweep Tracker
The weekly sweep supports a focused documentation update rather than a whole-corpus rewrite. The live queue already identified cyber/APT/state actors as the active control lane. The current source pass found a fresh FBI/CISA Russia source update dated June 26, 2026 and enough official/allied source coverage to packetize the Russia state-cyber lane.
UNCLASSIFIED//OPEN SOURCE
Tracker ID: WI-TRACKER-WEEKLY-SOURCE-SWEEP-2026-0001
Prepared UTC: 2026-06-28T08:22:00Z
Information cutoff UTC: 2026-06-28T08:22:00Z
Source base: WARLOCK-INDEX all-topic current source sweep tracker; cyber nation-state actor/APT source tracker; source freshness dashboard tracker; defensive cyber source register; FBI Cyber hub and alerts; IC3/FBI/CISA Russian Intelligence Services commercial messaging application public service announcements dated 2026-03-20 and 2026-06-26; FBI GRU 29155 Cyber Actors wanted page; DOJ Operation MEDUSA / Snake disruption release; UK NCSC Star Blizzard advisory; CISA, NSA, Treasury/OFAC, State/RFJ, and allied cyber-center source routes.
Analytic confidence: High for the weekly queue state and captured FBI, IC3, DOJ, and UK NCSC source identities. Moderate for full current-event coverage because CISA, NSA, Treasury/OFAC, State/RFJ, foreign-language, dynamic, social-platform, and non-indexed official routes require additional page-level refreshes.
Purpose: Record the weekly WARLOCK-INDEX source-gathering sweep and assimilation decision so hosted documentation reflects a dated refresh path rather than ad hoc browsing.
Boundary: Source sweep and documentation queue only. This tracker does not provide operational guidance, targeting, vulnerability exploitation, phishing examples, sanctions compliance advice, investigative direction, incident-response playbooks, maritime routing, force readiness scoring, or policy recommendations.
Bottom Line
The weekly sweep supports a focused documentation update rather than a whole-corpus rewrite. The live queue already identified cyber/APT/state actors as the active control lane. The current source pass found a fresh FBI/CISA Russia source update dated June 26, 2026 and enough official/allied source coverage to packetize the Russia state-cyber lane.
Result: WARLOCK-INDEX now has a Russia state-cyber source packet anchored in FBI/IC3/CISA public warnings, FBI GRU 29155 wanted/reward routing, DOJ Operation MEDUSA / Snake disruption source treatment, and UK NCSC Star Blizzard allied-warning source treatment. The next weekly source-gathering work should move to Iran and DPRK cyber packets, then the allied cyber-center crosswalk and commercial/research source-class rule.
Weekly Sweep Matrix
| Topic lane | Current source families checked | Sweep result | Assimilation action |
|---|---|---|---|
| Russia state cyber | FBI Cyber hub and alerts; IC3/FBI/CISA March and June 2026 PSAs; FBI GRU 29155 wanted page; DOJ Operation MEDUSA / Snake release; UK NCSC Star Blizzard advisory; CISA/NSA/Treasury/State source routes | Sufficient official/allied source base to move Russia from queued to packetized. CISA advisory pages remain access-caveated for exact page metadata. | Added Russia state-cyber source packet and updated cyber trackers, indexes, coverage, and source registers. |
| PRC cyber / advisory metadata | Existing PRC APT/Typhoon label crosswalk; CISA/NSA/FBI route family | No broader rewrite needed. PRC label control remains complete, with only page-level metadata refresh still queued. | Keep PRC advisory metadata refresh behind Russia completion and do not reopen alias normalization. |
| Iran cyber | FBI Iran overview route; CISA/NSA/FBI advisories; DOJ; Treasury/OFAC; State/RFJ; DHS/CISA ICS routes; allied/regional sources | Still queued. No new packet created in this sweep. | Next source packet should separate government-sponsored, IRGC-linked, hacktivist, ransomware-enabling, election/influence, and ICS/critical-infrastructure lanes. |
| DPRK cyber-finance / IT-worker | FBI/IC3; CISA/NSA/FBI advisories; DOJ; Treasury/OFAC; State/RFJ; UN; ROK/Japan/allied cyber-center routes | Still queued. FBI alerts show DPRK IT-worker legal/source activity remains current, but this pass stayed on Russia as the top advertised queue item. | Follow Iran with DPRK cyber-finance and IT-worker packet, keeping financial, sanctions, and technical boundaries tight. |
| Allied cyber-center crosswalk | UK NCSC Star Blizzard advisory; Canada Cyber Centre; ASD/ACSC; New Zealand NCSC; NATO/EU routes | UK NCSC Russia advisory captured as an allied-warning anchor. Broader crosswalk remains open. | Build allied cyber-center crosswalk after actor packets or when alias normalization pressure returns. |
| Homeland / official threat sources | FBI Cyber; IC3; DHS/CISA route family | FBI/CISA Russia PSA reinforces current official cyber source cadence; no homeland assessment rewrite required. | Keep homeland official-source refresh queued after cyber actor packets. |
| Europe / Russia posture | NATO/allied posture routes; Ukraine-support routes; Russian issuer routes | This sweep did not find a reason to change Europe/Russia posture assessments. | Keep NATO/Europe force-presence and Ukraine-support refresh separate from Russia cyber source packet. |
| Defensive cyber source freshness | Defensive cyber source lane packet; source freshness dashboard; CISA/NSA/FBI route families | Defensive cyber remains a weekly watch lane. | Update source freshness and defensive cyber register dates to reflect this sweep. |
Captured Source Updates
| Date | Source | Class | Weekly use | Caveat |
|---|---|---|---|---|
| 2026-06-26 | IC3/FBI/CISA PSA on Russian Intelligence Services and commercial messaging applications | Class A | Current update that triggered Russia cyber packetization | Extract source metadata and high-level actor/audience category only |
| 2026-03-20 | IC3/FBI/CISA baseline PSA on Russian Intelligence Services and commercial messaging application accounts | Class A | Baseline for the June update and source-family continuity | Do not copy phishing examples or account-takeover mechanics |
| Accessed 2026-06-28 | FBI GRU 29155 Cyber Actors wanted page | Class A | Legal/reward source lane for GRU Unit 29155 | Keep named persons tied to public wanted/reward record only |
| 2023-05-09 / updated 2025-02-06 | DOJ Operation MEDUSA / Snake disruption release | Class A | FSB/Turla/Snake law-enforcement disruption source lane | Do not extract malware or remediation procedures |
| 2023-12-07 | UK NCSC Star Blizzard advisory | Class A allied | Allied-warning source lane for FSB Centre 18 / Star Blizzard | Do not copy MITRE/TTP detail or phishing procedure |
| Access-caveated 2026-06-28 | CISA Russian advisory routes | Class A route | Required follow-on for exact advisory metadata | Direct advisory fetch returned 403 in this pass |
Weekly Assimilation Decision
- Add the Russia state-cyber packet as the week-of-2026-06-28 hosted documentation update.
- Mark Russia state-cyber packetization complete in cyber control surfaces.
- Preserve the PRC APT/Typhoon label crosswalk as the PRC source-class anchor.
- Keep Iran and DPRK cyber packets as the next actor-specific source-gathering work.
- Keep CISA/NSA/FBI exact advisory metadata as a follow-on pass, not a blocker for safe source-class packetization.
Next 7-Day Queue
- Iran cyber packet: Build the source packet from FBI Iran, CISA/NSA/FBI, DOJ, Treasury/OFAC, State/RFJ, DHS/CISA ICS, allied, and regional official routes.
- DPRK cyber-finance and IT-worker packet: Capture FBI/IC3, DOJ, Treasury/OFAC, State/RFJ, UN, ROK, Japan, and allied routes without financial or technical procedure.
- Allied cyber-center crosswalk: Normalize UK, Canada, Australia, New Zealand, Japan, NATO, and EU source families before using allied actor labels across products.
- Commercial/research source-class rule: Admit nonofficial APT labels only with explicit source treatment and no alias laundering.
- Homeland official-source refresh: Return to DHS, FBI/IC3, DEA, CBP, DOJ/FBI, CISA, and critical-infrastructure products after actor packets.
Cross References
- Russia State Cyber Source Packet
- All-Topic Current Source Sweep Tracker
- Cyber Nation-State Actor And APT Source Tracker
- Source Freshness Dashboard Tracker
- Defensive Cyber Source Lane Packet
- Defensive Cyber And Space Source Register
- Official U.S. Intelligence And Law Enforcement Source Register
- Allied And Multilateral Source Register
- Coverage Map
- Global Actor-Domain Assimilation Matrix
Source Routes
- FBI, Cyber:
https://www.fbi.gov/investigate/cyber - FBI, Cyber Alerts:
https://www.fbi.gov/investigate/cyber/alerts - IC3 / FBI / CISA, 2026-06-26 PSA:
https://www.ic3.gov/PSA/2026/PSA260626 - IC3 / FBI / CISA, 2026-03-20 PSA:
https://www.ic3.gov/PSA/2026/PSA260320 - FBI, GRU 29155 Cyber Actors:
https://www.fbi.gov/wanted/cyber/gru-29155-cyber-actors - DOJ, Operation MEDUSA / Snake disruption:
https://www.justice.gov/archives/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled - UK NCSC, Star Blizzard advisory:
https://www.ncsc.gov.uk/news/star-blizzard-continues-spear-phishing-campaigns - CISA cybersecurity advisories:
https://www.cisa.gov/news-events/cybersecurity-advisories - NSA cybersecurity advisories and guidance:
https://www.nsa.gov/Press-Room/Cybersecurity-Advisories-Guidance/ - OFAC cyber-related sanctions:
https://ofac.treasury.gov/sanctions-programs-and-country-information/sanctions-related-to-significant-malicious-cyber-enabled-activities - State Rewards for Justice cyber route:
https://rewardsforjustice.net/rewards/foreign-malicious-cyber-activity-against-u-s-critical-infrastructure/