We have put in place abuse filters that catch users when they create sleeper accounts. But we cannot conduct CU on those IPs used for actions that trigger these filters, because the filter actually prevent account creation (i.e. the log generated is not replicated in the CheckUser tables). The only way for our CUs to get the private details of the user who triggered these filters is if the local CUs hold the abusefilter-private right.
But that is currently not allowed in WMF, because accessing private information through AbuseFilter is not logged. Therefore, we should modify AbuseFilter to keep a log every time the private information is accessed.