CYBER CAMPAIGN/OPERATION 2026 | 2025 | 2024 | 2023 | 2022 | 2021 | 2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | ALL


A B C D E F G H I J K L M N O P Q R S T U V W X Y Z  0 #


DATE NAME INFO CATEGORY SUBCATE

2026

Operation DragonReturn Authors: Dixit Panchal & Soumen Burma Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Initial Mail: Email Attachment: Lure: Official GoI, Income Tax Document: Technical Analysis: Infrastructural Artefacts & Threat actor Attributions. Campaign Timeline. Conclusion:... OPERATION OPERATION
2026 Dismantling FortiBleed Inside a Russian Fortinet compromise operation. OPERATION OPERATION
2026 Operation FanTrap Operation FanTrap reveals FIFA 2026 fraud ecosystem with 4,000+ fake domains, phishing, streaming scams, and dark web-driven cybercrime activity. OPERATION OPERATION

2026

Operation Poisson Cato CTRL™ Threat Research: Operation Poisson – Analyzing a Cybercriminal’s Entire Operation OPERATION OPERATION

2026

Operation Highland

Velvet Ant’s Operation Highland: How a China-Nexus Actor Infiltrated an Internal Network Undetected

OPERATION

OPERATION

2026 Phantom Mantis Operation Phantom Mantis, initially known as ArmCorp, is a financially motivated threat group active since March 2025. The group conducts intrusions for extortion and is led by a Russian-speaking criminal tracked as LARVA-368. OPERATION OPERATION
2026 StegoAd Inside StegoAd: How We Disrupted a Massive Malicious Extension Campaign CAMPAIGN CAMPAIGN

2026

Photo ZIP campaign Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access CAMPAIGN CAMPAIGN

2026

FortiBleed FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure CAMPAIGN CAMPAIGN

2026

easy-day-js: Supply Chain Campaign easy-day-js: Supply Chain Campaign Targets Mastra npm Packages CAMPAIGN CAMPAIGN

2026

UNK_DeadDrop Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency CAMPAIGN CAMPAIGN
2026 Sniper’s Nest Sniper’s Nest: From Brand Impersonation to Browser Hijacking and CPA Fraud CAMPAIGN CAMPAIGN
2026 Atomic Arch Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malware CAMPAIGN CAMPAIGN

2026

Miasma Worm Campaign Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave CAMPAIGN CAMPAIGN
2026 Miasma credential-stealing campaign Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. CAMPAIGN CAMPAIGN
2026 GHOST STADIUM The GHOST STADIUM Score: Billions At Stake At The World’s Largest Football Tournament CAMPAIGN CAMPAIGN
2026 Game Over: WeedHack Game Over: WeedHack – The Rise of Minecraft Malware-as-a-Service Campaigns CAMPAIGN CAMPAIGN

2026

Operation FlutterBridge Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor OPERATION OPERATION
2026 Operation Dragon Weave Contents Introduction Key Targets Industries Affected Geographical focus Infection Chain Initial Findings Looking into the Decoy Document Technical Analysis Stage 1 – Initial Delivery Path A: LNK-Based Execution Path B: Executable-Based Delivery Stage 2 – Script-Based Dropper Chain Stage... OPERATION OPERATION
2026 Operation XENOFISCAL Authors: Dixit Panchal & Vaibhav Krushna Billade Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Analysis of Decoy: Technical Analysis: Stage 1: Analysis of LNK File. Stage 2: Analysis of HTA/JavaScript Payload Stage 3: Analysis... OPERATION OPERATION

2026

Nimbus Manticore Operations The Iranian, IRGC affiliated, threat actor Nimbus Manticore resurfaced during Operation Epic Fury, the US military campaign against Iran launched on February 28, 2026, demonstrating newly adopted techniques and enhanced capabilities. OPERATION OPERATIONS
2026 Operation Dragon Whistle Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Analysis of Decoys & Spear phishing Email: Technical Analysis: Stage1: Analysis of LNK File. Stage2: Analysis of VBS. Stage3: DLL Side Loading. Infrastructural Artefacts & Threat actor... OPERATION OPERATION
2026 Operation NoVoice Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices OPERATION OPERATION
2026 Operation GriefLure Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Analysis of Decoys: Technical Analysis: Campaign-1: Stage-1: Ho so.rar Campaign: 2 Stage-1: download.zip Stage-2: The LNK & Batch file (Common in 1 & 2 both) Stage-3: Analysis OPERATION OPERATION
2026 Operation Silent Rotor Operation Silent Rotor: Targeted Campaign Compromises Unmanned Aviation Sector Ahead of Moscow Summit Table of Content Introduction Key Targets Industries Affected Geographical focus Infection Chain Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Analysis of... OPERATION OPERATION
2026 Operation HumanitarianBait Cyble analyzes Operation HumanitarianBait, a stealthy espionage campaign using aid-themed lures to deploy a fileless Python infostealer. OPERATION OPERATION
2026 Iranian-Nexus Operation Iranian-Nexus Operation Against Oman's Government: 12 Ministries Hit and 26,000 Citizen Records Exposed OPERATION OPERATION
2026 Operation TrustTrap CRIL uncovered 16,800+ spoofed domains by analyzing URL trust abuse, cloud infra clustering, and human‑centric deception instead of technical exploits. OPERATION OPERATION
2026 Operation NoVoice Operation NoVoice: Rootkit Tells No Tales OPERATION OPERATION
2026 Operation TrueChaos Check Point Research identified a zero-day vulnerability in the TrueConf client application, tracked as CVE-2026-3502, with a CVSS score of 7.8. The flaw stems from the abuse of TrueConf’s updater validation mechanism, allowing an attacker who controls the on-premises TrueConf server to distribute and execute arbitrary files across all connected endpoints. OPERATION OPERATION
2026 Operation DualScript Operation DualScript – A Multi-Stage PowerShell Malware Campaign Targeting Cryptocurrency and Financial Activity Introduction During our investigation, we identified a multi-stage malware infection leveraging Scheduled Task persistence, VBScript launchers, and PowerShell-based execution. The attack operates through two parallel chains:... OPERATION OPERATION
2026 Multi-Tool Mining Operation Fake Installers to Monero: A Multi-Tool Mining Operation OPERATION OPERATION
2026 Operation GhostMail Contents Introduction Key Targets Industries Affected Geographical focus Geopolitical Context Infection Chain Timeline of Activity Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Malicious Archive Delivery Stage 2 – Malicious Shortcut Execution Stage 3 OPERATION OPERATION
2026 LeakNet’s Casting a Wider Net: ClickFix, Deno, and LeakNet’s Scaling Threat  OPERATION OPERATION
2026 Operation CamelClone: Contents Introduction Key Targets Industries Affected Geographical focus Geopolitical Context Infection Chain Timeline of Activity Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Malicious Archive Delivery Stage 2 – Malicious Shortcut Execution Stage 3 OPERATION OPERATION
2026 Operation Epic Fury/Roaring Lion Retaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring Lion OPERATION OPERATION
2026 Operation MacroMaze Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure OPERATION OPERATION
2026 Operation Olalampo MuddyWater APT has launched a new cyber offensive operation, dubbed Operation Olalampo, deploying new malware variants and leveraging Telegram bots for command-and-control.  OPERATION OPERATION
2026 Operation Neusploit APT28 Leverages CVE-2026-21509 in Operation Neusploit OPERATION OPERATION
2026 Operation DupeHike Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – DUPERUNNER Implant Stage 3 – AdaptixC2 Beacon. Infrastructural Artefacts. Conclusion SEQRITE Protection.... OPERATION OPERATION
2026 Operation Covert Access Table of Contents: Introduction: Infection Chain: Targeted sectors: Initial Findings about Campaign: Analysis of Decoy: Technical Analysis: Stage-1: Analysis of Windows Shortcut file (.LNK). Stage-2: Analysis of Batch file. Stage-3: Details analysis of Covert RAT. Conclusion: Seqrite Coverage: IOCs... OPERATION OPERATION
2026 Operation Nomad Leopard Contents Introduction Key Targets Industries Affected Geographical focus Infection Chain. Initial Findings Looking into the decoy-document Technical Analysis Stage 1 – Malicious ISO File Stage 2 – Malicious LNK File Stage 3 – Final Payload: FALSECUB Infrastructure & Attribution... OPERATION OPERATION
2026 Megalodon Megalodon: Mass GitHub Repo Backdooring via CI Workflows CAMPAIGN CAMPAIGN
2026 GemStuffer Campaign GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government CAMPAIGN CAMPAIGN
2026 Multi-stage ‘code of conduct’
phishing campaign leads to AiTM token compromise
Phishing campaigns continue to improve sophistication and refinement in blending social engineering, delivery and hosting infrastructure, and authentication abuse to remain effective against evolving security controls. CAMPAIGN CAMPAIGN
2026 VENOMOUS#HELPER You’re invited: Four phishing lures in campaigns dropping RMM tools CAMPAIGN CAMPAIGN
2026 Snow Flurries Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite CAMPAIGN CAMPAIGN
2026 Rotten Apple Rotten Apple: An Invasive Threat Actor Targeting Civil Society in Lebanon CAMPAIGN CAMPAIGN
2026 Pawn Storm Campaign Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities CAMPAIGN CAMPAIGN
2026 Internet-exposed ComfyUI instances Hackers Are Attempting to Turn ComfyUI Servers Into a Cryptomining Proxy Botnet CAMPAIGN CAMPAIGN
2026 Iran-nexus Password Spray
Campaign Targeting Cloud Environments
Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East CAMPAIGN CAMPAIGN
2026 DPRK-Related Campaigns with
 LNK and GitHub C2
How DPRK actors use LNK files and GitHub C2 to evade detection and maintain persistence  CAMPAIGN CAMPAIGN
2026 WhatsApp malware campaign WhatsApp malware campaign delivers VBScript and MSI backdoors CAMPAIGN CAMPAIGN
2026 Augmented Marauder’s
Multi-Pronged Casbaneiro Campaigns
Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns CAMPAIGN CAMPAIGN
2026 Analyzing FAUX#ELEVATE Analyzing FAUX#ELEVATE: Threat Actors Target France with CV Lures to Deploy Crypto miners and Infostealers Targeting Enterprise Environments CAMPAIGN CAMPAIGN
2026 ForceMemo ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push CAMPAIGN CAMPAIGN
2026 KakaoTalk Analysis of the Spear-Phishing and KakaoTalk-Linked Threat Campaign by the Konni Group  CAMPAIGN CAMPAIGN
2026 StegaBin Novel DPRK stager using Pastebin and text steganography CAMPAIGN CAMPAIGN
2026 GRIDTIDE  GRIDTIDE Global Cyber Espionage Campaign CAMPAIGN CAMPAIGN
2026 Monero Mining Campaign Technical Deep Dive: The Monero Mining Campaign CAMPAIGN CAMPAIGN
2026 Monero Mining Campaign In the contemporary threat landscape, while ransomware grabs headlines with high-impact disruptions, cryptojacking operations have quietly evolved into sophisticated, persistent threats. CAMPAIGN CAMPAIGN
2026 AiFrame “AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes CAMPAIGN CAMPAIGN
2026 Massiv Massiv: When your IPTV app terminates your savings CAMPAIGN CAMPAIGN
2026 CRESCENTHARVEST CRESCENTHARVEST: Iranian protestors and dissidents targeted in cyberespionage campaign CAMPAIGN CAMPAIGN
2026 Fake recruiter campaign A new branch of a fake job recruitment campaign, dubbed "graphalgo," is targeting developers with a RAT. CAMPAIGN CAMPAIGN
2026 SideCopy Launch Cross-Platform RAT Campaigns Espionage Without Noise: Understanding APT36’s Enduring Campaigns CAMPAIGN CAMPAIGN
2026 TeamPCP Threat Alert: TeamPCP, An Emerging Force in the Cloud Native and Ransomware Landscape CAMPAIGN CAMPAIGN
2026 Shadow Campaigns The Shadow Campaigns: Uncovering Global Espionage CAMPAIGN CAMPAIGN
2026 NGINX Configurations Enable Large-Scale
Web Traffic Hijacking Campaign
Web Traffic Hijacking: When Your Nginx Configuration Turns Malicious CAMPAIGN CAMPAIGN
2026 Dead#Vax Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode CAMPAIGN CAMPAIGN
2026 RedKitten RedKitten: AI-accelerated campaign targeting Iranian protests CAMPAIGN CAMPAIGN
2026 ShinyHunters Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft CAMPAIGN CAMPAIGN
2026 SyncFuture Espionage Targeted Campaign Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign CAMPAIGN CAMPAIGN
2026 AI-orchestrated cyber espionage campaign We have developed sophisticated safety and security measures to prevent the misuse of our AI models.  CAMPAIGN CAMPAIGN
2026 doxxing campaign Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing CAMPAIGN CAMPAIGN
2026 GhostPoster Campaign Browser Extensions Gone Rogue: The Full Scope of the GhostPoster Campaign CAMPAIGN CAMPAIGN
2026 Fortinet FortiGate Devices via SSO Accounts Arctic Wolf has observed a new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices. CAMPAIGN CAMPAIGN
2026 Campaign Targeting LastPass Customers New Phishing Campaign Targeting LastPass Customers CAMPAIGN PHISHING
2026 Contagious Interview campaign Threat Actors Expand Abuse of Microsoft Visual Studio Code CAMPAIGN CAMPAIGN
2026 SHADOW#REACTOR SHADOW#REACTOR – Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment CAMPAIGN CAMPAIGN
2026 Boto-Cor-de-Rosa  Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil CAMPAIGN CAMPAIGN