CYBER CAMPAIGN/OPERATION ALL 2026 | 2025 | 2024 | 2023 | 2022 | 2021 | 2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | ALL

DATE

NAME

INFO

CATEGORY

SUBCATE

2026

Operation Dragon Whistle

Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Analysis of Decoys & Spear phishing Email: Technical Analysis: Stage1: Analysis of LNK File. Stage2: Analysis of VBS. Stage3: DLL Side Loading. Infrastructural Artefacts & Threat actor...

OPERATION

OPERATION

2026

Operation NoVoice

Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices

OPERATION

OPERATION

2026

Operation GriefLure

Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Analysis of Decoys: Technical Analysis: Campaign-1: Stage-1: Ho so.rar Campaign: 2 Stage-1: download.zip Stage-2: The LNK & Batch file (Common in 1 & 2 both) Stage-3: Analysis

OPERATION

OPERATION

2026

Operation Silent Rotor

Operation Silent Rotor: Targeted Campaign Compromises Unmanned Aviation Sector Ahead of Moscow Summit Table of Content Introduction Key Targets Industries Affected Geographical focus Infection Chain Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Analysis of...

OPERATION

OPERATION

2026

Operation HumanitarianBait

Cyble analyzes Operation HumanitarianBait, a stealthy espionage campaign using aid-themed lures to deploy a fileless Python infostealer.

OPERATION

OPERATION

2026

Iranian-Nexus Operation

Iranian-Nexus Operation Against Oman's Government: 12 Ministries Hit and 26,000 Citizen Records Exposed

OPERATION

OPERATION

2026

Operation TrustTrap

CRIL uncovered 16,800+ spoofed domains by analyzing URL trust abuse, cloud infra clustering, and human‑centric deception instead of technical exploits.

OPERATION

OPERATION

2026

Operation NoVoice

Operation NoVoice: Rootkit Tells No Tales

OPERATION

OPERATION

2026

Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets

Check Point Research identified a zero-day vulnerability in the TrueConf client application, tracked as CVE-2026-3502, with a CVSS score of 7.8. The flaw stems from the abuse of TrueConf’s updater validation mechanism, allowing an attacker who controls the on-premises TrueConf server to distribute and execute arbitrary files across all connected endpoints.

OPERATION

OPERATION

2026

Operation DualScript – A Multi-Stage PowerShell Malware Campaign Targeting Cryptocurrency and Financial Activity

Operation DualScript – A Multi-Stage PowerShell Malware Campaign Targeting Cryptocurrency and Financial Activity Introduction During our investigation, we identified a multi-stage malware infection leveraging Scheduled Task persistence, VBScript launchers, and PowerShell-based execution. The attack operates through two parallel chains:...

OPERATION

OPERATION

2026

Multi-Tool Mining Operation

Fake Installers to Monero: A Multi-Tool Mining Operation

OPERATION

OPERATION

2026

Operation GhostMail

Contents Introduction Key Targets Industries Affected Geographical focus Geopolitical Context Infection Chain Timeline of Activity Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Malicious Archive Delivery Stage 2 – Malicious Shortcut Execution Stage 3

OPERATION

OPERATION

2026

LeakNet’s

Casting a Wider Net: ClickFix, Deno, and LeakNet’s Scaling Threat 

OPERATION

OPERATION

2026

Operation CamelClone: Multi-Region Espionage Campaign Targets Government and Defense Entities Amidst Regional Tensions

Contents Introduction Key Targets Industries Affected Geographical focus Geopolitical Context Infection Chain Timeline of Activity Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Malicious Archive Delivery Stage 2 – Malicious Shortcut Execution Stage 3

OPERATION

OPERATION

2026

Operation Epic Fury/Roaring Lion

Retaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring Lion

OPERATION

OPERATION

2026

Operation MacroMaze

Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure

OPERATION

OPERATION

2026

Operation Olalampo

MuddyWater APT has launched a new cyber offensive operation, dubbed Operation Olalampo, deploying new malware variants and leveraging Telegram bots for command-and-control. 

OPERATION

OPERATION

2026

Operation Neusploit

APT28 Leverages CVE-2026-21509 in Operation Neusploit

OPERATION

OPERATION

2026

Operation DupeHike

Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – DUPERUNNER Implant Stage 3 – AdaptixC2 Beacon. Infrastructural Artefacts. Conclusion SEQRITE Protection....

OPERATION

OPERATION

2026

Operation Covert Access

Table of Contents: Introduction: Infection Chain: Targeted sectors: Initial Findings about Campaign: Analysis of Decoy: Technical Analysis: Stage-1: Analysis of Windows Shortcut file (.LNK). Stage-2: Analysis of Batch file. Stage-3: Details analysis of Covert RAT. Conclusion: Seqrite Coverage: IOCs...

OPERATION

OPERATION

2026

Operation Nomad Leopard

Contents Introduction Key Targets Industries Affected Geographical focus Infection Chain. Initial Findings Looking into the decoy-document Technical Analysis Stage 1 – Malicious ISO File Stage 2 – Malicious LNK File Stage 3 – Final Payload: FALSECUB Infrastructure & Attribution...

OPERATION

OPERATION

2026

Megalodon

Megalodon: Mass GitHub Repo Backdooring via CI Workflows

CAMPAIGN

CAMPAIGN

2026

GemStuffer Campaign

GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government

CAMPAIGN

CAMPAIGN

2026

Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Phishing campaigns continue to improve sophistication and refinement in blending social engineering, delivery and hosting infrastructure, and authentication abuse to remain effective against evolving security controls.

CAMPAIGN

CAMPAIGN

2026

VENOMOUS#HELPER

You’re invited: Four phishing lures in campaigns dropping RMM tools

CAMPAIGN

CAMPAIGN

2026

Snow Flurries

Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite

CAMPAIGN

CAMPAIGN

2026

Rotten Apple

Rotten Apple: An Invasive Threat Actor Targeting Civil Society in Lebanon

CAMPAIGN

CAMPAIGN

2026

Pawn Storm Campaign

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

CAMPAIGN

CAMPAIGN

2026

Internet-exposed ComfyUI instances

Hackers Are Attempting to Turn ComfyUI Servers Into a Cryptomining Proxy Botnet

CAMPAIGN

CAMPAIGN

2026

Iran-nexus Password Spray Campaign Targeting Cloud Environments

Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East

CAMPAIGN

CAMPAIGN

2026

DPRK-Related Campaigns with LNK and GitHub C2

How DPRK actors use LNK files and GitHub C2 to evade detection and maintain persistence 

CAMPAIGN

CAMPAIGN

2026

WhatsApp malware campaign

WhatsApp malware campaign delivers VBScript and MSI backdoors

CAMPAIGN

CAMPAIGN

2026

Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns

Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns

CAMPAIGN

CAMPAIGN

2026

Analyzing FAUX#ELEVATE

Analyzing FAUX#ELEVATE: Threat Actors Target France with CV Lures to Deploy Crypto miners and Infostealers Targeting Enterprise Environments

CAMPAIGN

CAMPAIGN

2026

ForceMemo

ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push

CAMPAIGN

CAMPAIGN

2026

KakaoTalk

Analysis of the Spear-Phishing and KakaoTalk-Linked Threat Campaign by the Konni Group 

CAMPAIGN

CAMPAIGN

2026

StegaBin

Novel DPRK stager using Pastebin and text steganography

CAMPAIGN

CAMPAIGN

2026

GRIDTIDE 

GRIDTIDE Global Cyber Espionage Campaign

CAMPAIGN

CAMPAIGN

2026

Monero Mining Campaign

Technical Deep Dive: The Monero Mining Campaign

CAMPAIGN

CAMPAIGN

2026

Monero Mining Campaign

In the contemporary threat landscape, while ransomware grabs headlines with high-impact disruptions, cryptojacking operations have quietly evolved into sophisticated, persistent threats.

CAMPAIGN

CAMPAIGN

2026

AiFrame

“AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes

CAMPAIGN

CAMPAIGN

2026

Massiv

Massiv: When your IPTV app terminates your savings

CAMPAIGN

CAMPAIGN

2026

CRESCENTHARVEST

CRESCENTHARVEST: Iranian protestors and dissidents targeted in cyberespionage campaign

CAMPAIGN

CAMPAIGN

2026

Fake recruiter campaign

A new branch of a fake job recruitment campaign, dubbed "graphalgo," is targeting developers with a RAT.

CAMPAIGN

CAMPAIGN

2026

SideCopy Launch Cross-Platform RAT Campaigns

Espionage Without Noise: Understanding APT36’s Enduring Campaigns

CAMPAIGN

CAMPAIGN

2026

TeamPCP

Threat Alert: TeamPCP, An Emerging Force in the Cloud Native and Ransomware Landscape

CAMPAIGN

CAMPAIGN

2026

Shadow Campaigns

The Shadow Campaigns: Uncovering Global Espionage

CAMPAIGN

CAMPAIGN

2026

NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Web Traffic Hijacking: When Your Nginx Configuration Turns Malicious

CAMPAIGN

CAMPAIGN

2026

Dead#Vax

Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode

CAMPAIGN

CAMPAIGN

2026

RedKitten

RedKitten: AI-accelerated campaign targeting Iranian protests

CAMPAIGN

CAMPAIGN

2026

ShinyHunters

Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft

CAMPAIGN

CAMPAIGN

2026

SyncFuture Espionage Targeted Campaign

Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign

CAMPAIGN

CAMPAIGN

2026

AI-orchestrated cyber espionage campaign

We have developed sophisticated safety and security measures to prevent the misuse of our AI models. 

CAMPAIGN

CAMPAIGN

2026

doxxing campaign

Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing

CAMPAIGN

CAMPAIGN

2026

GhostPoster Campaign

Browser Extensions Gone Rogue: The Full Scope of the GhostPoster Campaign

CAMPAIGN

CAMPAIGN

2026

Fortinet FortiGate Devices via SSO Accounts

Arctic Wolf has observed a new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices.

CAMPAIGN

CAMPAIGN

2026

Campaign Targeting LastPass Customers

New Phishing Campaign Targeting LastPass Customers

CAMPAIGN

PHISHING

2026

Contagious Interview campaign

Threat Actors Expand Abuse of Microsoft Visual Studio Code

CAMPAIGN

CAMPAIGN

2026

SHADOW#REACTOR

SHADOW#REACTOR – Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment

CAMPAIGN

CAMPAIGN

2026

Boto-Cor-de-Rosa 

Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil

CAMPAIGN

CAMPAIGN

2025

Operation ForumTroll

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

OPERATION

OPERATION

2025

Operation MoneyMount-ISO

Table of Contents: Introduction: Targeted sectors: Initial Findings about Campaign: Analysis of Phishing Mail: Infection Chain: Technical Analysis: Stage-1: Analysis of Malicious ISO file. Stage-2: 

OPERATION

OPERATION

2025

Operation FrostBeacon

Operation FrostBeacon: Multi-Cluster Cobalt Strike Campaign Targets Russia Contents Introduction Key Targets Geographical Focus Industries Affected LNK Cluster Initial Access:

OPERATION

OPERATION

2025

Operation DupeHike

Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – 

OPERATION

OPERATION

2025

RomCom payload

Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine

OPERATION

OPERATION

2025

Operation WrtHug

Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router

OPERATION

OPERATION

2025

Operation Peek-a-Baku

Initial Findings. Technical Analysis. Campaign – I The LNK Way. Malicious SILENT LOADER Malicious LAPLAS Implant – TCP & TLS. Malicious .NET Implant – SilentSweeper Campaign –...

OPERATION

OPERATION

2025

Operation SkyCloak

Authors: Sathwik Ram Prakki and Kartikkumar Jivani Contents Introduction Key Targets Industries Geographical Focus Infection and Decoys Technical Analysis PowerShell Stage Persistence C..

OPERATION

OPERATION

2025

Tangerine Turkey Operations

From Scripts to Systems: A Comprehensive Look at Tangerine Turkey Operations

OPERATION

OPERATION

2025

Operation MotorBeacon

Malicious .NET Implant Hunting and Infrastructure. Conclusion Seqrite Protection. IOCs MITRE ATT&CK....

OPERATION

OPERATION

2025

Operation Silk Lure

Introduction: Seqrite Lab has been actively monitoring global cyber threat...

OPERATION

OPERATION

2025

Rewrite

Operation Rewrite: Chinese-Speaking  Threat Actors  Deploy BadIIS  in a Wide Scale  SEO Poisoning  Campaign

OPERATION

OPERATION

2025

Operation Rewrite

Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign

OPERATION

OPERATION

2025

RaccoonO365

Cloudflare participates in global operation to disrupt RaccoonO365

OPERATION

OPERATION

2025

SlopAds

Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation

OPERATION

OPERATION

2025

Operation BarrelFire

NoisyBear targets entities linked to Kazakhstan’s Oil & Gas Sector.

OPERATION

OPERATION

2025

Blockbuster

Private Industry Takes Action Against Global Cyber Threats

OPERATION

OPERATION

2025

Operation HanKook Phantom

Table of Contents: Introduction Threat Profile Infection Chain Campaign-1 Analysis of Decoy: Technical Analysis Fingerprint of ROKRAT’s Malware Campaign-2 

OPERATION

OPERATION

2025

Operation CargoTalon

UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant.

OPERATION

OPERATION

2025

Operation GhostChat

In June 2025, threat actors carried out a strategic web compromise by replacing the legitimate link, tibetfund.org/90thbirthday, on a compromised webpage with a malicious link. 

OPERATION

OPERATION

2025

Operation PhantomPrayers

In June 2025, a new subdomain, hhthedalailama90.niccenter[.]net was used by the threat actor to distribute a malicious application masquerading as a "special prayer check-in" software.

OPERATION

OPERATION

2025

Operation Phantom Enigma

A malicious campaign discovered by Positive Technologies specialists is primarily targeting residents of Brazil. Attacks have been detected since the beginning of 2025.

OPERATION

OPERATION

2025

Operation Sindoor – Anatomy of a Digital Siege

Overview Seqrite Labs, India’s largest  Malware Analysis lab, has identified  multiple cyber events linked to  Operation Sindoor, involving state-  sponsored APT activity and coordinated hacktivist operations. 

OPERATION

OPERATION

2025

ELUSIVE COMET

Mitigating ELUSIVE COMET Zoom remote control attacks

OPERATION

OPERATION

2025

Scallywag 

Scallywag Extensions Monetize Piracy

OPERATION

OPERATION

2025

Operation SyncHole

Operation SyncHole: Lazarus APT goes back to the well

OPERATION

OPERATION

2025

SuperCard X

SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation

OPERATION

OPERATION

2025

Operation BlackEcho

Voice Phishing using Fake Financial and Vaccine Apps

OPERATION

OPERATION

2025

Operational Relay Box (ORB)

An Introduction to Operational Relay Box (ORB) Networks - Unpatched, Forgotten, and Obscured

OPERATION

OPERATION

2025

Operation FishMedley

ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON 

OPERATION

OPERATION

2025

Operation AkaiRyū

Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

OPERATION

OPERATION

2025

Harvest

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

OPERATION

OPERATION

2025

Operation Marstech Mayhen

Lazarus Group’s Open-Source Trap: North Korea’s New Malware Tactic Targeting Developers and Crypto Wallets

OPERATION

OPERATION

2025

Operation Phantom Circuit

North Korea’s Global Data Exfiltration Campaign 

OPERATION

OPERATION

2025

Operation 99

Operation 99: North Korea’s Cyber Assault on Software Developers

OPERATION

OPERATION

2025

Quishing Campaigns

EXECUTIVE SUMMARY CYFIRMA examines a sophisticated phishing campaign that leverages QR-code-based delivery, commonly referred to as “quishing,” to target employees with

CAMPAIGN

CAMPAIGN

2025

UDPGangster

MuddyWater campaign analysis reveals macro-based delivery, extensive anti-analysis techniques, and shared infrastructure links 

CAMPAIGN

CAMPAIGN

2025

Qilin RaaS

The Korean Leaks – Analyzing the Hybrid Geopolitical Campaign Targeting South Korean Financial Services With Qilin RaaS

CAMPAIGN

CAMPAIGN

2025

Shai-Hulud 2.0

Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users. 

CAMPAIGN

CAMPAIGN

2025

Shai-Hulud Campaign

It's another Monday morning, sitting down at the computer. And I see a stack of alerts from the last hour of packages showing signs of malware in our triage queue. Having not yet finished my first cup of coffee, I see Shai Hulud indicators. Y

CAMPAIGN

CAMPAIGN

2025

NPM Spam Campaign

The Great Indonesian TEA Theft: Analyzing a NPM Spam Campaign

CAMPAIGN

SPAM

2025

SmartApeSG

SmartApeSG campaign uses ClickFix page to push NetSupport RAT

CAMPAIGN

CAMPAIGN

2025

EVALUSION

EVALUSION Campaign Delivers Amatera Stealer and NetSupport RAT

CAMPAIGN

CAMPAIGN

2025

SpearSpecter 

Israel National Digital Agency researchers have uncovered an ongoing, sophisticated espionage campaign,

CAMPAIGN

BIGBROTHER

2025

Multi-Brand themed Phishing Campaign

CRIL analyzed an active phishing campaign leveraging HTML-based Telegram bot credential harvesters designed to mimic multiple prominent brands

CAMPAIGN

PHISHING

2025

NPM Spam Campaign

The Great Indonesian TEA Theft: Analyzing a NPM Spam Campaign

CAMPAIGN

SPAM

2025

I Paid Twice

Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers

CAMPAIGN

PHISHING

2025

Odyssey

Odyssey Stealer and AMOS Campaign Targets macOS Developers Through Fake Tools

CAMPAIGN

Malware

2025

Smishing Deluge

The Smishing Deluge: China-Based Campaign Flooding Global Text Messages

CAMPAIGN

CAMPAIGN

2025

Jingle Thief

Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign

CAMPAIGN

CAMPAIGN

2025

PassiveNeuron

PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations

CAMPAIGN

CAMPAIGN

2025

RondoDox

RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits

CAMPAIGN

CAMPAIGN

2025

Akira’s SonicWall Campaign

Inside Akira’s SonicWall Campaign: Darktrace’s Detection and Response

CAMPAIGN

CAMPAIGN

2025

Exploitation of CVE-2025-10035

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

CAMPAIGN

CAMPAIGN

2025

Smash and Grab

Smash and Grab: Aggressive Akira Campaign Targets SonicWall VPNs, Deploys Ransomware in an Hour or Less

CAMPAIGN

Ramsomware

2025

RedNovember

Network edge devices such as routers, switches, firewalls, VPNs, and access points are being targeted by waves of cyberattacks. 

CAMPAIGN

CAMPAIGN

2025

ProSpy and ToSpy

New spyware campaigns target privacy-conscious Android users in the UAE

CAMPAIGN

CAMPAIGN

2025

Clickfix HijackLoader Phishing Campaign

With the evolution of cyber threats, the final execution of a malicious payload is no longer the sole focus of the cybersecurity industry.

CAMPAIGN

PHISHING

2025

GhostAction 

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

CAMPAIGN

CAMPAIGN

2025

FileFix 

FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography

CAMPAIGN

CAMPAIGN

2025

Madgicx Plus

Behind the Mask of Madgicx Plus: A Chrome Extension Campaign Targeting Meta Advertisers

CAMPAIGN

Social

2025

TAOTH 

TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents

CAMPAIGN

Exploit

2025

ZipLine

ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies

CAMPAIGN

Phishing

2025

ShadowCaptcha

Israel National Digital Agency Uncovers Global Cyberattack Campaign “ShadowCaptcha”

CAMPAIGN

CAMPAIGN

2025

PRC-Nexus Espionage Campaign

Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats

CAMPAIGN

CAMPAIGN

2025

Amadey 

MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities

CAMPAIGN

CAMPAIGN

2025

LARVA-208’s New Campaign Targets Web3 Developers

LARVA-208 , known for its phishing attacks and social engineering tactics targeting English-speaking IT staff through phone calls, has adopted a new technique in its operations. 

CAMPAIGN

CAMPAIGN

2025

Nebulous Mantis

(a.k.a. Cuba, STORM-0978, Tropical Scorpius, UNC2596) is a Russian-speaking cyber espionage group that has actively deployed the RomCom

CAMPAIGN

CAMPAIGN

2025

Phishing Campaigns Galore

The surge in ClickFix campaigns also coincides with the discovery of various phishing campaigns that

CAMPAIGN

CAMPAIGN

2025

Shadow Vector

Shadow Vector targets Colombian users via privilege escalation and court-themed SVG decoys

CAMPAIGN

CAMPAIGN

2025

Stargazers Ghost Network Campaigns

Since March 2025, Check Point Research has been tracking malicious GitHub repositories targeting Minecraft users with an undetected Java downloader. 

CAMPAIGN

CAMPAIGN

2025

SERPENTINE#CLOUD

Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware

CAMPAIGN

CAMPAIGN

2025

JSFireTruck

JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique

CAMPAIGN

CyberCrime

2025

ASUS Routers campaign

GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers

CAMPAIGN

CAMPAIGN

2025

Smishing Triad

Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit

CAMPAIGN

SPAM

2025

Sponsored Actors Try ClickFix

Around the World in 90 Days: State-Sponsored Actors Try ClickFix

CAMPAIGN

CAMPAIGN

2025

PoisonSeed Campaign

PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation

CAMPAIGN

SPAM

2025

Stripe API Skimming Campaign

Stripe API Skimming Campaign: Additional Victims and Insights

CAMPAIGN

Skimming

2025

J-Magic

Juniper Routers, Network Devices Targeted with Custom Backdoors

CAMPAIGN

MALWARE

2025

Gamaredon

Gamaredon campaign abuses LNK files to distribute Remcos backdoor

CAMPAIGN

MALWARE

2025

.NET MAUI

New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI 

CAMPAIGN

Malware

2025

ClearFake

ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery

CAMPAIGN

MALWARE

2025

Desert Dexter. Attacks

Desert Dexter. Attacks on Middle Eastern countries

CAMPAIGN

Malware

2025

Phishing Campaign Using Private Video Sharing

We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization.

CAMPAIGN

PHISHING

2025

Snail Mail Fail

Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear

CAMPAIGN

Ransom

2025

GitVenom campaign

The GitVenom campaign: cryptocurrency theft using GitHub

CAMPAIGN

CRYPTOCURRENCY

2025

DeceptiveDevelopment

Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers.

CAMPAIGN

Malware

2025

RevivalStone

The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. 

CAMPAIGN

APT

2025

Earth Freybug’s

Stealth in the Shadows: Dissecting Earth Freybug’s Recent Campaign and Operational Techniques 

CAMPAIGN

Malware

2025

DEEP#DRIVE

Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks

CAMPAIGN

APT

2025

BadPilot

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

CAMPAIGN

Operation

2025

Webflow CDN

New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs

CAMPAIGN

Phishing

2025

GSocket Gambling Scavenger

GSocket Gambling Scavenger – How Hackers Use PHP Backdoors and GSocket to Facilitate Illegal Gambling in Indonesia

CAMPAIGN

CAMPAIGN

2024

Operation Digital Eye

Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

OPERATION

OPERATION

2024

Operation Soft Cell

Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers

OPERATION

OPERATION

2024

Operation Tainted Love

Operation Tainted Love | Chinese APTs Target Telcos in New Attacks

OPERATION

OPERATION

2024

Operation Undercut

"Operation Undercut"Shows Multifaceted  Nature of SDA’s Influence Operations

OPERATION

OPERATION

2024

Operation Magnus 

On the 28th of October 2024 the Dutch National Police, working in close cooperation with the FBI and other partners of the international law enforcement task force Operation Magnus, ..

OPERATION

OPERATION

2024

OperationCodeonToast

AhnLab and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178)

OPERATION

OPERATION

2024

Velvet Ant

China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence

OPERATION

OPERATION

2024

Unfading Sea Haze

Unfading Sea Haze: New Espionage Campaign in the South China Sea

OPERATION

OPERATION

2024

Celestial Force

Operation Celestial Force employs mobile and desktop malware to target Indian entities

OPERATION

OPERATION

2024

DNS PROBING OPERATION

WHAT A SHOW! AN AMPLIFIED INTERNET SCALE DNS PROBING OPERATION

OPERATION

OPERATION

2024

Operation Crimson Palace

Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government

OPERATION

OPERATION

2024

Decoy Dog 2

Hellhounds: operation Lahat

OPERATION

OPERATION

2024

Decoy Dog 1

Hellhounds: operation Lahat

OPERATION

OPERATION

2024

BlueDelta

GRU's BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns

OPERATION

OPERATION

2024

Doppelganger

This page is designed to gather a timeline of the Doppelganger operation with a few elements collected from different reports.

OPERATION

OPERATION

2024

Diplomatic Specter 

Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia

OPERATION

OPERATION

2024

GHOSTENGINE

Elastic Security Labs has identified REF4578, an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining. 

OPERATION

OPERATION

2024

Operation Windigo

The vivisection of a large Linux server-side credential stealing malware campaign

OPERATION

OPERATION

2024

RoundPress

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities 

OPERATION

OPERATION

2024

MUDDLING MEERKAT

A CUNNING OPERATOR: MUDDLING MEERKAT AND CHINA’S GREAT FIREWALL

OPERATION

OPERATION

2024

Operation MidnightEclipse

A critical command injection vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. 

OPERATION

OPERATION

2024

Cuckoobees

Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation

OPERATION

OPERATION

2024

Operation PhantomBlu

A malware campaign employs new TTPs and behaviors to evade detection and deploy NetSupport RAT.

OPERATION

OPERATION

2024

DEEP#GOSU

Securonix Threat Research Security Advisory: Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware

OPERATION

OPERATION

2024

Operation Texonto

Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war

OPERATION

OPERATION

2024

Scammers Paradise

“Scammers Paradise” —Exploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing Operations

OPERATION

OPERATION

2024

RE#TURGENCE

Securonix Threat Research Security Advisory: New RE#TURGENCE Attack Campaign: Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware

OPERATION

OPERATION

2024

(RMM) tools

Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

CAMPAIGN

PHISHING

2024

FreeDrain 

FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network

CAMPAIGN

PHISHING

2024

Pahalgam Attack themed

Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government

CAMPAIGN

APT

2024

Hive0117

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

CAMPAIGN

PHISHING

2024

DeceptionAds

“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising

CAMPAIGN

MALWARETISING

2024

HubPhish

Effective Phishing Campaign Targeting European Companies and Organizations

CAMPAIGN

Phishing

2024

Drops Zbot

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

CAMPAIGN

RANSOMWARE

2024

Earth Kasha Spear

Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024

CAMPAIGN

PHISHING

2024

Secret Blizzard

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage

CAMPAIGN

ESPIONAGE

2024

Dream Job

Iranian “Dream Job” Campaign 11.24

CAMPAIGN

CAMPAIGN

2024

VEILDrive 

Unmasking VEILDrive: Threat Actors Exploit Microsoft Services for C2

CAMPAIGN

EXPLOIT

2024

CopyRh(ight)adamantys

CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits

CAMPAIGN

EXPLOIT

2024

Typosquat 

Typosquat Campaign Targeting npm Developers

CAMPAIGN

MALWARE

2024

Rampant Phishing

You’re Invited: Rampant Phishing Abuses Eventbrite

CAMPAIGN

PHISHING

2024

Gun Campaign

TeamTNT’s Docker Gatling Gun Campaign

CAMPAIGN

CAMPAIGN

2024

ClickFix 

ClickFix tactic: The Phantom Meet

CAMPAIGN

SOCIAL

2024

SilentSelfie

SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites

CAMPAIGN

CAMPAIGN

2024

SloppyLemming

Unraveling SloppyLemming’s Operations Across South Asia

CAMPAIGN

Crypto

2024

Salt Typhoon

China's 'Salt Typhoon' Cooks Up Cyberattacks on US ISPs

CAMPAIGN

ISP

2024

Earth Baxia

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

CAMPAIGN

PHISHING

2024

Vanilla Tempest

Highway Blobbery: Data Theft using Azure Storage Explorer

CAMPAIGN

Ransomware

2024

Storm clouds

Storm clouds on the horizon: Resurgence of TeamTNT?

CAMPAIGN

CAMPAIGN

2024

Proxyjacking

From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking

CAMPAIGN

CRYPTOCURRENCY

2024

Crimson Palace

Crimson Palace returns: New Tools, Tactics, and Targets

CAMPAIGN

APT

2024

Earth Preta

Earth Preta Evolves its Attacks with New Malware and Strategies

CAMPAIGN

APT

2024

Voldemort

The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”

CAMPAIGN

CAMPAIGN

2024

SLOW#TEMPEST

From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users

CAMPAIGN

APT

2024

Tusk

Tusk: unraveling a complex infostealer campaign

CAMPAIGN

Malware

2024

River of Phish 

SPEAR-PHISHING CASES FROM EASTERN EUROPE 2022-2024A TECHNICAL BRIEF

CAMPAIGN

Phishing

2024

Earth Baku

A Dive into Earth Baku’s Latest Campaign

CAMPAIGN

CAMPAIGN

2024

Panamorfi

A New Discord DDoS Campaign

CAMPAIGN

DDOS

2024

ERIAKOS

"ERIAKOS" Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team

CAMPAIGN

Scam

2024

DEV#POPPER campaign

The Securonix Threat Research team has been monitoring the threat actors behind the ongoing investigation into the DEV#POPPER campaign, we have identified additional malware variants linked to the same North Korean threat actors using similar, stealthy malicious code execution tactics, though now with much more robust capabilities. 

CAMPAIGN

CAMPAIGN

2024

OneDrive Pastejacking

OneDrive Pastejacking: The crafty phishing and downloader campaign

CAMPAIGN

PHISHING

2024

CVE-2024-21412

Exploiting CVE-2024-21412: A Stealer Campaign Unleashed

CAMPAIGN

CVE

2024

Sustained

Sustained Campaign Using Chinese Espionage Tools Targets Telcos

CAMPAIGN

CAMPAIGN

2024

Spinning YARN

Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence

CAMPAIGN

Malware

2024

Earth Hundun's

Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024

CAMPAIGN

CyberSpy

2024

APT28 

APT28 campaign targeting Polish government institutions 

CAMPAIGN

APT

2024

DEV#POPPER

ANALYSIS OF DEV#POPPER: NEW ATTACK CAMPAIGN TARGETING SOFTWARE DEVELOPERS LIKELY ASSOCIATED WITH NORTH KOREAN THREAT ACTORS

CAMPAIGN

Campaign

2024

ArcaneDoor

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

CAMPAIGN

Spy

2024

FROZEN#SHADOW Attack

Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover

CAMPAIGN

Campaign

2024

BlackTech 

Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear

CAMPAIGN

Cyberespionage 

2024

DuneQuixote

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

CAMPAIGN

Campaign

2024

Connect:fun

In a new threat briefing, Forescout Research – Vedere Labs details an exploitation campaign targeting organizations running Fortinet’s FortiClient EMS which is vulnerable to CVE-2023-48788. We are designating this campaign Connect:fun because of the use of ScreenConnect and Powerfun as post-exploitation tools – our first-ever named campaign. 

CAMPAIGN

Campaign

2024

SteganoAmor

SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world

CAMPAIGN

Campaign

2024

DarkBeatC2

DarkBeatC2: The Latest MuddyWater Attack Framework

CAMPAIGN

APT

2024

eXotic Visit 

ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps 

CAMPAIGN

Android

2024

Raspberry Robin

Raspberry Robin Now Spreading Through Windows Script Files

CAMPAIGN

Virus

2024

ShadowRay

ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild

CAMPAIGN

AI

2024

RedAlpha

Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. 

CAMPAIGN

Campaign

2024

Copybara Fraud Operation

On top of this fraud operation architecture, TAs exploit Social Engineering techniques for distributing the Copybara banking trojan, which typically involves smishing and vishing techniques, leveraging native-speaker operators. In particular, several samples reveal TAs distributing Copybara through seemingly legitimate apps, utilizing logos of well-known banks and names that sound authentic, such as “Caixa Sign Nueva”, “BBVA Codigo”, “Sabadell Codigo”. 

CAMPAIGN

Operation

2024

Spinning YARN

Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence

CAMPAIGN

Campaign

2024

SMUGX 

CHINESE THREAT ACTORS TARGETING EUROPE IN SMUGX CAMPAIGN

CAMPAIGN

Campaign

2024

Earth Preta

Earth Preta Campaign Uses DOPLUGS to Target Asia

CAMPAIGN

Campaign

2024

Commando Cat

The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker

CAMPAIGN

Cryptocurrency

2024

Mind Sandstorm

New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

CAMPAIGN

Campaign

2024

DB#JAMMER

Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware

CAMPAIGN

Campaign

2023

Triangulation

Operation Triangulation: The last (hardware) mystery

OPERATION

OPERATION

2023

RusticWeb

Operation RusticWeb targets Indian Govt: From Rust-based malware to Web-service exfiltration

OPERATION

OPERATION

2023

Operation Blacksmith

Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang

OPERATION

OPERATION

2023

Bearded Barbie

Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials

OPERATION

OPERATION

2023

Big Bang

The Big Bang attack campaign: Gaza hackers suspected of targeting Middle Eastern victims

OPERATION

OPERATION

2023

Operation Parliament

The objective of the attacks is clearly espionage – they involve gaining access to top legislative, executive and judicial bodies around the world.

OPERATION

OPERATION

2023

Telekopye

Telekopye: Chamber of Neanderthals’ secrets

OPERATION

OPERATION

2023

Operation King TUT

ESET researchers reveal a growing sophistication in threats affecting the LATAM region by employing evasion techniques and high-value targeting 

OPERATION

OPERATION

2023

TetrisPhantom

Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. 

OPERATION

OPERATION

2023

EtherHiding

“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts

OPERATION

OPERATION

2023

Operation Jacana

ESET researchers discovered a cyberespionage campaign against a governmental entity in Guyana 

OPERATION

OPERATION

2023

Operation Rusty Flag

Operation Rusty Flag – A Malicious Campaign Against Azerbaijanian Targets

OPERATION

OPERATION

2023

AMBERSQUID

The Sysdig Threat Research Team (TRT) has uncovered a novel cloud-native cryptojacking operation which they’ve named AMBERSQUID.

OPERATION

OPERATION

2023

Smishing Triad

"Smishing Triad" Targeted USPS And US Citizens For Data Theft

OPERATION

OPERATION

2023

LABRAT

LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab

OPERATION

OPERATION

2023

Operation Triangulation's

Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus.

OPERATION

OPERATION

2023

Mexals campaign

One of the changes between the two campaigns is their name: The group previously known as Mexals (see their web page in Figure 1) now call themselves Diicot, and one of their tools bears the same name.

OPERATION

OPERATION

2023

Operation Red Deer

Outing Aggah’s Sophisticated Tactics, Techniques and Procedures (TTPs) Targeting Israel

OPERATION

OPERATION

2023

Operation CMDStealer

Financially Motivated Campaign Leverages CMD-Based Scripts and LOLBaS for Online Banking Theft in Portugal, Peru, and Mexico

OPERATION

OPERATION

2023

Operation Triangulation

While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA).

OPERATION

OPERATION

2023

Operation Groundbait

In addition to the armed conflict in eastern Ukraine, in recent years the country has been facing a significantly higher number of targeted cyberattacks, or so-called advanced persistent threats (APTs).

OPERATION

OPERATION

2023

Hunting Russian Intelligence 

The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets.

OPERATION

OPERATION

2023

“Snake” Malware 

 

 

 

2023

DownEx

Deep Dive Into DownEx Espionage Operation in Central Asia

OPERATION

OPERATION

2023

SCARLETEEL 

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. 

OPERATION

OPERATION

2023

PROXYSHELLMINER CAMPAIGN

Morphisec has recently identified a highly evasive malware campaign delivering ProxyShellMiner to Windows endpoints. 

OPERATION

OPERATION

2023

ENDTRADE

We found cyberespionage group TICK targeting critical systems and enterprises to steal information. In this research brief, we show the group's activities and technical analyses of the ..

OPERATION

OPERATION

2023

Dero Cryptojacking Campaign

CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. 

OPERATION

OPERATION

2023

Operation Dream Job

Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors. 

OPERATION

OPERATION

2023

SCARLETEEL

Operation leveraging Terraform, Kubernetes, and AWS for data theft

OPERATION

OPERATION

2023

OPERATION SILENT WATCH

Amid rising tensions between Azerbaijan and Armenia over the Lachin corridor in late 2022, Check Point Research identified a malicious campaign against entities in Armenia.

OPERATION

OPERATION

2023

'No Pineapple' Campaign

During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group.

OPERATION

OPERATION

2023

Operation Ice Breaker

In September of last year, our Incident Response team was called to an incident that was identified as an attempt of social engineering an online customer service platform.

OPERATION

OPERATION

2023

GOOTLOADER Operations

Beginning in 2022, UNC2565 began incorporating notable changes to the tactics, techniques, and procedures (TTPs) used in its operations. 

OPERATION

OPERATION

2023

Nim-based

A Look at the Nim-based Campaign Using Microsoft Word Docs to Impersonate the Nepali Government

CAMPAIGN

Campaign

2022

Operation Bearded Barbie

Molerats and APT-C-23. Both groups are Arabic-speaking and politically-motivated that operate on behalf of Hamas, the Palestinian Islamic-fundamentalist movement and a terrorist organization ...

OPERATION

OPERATION

2022

BRONZE STARLIGHT

The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile,

OPERATION

OPERATION

2022

Mustang Panda

MustangPanda, also known as "RedDelta" or "Bronze President," is a China-based threat actor that has targeted entities all over the world since at least 2012.

OPERATION

OPERATION

2022

Operation CuckooBees

Researchers at Cybereason recently discovered such an attack, which was assessed to be the work of Chinese APT Winnti.

OPERATION

OPERATION

2022

SnatchCrypto

 

OPERATION

OPERATION

2022

Operation Dream Job

 

OPERATION

OPERATION

2022

Azerbaijanian operation

 

OPERATION

OPERATION

2022

Operation Armor Piercer

 

OPERATION

OPERATION

2022

Operation Dream Job

 

OPERATION

OPERATION

2022

Operation AppleJeus

 

OPERATION

OPERATION

2022

Operation Dragon Castling

 

OPERATION

OPERATION

2022

Operation Tropic Trooper

 

OPERATION

OPERATION

2021

Operation GhostShell

In July 2021, the Cybereason Nocturnus and Incident Response Teams responded to Operation GhostShell, a highly-targeted cyber espionage campaign targeting

OPERATION

OPERATION

2021

O p e r a t i o n Diànxùn

In this attack, we discovered malware using similar tactics, techniques, and procedures (TTPs) to those observed in earlier campaigns publicly attributed to the

OPERATION

OPERATION

2021

Operation ‘Dream Job’

During June-August of 2020, ClearSky’s team had investigated an offensive campaign attributed with high probability to North Korea, which we call “Dream Job”.

OPERATION

OPERATION

2021

Operation Spalax

ESET researchers uncover attacks targeting Colombian government institutions and private companies, especially from the energy and metallurgical industries

OPERATION

OPERATION

2020

Operation SignSight

Just a few weeks after the supply-chain attack on the Able Desktop software, another similar attack occurred on the website of the

OPERATION

OPERATION

2020

Operation StealthyTrident

LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in Mongolian supply-chain attack

OPERATION

OPERATION

2020

Dark Caracal

As the modern threat landscape has evolved, so have the actors. The barrier to entry for cyber-warfare has continued to decrease, which means new nation states

OPERATION

OPERATION

2020

Operation Manul

This report covers a campaign of phishing and malware which we have named “Operation Manul” and which, based on the available evidence, we believe is likely to

OPERATION

OPERATION

2020

Operation PowerFall

In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer.

OPERATION

OPERATION

2020

Operation StealthyTrident

The Lazarus group was first identified in Novetta’s report Operation Blockbuster in February 2016

OPERATION

OPERATION

2020

Dark Caracal

We are in the midst of an economic slump, with more candidates than there are jobs, something that has been leveraged by malicious actors to lure unwitting

OPERATION

OPERATION

2020

Operation Manul

It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm. 

OPERATION

OPERATION

2020

Operation StealthyTrident

McAfee’s initial research into Operation North Star revealed a campaign that used social media sites, spearphishing and weaponized documents to target employees

OPERATION

OPERATION

2020

Dark Caracal

Recently, Check Point Research encountered a series of worldwide attacks relevant to VoIP, specifically to Session initiation Protocol (SIP) servers.

OPERATION

OPERATION

2020

Operation Manul

The DRBControl campaign attacks its targets using a variety of malware and techniques that coincide with those used in other known cyberespionage campaigns.

OPERATION

OPERATION

2020

Operation StealthyTrident

A watering hole campaign we dubbed as Operation Earth Kitsune is spying on users’ systems through compromised websites. 

OPERATION

OPERATION

2020

Dark Caracal

Today, a coalition of law enforcement agencies across the world announced the results of a coordinated operation known as DisrupTor which targeted vendors and

OPERATION

OPERATION

2020

Operation Manul

In this installment of our blog series, we will focus on Mispadu, an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its

OPERATION

OPERATION

2020

Operation PowerFall

In this installment of our series, we introduce Mekotio, a Latin American banking trojan targeting mainly Brazil, Chile, Mexico, Spain, Peru and Portugal.

OPERATION

OPERATION

2020

Operation StealthyTrident

Most reverse engineers would agree that quite often one can learn something new on the job. However, it is not every day you learn how to cook a delicious meal

OPERATION

OPERATION

2020

Dark Caracal

Although it’s been some weeks since the height of the income tax season in many countries around the globe, the year 2020 has been looking less than normal

OPERATION

OPERATION

2020

Operation Manul

The APT group Transparent Tribe is mounting an ongoing cyberespionage campaign, researchers said, which is aimed at military and diplomatic targets around the world.

OPERATION

OPERATION

2020

Operation PowerFall

Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned with Russian Security Interests

OPERATION

OPERATION

2020

Operation StealthyTrident

North Korea-linked hackers continue to be very active in this period, researchers reported a campaign aimed at the US defense and aerospace sectors.

OPERATION

OPERATION

2020

Dark Caracal

At the end of last year, we discovered targeted attacks against aerospace and military companies in Europe and the Middle East, active from September to December 2019.

OPERATION

OPERATION

2020

Operation Manul

Experts observed a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to spy on them.

OPERATION

OPERATION

2020

Operation StealthyTrident

Operation Pangea is the name of a joint international operation lead by the Interpol that seized €13 million in counterfeit drugs for care. 

OPERATION

OPERATION

2020

Dark Caracal

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world Iran-linked attackers targeted Pulse Secure, Fortinet,

OPERATION

OPERATION

2020

Operation Manul

Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world

OPERATION

OPERATION

2020

Operation PowerFall

US military claims to have disrupted the online propaganda activity of the Islamic State (ISIS) in a hacking operation dating back at least to 2016.

OPERATION

OPERATION

2019

Glupteba Expands Operation

Glupteba was first spotted in 2011 as a malicious proxy generating spam and click-fraud traffic from a compromised machine. 

OPERATION

OPERATION

2019

OPERATION GHOST

ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families

OPERATION

OPERATION

2019

Operation WebStorage

The campaign uses compromised routers and man-in-the-middle attacks to target legitimate ASUS WebStorage software to distribute the Plead malware. 

OPERATION

OPERATION

2019

Operation MuddyWater POWERSTATS V3

The campaign targets a range of sectors with spear-phishing emails delivered from legitimate compromised accounts to drop a PowerShell-based backdoor labeled POWERSTATS v3. 

OPERATION

OPERATION

2019

Operation ShellTea

The campaign targets the hotel and entertainment sectors with spear-phishing emails to infiltrate systems with the ShellTea backdoor. 

OPERATION

OPERATION

2019

Operation HAWKBALL

The campaign targets the government sector in Central Asia with malicious documents that take advantage of vulnerabilities in Microsoft Office to drop the HAWKBALL backdoor.

OPERATION

OPERATION

2019

Operation Frankenstein

The campaign used a range of open-source tools to carry out their attacks including Microsoft's MSbuild, the post-exploitation framework FruityC2, and PowerShell Empire. 

OPERATION

OPERATION

2019

Operation TA505 Shifting Tactics

The group behind the operation target users in South Korea, China, and Taiwan with new tactics, techniques, and procedures including Amadey to distribute EmailStealer, using V

OPERATION

OPERATION

2019

Operation Waterbug New Toolset

The threat actor behind the operation launched a series of attacks in the last 18 months against multiple sectors including government, IT, communications, and education.

OPERATION

OPERATION

2019

Operation Soft Cell

The campaign has been active since at least 2012 and targets telecommunications providers in multiple countries. T

OPERATION

OPERATION

2019

Operation SharePoint Middle East

The campaign targeted Microsoft SharePoint servers located at Middle Eastern government organizations to steal sensitive information. 

OPERATION

OPERATION

2019

Operation BlackWater

The campaign used trojanized documents attached to phishing emails to steal sensitive information from victims located in the Middle East. 

OPERATION

OPERATION

2019

ViceLeaker Operation

In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens.

OPERATION

OPERATION

2019

Operation Daybreak

Earlier this year, we deployed new technologies in Kaspersky Lab products to identify and block zero-day attacks. 

OPERATION

OPERATION

2019

Operation ShadowHammer

In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility, which was

OPERATION

OPERATION

2019

Operation SaboTor

Today, members of the Joint Criminal Opioid and Darknet Enforcement (J-CODE) team announce the results of Operation SaboTor, a coordinated international effort

OPERATION

OPERATION

2019

Operation ShadowHammer

Earlier today, Motherboard published a story by Kim Zetter on Operation ShadowHammer, a newly discovered supply chain attack that leveraged ASUS Live Update software.

OPERATION

OPERATION

2019

#OpJerusalem

Over the weekend, hundreds of popular Israeli sites were targeted by an attack called #OpJerusalem whose goal was to infect Windows users with the JCry ransomware. 

OPERATION

OPERATION

2018

Operation Soft Cell

In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using t

OPERATION

OPERATION

2018

Operation Sharpshooter

The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy,

OPERATION

OPERATION

2018

Operation Oceansalt

A wall eight feet high with three strands of barbed wire is considered sufficient to deter a determined intruder, at least according to the advice offered by the

OPERATION

OPERATION

2018

OperationShaheen

We have dubbed the first campaignOperation Shaheen. It examines complex espionage effort directed military Pakistani the at

OPERATION

OPERATION

2018

ZOO. CYBERESPIONAGE OPERATION 

ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targetssince at least June 2015.

OPERATION

OPERATION

2018

OpIsrael 2018

OpIsrael is a yearly campaign created by Anonymous in 2012 with the stated goal of “erasing Israel from the internet” in protest against the Israeli government’s

OPERATION

OPERATION

2018

OpCatalunya: Phase 4

In October 2017, citizens of Catalonia – an autonomous community in Spain - held an independence referendum. 

OPERATION

OPERATION

2018

Operation Dragonfly

On September 6, Symantec published details of the Dragonfly campaign, which targeted dozens of energy companies throughout 2017.

OPERATION

OPERATION

2017

OpKillingBay/OpWhales

With a new whale hunting season comes a new wave of attacks by environmental and animal rights hacktivist communities within the Anonymous collective.

OPERATION

OPERATION

2017

OpUSA / OpIsrael

In 1995, the United States Congress passed the Jerusalem Embassy Act, which was created for the purposes of initiating and funding the relocation of the

OPERATION

OPERATION

2017

OpCatalonia

At the beginning of October 2017, citizens of Catalonia – an autonomous community in Spain - held an independence referendum. 

OPERATION

OPERATION

2017

OpIcarus2017

OpIcarus is a multiphase operation originally launched by Anonymous on February 8, 2016 and is now entering its fifth phase on June 11, 2017. Its

OPERATION

OPERATION

2017

OpSingleGateway

In the first week of June there has been a dramatic increase in activity from #OpSingleGateway, an Anonymous operation designed to combat the government of

OPERATION

OPERATION

2017

OpKillingBay 2017

OpKillingBay is a yearly hacktivism operation by Anonymous, activists, and others organizations in response to the hunting of whales and dolphins in Japan.

OPERATION

OPERATION

2017

OpIsrael 2017

With the stated goal of "erasing Israel from the Internet,” Anonymous will launch OpIsrael 2017, its yearly cyber operation against Israel on April 7, 2017. 

OPERATION

OPERATION

2017

OpSingleGateway: 

In a move to combat the government of Thailand’s strategy to implement central control of the nation’s Internet, Anonymous has launched OpSingleGateway.

OPERATION

OPERATION

2016

OpKillingBay 2016 Update

Online protests in the form of network and application attacks against countries and organizations involved in whale and dolphin hunting has become an integral part of hunting season.

OPERATION

OPERATION

2016

OpNoDAPL

The Dakota Access Pipeline Project (DAPL) is the construction of a 1,172-mile-long pipeline that will span across three states.

OPERATION

OPERATION

2016

OpIcarus Project Mayhem

Anonymous has initiated the third and final phase of OpIcarus: “Project Mayhem” – a systematic cyber assault against worldwide stock exchanges. 

OPERATION

OPERATION

2016

OperationLGBT

Anonymous has launched OpLGBT, a DDoS campaign targeting the state of North Carolina and its governmental institutes in response to controversial legislation passed by

OPERATION

OPERATION

2016

OpIcarus Re-Engaged

The Hacktivist Group Anonymous announced its plans to relaunch its cyber assaults on leading financial services companies worldwide. 

OPERATION

OPERATION

2016

OpOperadoras

In an effort to fight for the rights of digital consumers throughout South America, the hacktivist group Anonymous has launched OpOperadoras,i coordinated cyber assault against

OPERATION

OPERATION

2016

OpIsrael Update - April 2016

With the stated goal of “erasing Israel from the internet” in protest against claimed crimes against the Palestinian people, Anonymous will launch its yearly operation against Israel. 

OPERATION

OPERATION

2016

OpTrump Attacks & Other DDoS 

Since our previous OpWhiteRose vs Donald Trump ERT alert outlining the potential cyber-attack against Donald Trump on April fool's day, the presidential candidate was eventually hit

OPERATION

OPERATION

2016

OpWhiteRose vs Donald Trump

Donald Trump and his presidential campaign has gained a new round of attention from the Anonymous collective. 

OPERATION

OPERATION

2016

OpRight2Rest

The hacktivist group Anonymous launched an operation against the city of Denver, CO and its officials. Entitled OpRight2Rest, the operation is a response to the

OPERATION

OPERATION

2016

OpAbdiMohamed

The hacktivist group New World Hackers is currently targeting the capital and most populous city of Utah, Salt Lake City, as part of a new operation, OpAbdiMohamed.

OPERATION

OPERATION

2016

OpAfrica Update - March 2016

The hacktivist group Anonymous has upped the ante in its cyber-assault against corporations and government that "enable and perpetuate corruption on the African continent." 

OPERATION

OPERATION

2016

OpIsrael Update - February 2016

With the stated goal of "erasing Israel from the internet" in protest against claimed crimes against the Palestinian people, Anonymous will launch its yearly operation against Israel.

OPERATION

OPERATION

2016

OpGaston

Hacktivists have targeted the Cincinnati Police Department after last week’s police shooting of Paul Gaston. 

OPERATION

OPERATION

2016

OpAfrica

The hacktivist group Anonymous is back, this time fighting corruption across the continent of Africa.

OPERATION

OPERATION

2016

OpKillingBay Update - February 2016

OpKillingBay is an annual campaign that was started in 2013 by Anonymous. It was created by Anonymous to bring attention to the hunting of whales and

OPERATION

OPERATION

2016

OpIcarus

The hacktivist group Anonymous announced its plan to attack leading financial services companies on Monday, February 8, 2016, starting at 6AM UTC with the

OPERATION

OPERATION

2015

OpTrump

On December 11, 2015 Anonymous announced Operation Trump (#OpTrump), a three phase hacking campaign to "expose the real Donald Trump" and take down

OPERATION

OPERATION

2015

OpParis Update

OpParis has faced a number of challenges since the launch of its operation. 

OPERATION

OPERATION

2015

OpKillingBay Update

OpKillingBay, the annual campaign created by Anonymous, has continued into November and predicted to remain until the end of dolphin hunting season. 

OPERATION

OPERATION

2015

OpParis

Radware's ERT has been investigating OpParis, an Anonymous revenge campaign against ISIS for the Paris attacks on November 13, 2015. 

OPERATION

OPERATION

2015

OpKillingBay

OpKillingBay is an annual campaign created by Anonymous, activists and other organizations in response to whale and dolphin hunting in Japan and Denmark.

OPERATION

OPERATION

2015

OpISIS

Islamic State in Iraq and Syria (ISIS), an Al-Qaeda splinter group, is infamously known for its malicious, physical attacks. Recently, however, ISIS has been credited

OPERATION

OPERATION

2015

OpIsrael 2015

OpIsrael 2015 is an organized set of attacks aimed at the Israeli government, public institutions and other high profile Web sites.

OPERATION

OPERATION

2014

OpSaveGaza

Due to the growing tension between Palestine and Israel that includes military actions in the sector of Gaza, several hacktivists groups have united in a cyber-attack 

OPERATION

OPERATION

2014

OPERATION WINDIGO

This document details a large and sophisticated operation, code named “Windigo”, in which a malicious group has compromised thousands of Linux and Unix servers. 

OPERATION

OPERATION

2014

OpIsrael 2014

#OpIsrael is an organized set of attacks aimed at Israeli Web sites, which was officially first launched on 14 November, 2012 against the Israeli government, public

OPERATION

OPERATION

2013

#OpAbabil Phase 4

In early September 2012, videos of about 14 minutes in length that claimed to be trailers of a longer film named “Innocence of Muslims” were uploaded to YouTube.

OPERATION

OPERATION

2013

OPUSA

AnonGhost – A hacking group affiliated with Anonymous announced a new cyber-attack campaign against US websites named #OPUSA, scheduled for May 7th, 2013.

OPERATION

OPERATION

2013

OpIsrael

Various anti-Israeli hacking groups join hands to launch a massive cyber attack on Israeli cyber space with the aim to disconnect the country from the Internet.

OPERATION

OPERATION

2011

OPERATION POTAO EXPRESS

The Operation Potao Express whitepaper presents ESET’s latest findings based on research into the Win32/Potao malware family.

OPERATION

OPERATION