Campaign 2024 2026(5) 2025(58) 2024(58) 2023(1) 2022(0)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 2024 | (RMM) tools | Spam campaign targeting Brazil abuses Remote Monitoring and Management tools | PHISHING | |
| 2024 | FreeDrain | FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network | PHISHING | |
| 2024 |
Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government |
APT |
||
| 2024 | Hive0117 | New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware | PHISHING | |
| 2024 | DeceptionAds | “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising | MALWARETISING | |
| 2024 | HubPhish | Effective Phishing Campaign Targeting European Companies and Organizations | Phishing | |
| 2024 | Drops Zbot | Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware | RANSOMWARE | |
| 2024 | Earth Kasha Spear | Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024 | PHISHING | |
| 2024 | Secret Blizzard | Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | ESPIONAGE | |
| 2024 |
Iranian “Dream Job” Campaign 11.24 |
CAMPAIGN |
||
| 2024 |
Unmasking VEILDrive: Threat Actors Exploit Microsoft Services for C2 |
EXPLOIT |
||
| 2024 |
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits |
EXPLOIT |
||
| 2024 |
Typosquat Campaign Targeting npm Developers |
MALWARE |
||
| 2024 | Rampant Phishing | You’re Invited: Rampant Phishing Abuses Eventbrite | PHISHING | |
| 2024 | Gun Campaign | TeamTNT’s Docker Gatling Gun Campaign | CAMPAIGN | |
| 2024 | ClickFix | ClickFix tactic: The Phantom Meet | SOCIAL | |
| 2024 | SilentSelfie | SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites | CAMPAIGN | |
| 2024 | SloppyLemming | Unraveling SloppyLemming’s Operations Across South Asia | Crypto | |
| 2024 | Salt Typhoon | China's 'Salt Typhoon' Cooks Up Cyberattacks on US ISPs | ISP | |
| 2024 | Earth Baxia | Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC | PHISHING | |
| 2024 | Vanilla Tempest | Highway Blobbery: Data Theft using Azure Storage Explorer | Ransomware | |
| 2024 | Storm clouds | Storm clouds on the horizon: Resurgence of TeamTNT? | CAMPAIGN | |
| 2024 | Proxyjacking | From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking | CRYPTOCURRENCY | |
| 2024 | Crimson Palace | Crimson Palace returns: New Tools, Tactics, and Targets | APT | |
| 2024 | Earth Preta | Earth Preta Evolves its Attacks with New Malware and Strategies | APT | |
| 2024 | Voldemort | The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort” | CAMPAIGN | |
| 2024 | SLOW#TEMPEST | From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users | APT | |
| 2024 | Tusk | Tusk: unraveling a complex infostealer campaign | Malware | |
| 2024 | River of Phish | SPEAR-PHISHING CASES FROM EASTERN EUROPE 2022-2024A TECHNICAL BRIEF | Phishing | |
| 2024 | Earth Baku | A Dive into Earth Baku’s Latest Campaign | CAMPAIGN | |
| 2024 | Panamorfi | A New Discord DDoS Campaign | DDOS | |
| 2024 | ERIAKOS | "ERIAKOS" Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team | Scam | |
| 2024 | The Securonix Threat Research team has been monitoring the threat actors behind the ongoing investigation into the DEV#POPPER campaign, we have identified additional malware variants linked to the same North Korean threat actors using similar, stealthy malicious code execution tactics, though now with much more robust capabilities. |
CAMPAIGN |
||
| 2024 | OneDrive Pastejacking: The crafty phishing and downloader campaign |
PHISHING |
||
| 2024 | CVE-2024-21412 | Exploiting CVE-2024-21412: A Stealer Campaign Unleashed | CVE | |
| 2024 | Sustained | Sustained Campaign Using Chinese Espionage Tools Targets Telcos | CAMPAIGN | |
| 2024 | Spinning YARN | Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence | Malware | |
| 2024 | Earth Hundun's | Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024 | CyberSpy | |
| 2024 | APT28 | APT28 campaign targeting Polish government institutions | APT | |
| 2024 | DEV#POPPER | ANALYSIS OF DEV#POPPER: NEW ATTACK CAMPAIGN TARGETING SOFTWARE DEVELOPERS LIKELY ASSOCIATED WITH NORTH KOREAN THREAT ACTORS | Campaign | |
| 2024 | ArcaneDoor | ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices | Spy | |
| 2024 | FROZEN#SHADOW Attack | Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover | Campaign | |
| 2024 | BlackTech | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear | Cyberespionage | |
| 2024 | DuneQuixote | DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware | Campaign | |
| 2024 | Connect:fun | In a new threat briefing, Forescout Research – Vedere Labs details an exploitation campaign targeting organizations running Fortinet’s FortiClient EMS which is vulnerable to CVE-2023-48788. We are designating this campaign Connect:fun because of the use of ScreenConnect and Powerfun as post-exploitation tools – our first-ever named campaign. | Campaign | |
| 2024 | SteganoAmor | SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world | Campaign | |
| 2024 | DarkBeatC2 | DarkBeatC2: The Latest MuddyWater Attack Framework | APT | |
| 2024 | ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps |
Android |
||
| 2024 | Raspberry Robin Now Spreading Through Windows Script Files |
Virus |
||
| 2024 | ShadowRay | ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild | AI | |
| 2024 | RedAlpha | Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. | Campaign | |
| 2024 | Copybara Fraud Operation | On top of this fraud operation architecture, TAs exploit Social Engineering techniques for distributing the Copybara banking trojan, which typically involves smishing and vishing techniques, leveraging native-speaker operators. In particular, several samples reveal TAs distributing Copybara through seemingly legitimate apps, utilizing logos of well-known banks and names that sound authentic, such as “Caixa Sign Nueva”, “BBVA Codigo”, “Sabadell Codigo”. | Operation | |
| 2024 | Spinning YARN | Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence | Campaign | |
| 2024 | SMUGX | CHINESE THREAT ACTORS TARGETING EUROPE IN SMUGX CAMPAIGN | Campaign | |
| 2024 | Earth Preta | Earth Preta Campaign Uses DOPLUGS to Target Asia | Campaign | |
| 2024 | Commando Cat | The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker | Cryptocurrency | |
| 2024 | Mind Sandstorm | New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs | Campaign | |
| 2024 | Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware |
Campaign |
||