Campaign 2025    2026(5)  2025(58)  2024(58)  2023(1)  2022(0)

DATE

NAME

INFO

CATEGORY

SUBCATE

2025

Quishing Campaigns

EXECUTIVE SUMMARY CYFIRMA examines a sophisticated phishing campaign that leverages QR-code-based delivery, commonly referred to as “quishing,” to target employees with

CAMPAIGN

CAMPAIGN

2025

UDPGangster

MuddyWater campaign analysis reveals macro-based delivery, extensive anti-analysis techniques, and shared infrastructure links

CAMPAIGN

CAMPAIGN

2025

Qilin RaaS

The Korean Leaks – Analyzing the Hybrid Geopolitical Campaign Targeting South Korean Financial Services With Qilin RaaS

CAMPAIGN

CAMPAIGN

2025

Shai-Hulud 2.0

Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users.

CAMPAIGN

CAMPAIGN

2025

Shai-Hulud Campaign

It's another Monday morning, sitting down at the computer. And I see a stack of alerts from the last hour of packages showing signs of malware in our triage queue. Having not yet finished my first cup of coffee, I see Shai Hulud indicators. Y

CAMPAIGN

CAMPAIGN

2025

NPM Spam Campaign

The Great Indonesian TEA Theft: Analyzing a NPM Spam Campaign

CAMPAIGN

SPAM

2025

SmartApeSG

SmartApeSG campaign uses ClickFix page to push NetSupport RAT

CAMPAIGN

CAMPAIGN

2025

EVALUSION

EVALUSION Campaign Delivers Amatera Stealer and NetSupport RAT

CAMPAIGN

CAMPAIGN

2025

SpearSpecter

Israel National Digital Agency researchers have uncovered an ongoing, sophisticated espionage campaign,
which we track as SpearSpecter, conducted by Iranian threat actors aligned with the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO)..

CAMPAIGN

BIGBROTHER

2025

Multi-Brand themed Phishing Campaign

CRIL analyzed an active phishing campaign leveraging HTML-based Telegram bot credential harvesters designed to mimic multiple prominent brands

CAMPAIGN

PHISHING

2025

NPM Spam Campaign

The Great Indonesian TEA Theft: Analyzing a NPM Spam Campaign

CAMPAIGN

SPAM

2025

I Paid Twice

Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers

CAMPAIGN

PHISHING

2025

Odyssey

Odyssey Stealer and AMOS Campaign Targets macOS Developers Through Fake Tools

CAMPAIGN

Malware

2025

Smishing Deluge

The Smishing Deluge: China-Based Campaign Flooding Global Text Messages

CAMPAIGN

CAMPAIGN

2025

Jingle Thief

Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign

CAMPAIGN

CAMPAIGN

2025

PassiveNeuron

PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations

CAMPAIGN

CAMPAIGN

2025

RondoDox

RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits

CAMPAIGN

CAMPAIGN

2025

Akira’s SonicWall Campaign

Inside Akira’s SonicWall Campaign: Darktrace’s Detection and Response

CAMPAIGN

CAMPAIGN

2025

Exploitation of CVE-2025-10035

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

CAMPAIGN

CAMPAIGN

2025

Smash and Grab

Smash and Grab: Aggressive Akira Campaign Targets SonicWall VPNs, Deploys Ransomware in an Hour or Less

CAMPAIGN

Ramsomware

2025

RedNovember

Network edge devices such as routers, switches, firewalls, VPNs, and access points are being targeted by waves of cyberattacks.

CAMPAIGN

CAMPAIGN

2025

ProSpy and ToSpy

New spyware campaigns target privacy-conscious Android users in the UAE

CAMPAIGN

CAMPAIGN

2025

Clickfix HijackLoader Phishing Campaign

With the evolution of cyber threats, the final execution of a malicious payload is no longer the sole focus of the cybersecurity industry.

CAMPAIGN

PHISHING

2025

GhostAction

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

CAMPAIGN

CAMPAIGN

2025

FileFix

FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography

CAMPAIGN

CAMPAIGN

2025

Madgicx Plus

Behind the Mask of Madgicx Plus: A Chrome Extension Campaign Targeting Meta Advertisers

CAMPAIGN

Social

2025

TAOTH

TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents

CAMPAIGN

Exploit

2025

ZipLine

ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies

CAMPAIGN

Phishing

2025

ShadowCaptcha

Israel National Digital Agency Uncovers Global Cyberattack Campaign “ShadowCaptcha”

CAMPAIGN

CAMPAIGN

2025

PRC-Nexus Espionage Campaign

Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats

CAMPAIGN

CAMPAIGN

2025

Amadey

MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities

CAMPAIGN

CAMPAIGN

2025

LARVA-208’s New Campaign Targets Web3 Developers

LARVA-208 , known for its phishing attacks and social engineering tactics targeting English-speaking IT staff through phone calls, has adopted a new technique in its operations.

CAMPAIGN

CAMPAIGN

2025

Nebulous Mantis

(a.k.a. Cuba, STORM-0978, Tropical Scorpius, UNC2596) is a Russian-speaking cyber espionage group that has actively deployed the RomCom
remote access trojan (RAT) and Hancitor loader in targeted campaigns since mid-2019.

CAMPAIGN

CAMPAIGN

2025

Phishing Campaigns Galore

The surge in ClickFix campaigns also coincides with the discovery of various phishing campaigns that

CAMPAIGN

CAMPAIGN

2025

Shadow Vector

Shadow Vector targets Colombian users via privilege escalation and court-themed SVG decoys

CAMPAIGN

CAMPAIGN

2025

Stargazers Ghost Network Campaigns

Since March 2025, Check Point Research has been tracking malicious GitHub repositories targeting Minecraft users with an undetected Java downloader.

CAMPAIGN

CAMPAIGN

2025

SERPENTINE#CLOUD

Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware

CAMPAIGN

CAMPAIGN

2025

JSFireTruck

JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique

CAMPAIGN

CyberCrime

2025

ASUS Routers campaign

GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers

CAMPAIGN

CAMPAIGN

2025

Smishing Triad Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit

CAMPAIGN

SPAM

2025

Sponsored Actors Try ClickFix Around the World in 90 Days: State-Sponsored Actors Try ClickFix

CAMPAIGN

CAMPAIGN

2025

PoisonSeed Campaign PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation

CAMPAIGN

SPAM

2025

Stripe API Skimming Campaign Stripe API Skimming Campaign: Additional Victims and Insights

CAMPAIGN

Skimming

2025

J-Magic

Juniper Routers, Network Devices Targeted with Custom Backdoors

CAMPAIGN

MALWARE

2025

Gamaredon

Gamaredon campaign abuses LNK files to distribute Remcos backdoor

CAMPAIGN

MALWARE

2025

.NET MAUI New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI

CAMPAIGN

Malware

2025

ClearFake ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery

CAMPAIGN

MALWARE

2025

Desert Dexter. Attacks Desert Dexter. Attacks on Middle Eastern countries

CAMPAIGN

Malware

2025

Phishing Campaign Using Private Video Sharing We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization.

CAMPAIGN

PHISHING

2025

Snail Mail Fail Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear

CAMPAIGN

Ransom

2025

GitVenom campaign The GitVenom campaign: cryptocurrency theft using GitHub

CAMPAIGN

CRYPTOCURRENCY

2025

DeceptiveDevelopment Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers.

CAMPAIGN

Malware

2025

RevivalStone The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024.

CAMPAIGN

APT

2025

Earth Freybug’s Stealth in the Shadows: Dissecting Earth Freybug’s Recent Campaign and Operational Techniques

CAMPAIGN

Malware

2025

DEEP#DRIVE Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks

CAMPAIGN

APT

2025

BadPilot The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

CAMPAIGN

Operation

2025

Webflow CDN New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs

CAMPAIGN

Phishing

2025

GSocket Gambling Scavenger GSocket Gambling Scavenger – How Hackers Use PHP Backdoors and GSocket to Facilitate Illegal Gambling in Indonesia

CAMPAIGN

CAMPAIGN