Campaign  

DATE

NAME

CATEGORY

SUBCATE

INFO

19.4.24BlackTech CampaignCyberespionage Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
19.4.24DuneQuixoteCampaignCampaignDuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
17.4.24Connect:funCampaignCampaignIn a new threat briefing, Forescout Research – Vedere Labs details an exploitation campaign targeting organizations running Fortinet’s FortiClient EMS which is vulnerable to CVE-2023-48788. We are designating this campaign Connect:fun because of the use of ScreenConnect and Powerfun as post-exploitation tools – our first-ever named campaign.
16.4.24SteganoAmorCampaignCampaignSteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world
12.4.24DarkBeatC2CampaignAPTDarkBeatC2: The Latest MuddyWater Attack Framework

11.4.24

eXotic Visit

Campaign

Android

ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps

11.4.24

Raspberry Robin

Campaign

Virus

Raspberry Robin Now Spreading Through Windows Script Files

28.3.24ShadowRayCampaignAIShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild
27.3.24RedAlphaCampaignCampaignRecorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. The campaigns, which we are collectively naming RedAlpha, combine light reconnaissance, selective targeting, and diverse malicious tooling.
12.3.24Copybara Fraud OperationCampaignOperationOn top of this fraud operation architecture, TAs exploit Social Engineering techniques for distributing the Copybara banking trojan, which typically involves smishing and vishing techniques, leveraging native-speaker operators. In particular, several samples reveal TAs distributing Copybara through seemingly legitimate apps, utilizing logos of well-known banks and names that sound authentic, such as “Caixa Sign Nueva”, “BBVA Codigo”, “Sabadell Codigo”.
7.3.24Spinning YARNCampaignCampaignSpinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence
21.2.24SMUGX CampaignCampaignCHINESE THREAT ACTORS TARGETING EUROPE IN SMUGX CAMPAIGN
21.2.24Earth PretaCampaignCampaignEarth Preta Campaign Uses DOPLUGS to Target Asia

2.2.24

Commando CatCampaignCryptocurrencyThe Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker

18.1.24

Mind SandstormCampaignCampaignNew TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

10.1.24

DB#JAMMER

Campaign

Campaign

Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware

24.12.23

Nim-based

Campaign

Campaign

A Look at the Nim-based Campaign Using Microsoft Word Docs to Impersonate the Nepali Government