Campaign 2024 2026(5) 2025(58) 2024(58) 2023(1) 2022(0)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 9.5.24 | (RMM) tools | Spam campaign targeting Brazil abuses Remote Monitoring and Management tools | PHISHING | |
| 9.5.24 | FreeDrain | FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network | PHISHING | |
|
4.5.24 |
Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government |
APT |
||
| 1.5.24 | Hive0117 | New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware | PHISHING | |
| 16.12.24 | DeceptionAds | “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising | MALWARETISING | |
| 18.12.24 | HubPhish | Effective Phishing Campaign Targeting European Companies and Organizations | Phishing | |
| 09.12.24 | Drops Zbot | Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware | RANSOMWARE | |
| 05.12.24 | Earth Kasha Spear | Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024 | PHISHING | |
| 04.12.24 | Secret Blizzard | Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | ESPIONAGE | |
|
13.11.24 |
Iranian “Dream Job” Campaign 11.24 |
CAMPAIGN |
||
|
07.11.24 |
Unmasking VEILDrive: Threat Actors Exploit Microsoft Services for C2 |
EXPLOIT |
||
|
07.11.24 |
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits |
EXPLOIT |
||
|
05.11.24 |
Typosquat Campaign Targeting npm Developers |
MALWARE |
||
|
30.10.24 |
Rampant Phishing | You’re Invited: Rampant Phishing Abuses Eventbrite | PHISHING | |
|
28.10.24 | Gun Campaign | TeamTNT’s Docker Gatling Gun Campaign | CAMPAIGN | |
|
28.10.24 | ClickFix | ClickFix tactic: The Phantom Meet | SOCIAL | |
27.9.24 | SilentSelfie | SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites | CAMPAIGN | |
26.9.24 | SloppyLemming | Unraveling SloppyLemming’s Operations Across South Asia | Crypto | |
26.9.24 | Salt Typhoon | China's 'Salt Typhoon' Cooks Up Cyberattacks on US ISPs | ISP | |
23.9.24 | Earth Baxia | Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC | PHISHING | |
19.9.24 | Vanilla Tempest | Highway Blobbery: Data Theft using Azure Storage Explorer | Ransomware | |
19.9.24 | Storm clouds | Storm clouds on the horizon: Resurgence of TeamTNT? | CAMPAIGN | |
13.9.24 | Proxyjacking | From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking | CRYPTOCURRENCY | |
11.9.24 | Crimson Palace | Crimson Palace returns: New Tools, Tactics, and Targets | APT | |
11.9.24 | Earth Preta | Earth Preta Evolves its Attacks with New Malware and Strategies | APT | |
30.8.24 | Voldemort | The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort” | CAMPAIGN | |
30.8.24 | SLOW#TEMPEST | From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users | APT | |
16.8.24 | Tusk | Tusk: unraveling a complex infostealer campaign | Malware | |
15.8.24 | River of Phish | SPEAR-PHISHING CASES FROM EASTERN EUROPE 2022-2024A TECHNICAL BRIEF | Phishing | |
15.8.24 | Earth Baku | A Dive into Earth Baku’s Latest Campaign | CAMPAIGN | |
4.8.24 | Panamorfi | A New Discord DDoS Campaign | DDOS | |
2.8.24 | ERIAKOS | "ERIAKOS" Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team | Scam | |
2.8.24 | The Securonix Threat Research team has been monitoring the threat actors behind the ongoing investigation into the DEV#POPPER campaign, we have identified additional malware variants linked to the same North Korean threat actors using similar, stealthy malicious code execution tactics, though now with much more robust capabilities. |
CAMPAIGN |
||
2.8.24 | OneDrive Pastejacking: The crafty phishing and downloader campaign |
PHISHING |
||
25.7.24 | CVE-2024-21412 | Exploiting CVE-2024-21412: A Stealer Campaign Unleashed | CVE | |
| 20.6.24 | Sustained | Sustained Campaign Using Chinese Espionage Tools Targets Telcos | CAMPAIGN | |
| 18.6.24 | Spinning YARN | Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence | Malware | |
18.5.24 | Earth Hundun's | Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024 | CyberSpy | |
10.5.24 | APT28 | APT28 campaign targeting Polish government institutions | APT | |
| 30.4.24 | DEV#POPPER | ANALYSIS OF DEV#POPPER: NEW ATTACK CAMPAIGN TARGETING SOFTWARE DEVELOPERS LIKELY ASSOCIATED WITH NORTH KOREAN THREAT ACTORS | Campaign | |
| 25.4.24 | ArcaneDoor | ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices | Spy | |
| 25.4.24 | FROZEN#SHADOW Attack | Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover | Campaign | |
| 19.4.24 | BlackTech | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear | Cyberespionage | |
| 19.4.24 | DuneQuixote | DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware | Campaign | |
| 17.4.24 | Connect:fun | In a new threat briefing, Forescout Research – Vedere Labs details an exploitation campaign targeting organizations running Fortinet’s FortiClient EMS which is vulnerable to CVE-2023-48788. We are designating this campaign Connect:fun because of the use of ScreenConnect and Powerfun as post-exploitation tools – our first-ever named campaign. | Campaign | |
| 16.4.24 | SteganoAmor | SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world | Campaign | |
| 12.4.24 | DarkBeatC2 | DarkBeatC2: The Latest MuddyWater Attack Framework | APT | |
11.4.24 |
ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps |
Android |
||
11.4.24 |
Raspberry Robin Now Spreading Through Windows Script Files |
Virus |
||
| 28.3.24 | ShadowRay | ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild | AI | |
| 27.3.24 | RedAlpha | Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. | Campaign | |
| 12.3.24 | Copybara Fraud Operation | On top of this fraud operation architecture, TAs exploit Social Engineering techniques for distributing the Copybara banking trojan, which typically involves smishing and vishing techniques, leveraging native-speaker operators. In particular, several samples reveal TAs distributing Copybara through seemingly legitimate apps, utilizing logos of well-known banks and names that sound authentic, such as “Caixa Sign Nueva”, “BBVA Codigo”, “Sabadell Codigo”. | Operation | |
| 7.3.24 | Spinning YARN | Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence | Campaign | |
| 21.2.24 | SMUGX | CHINESE THREAT ACTORS TARGETING EUROPE IN SMUGX CAMPAIGN | Campaign | |
| 21.2.24 | Earth Preta | Earth Preta Campaign Uses DOPLUGS to Target Asia | Campaign | |
2.2.24 | Commando Cat | The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker | Cryptocurrency | |
18.1.24 |
Mind Sandstorm | New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs | Campaign | |
10.1.24 |
Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware |
Campaign |
||