Campaign 2026(5) 2025(58) 2024(58) 2023(1) 2022(0)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 10.4.26 | Rotten Apple | Rotten Apple: An Invasive Threat Actor Targeting Civil Society in Lebanon | CAMPAIGN | CAMPAIGN |
| 10.4.26 | Pawn Storm Campaign | Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities | CAMPAIGN | CAMPAIGN |
| 8.4.26 | Internet-exposed ComfyUI instances | Hackers Are Attempting to Turn ComfyUI Servers Into a Cryptomining Proxy Botnet | CAMPAIGN | CAMPAIGN |
| 8.4.26 | Iran-nexus Password Spray Campaign Targeting Cloud Environments | Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East | CAMPAIGN | CAMPAIGN |
| 8.4.26 | DPRK-Related Campaigns with LNK and GitHub C2 | How DPRK actors use LNK files and GitHub C2 to evade detection and maintain persistence | CAMPAIGN | CAMPAIGN |
| 1.4.26 | WhatsApp malware campaign | WhatsApp malware campaign delivers VBScript and MSI backdoors | CAMPAIGN | CAMPAIGN |
| 1.4.26 | Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns | Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns | CAMPAIGN | CAMPAIGN |
|
25.3.26 |
Analyzing FAUX#ELEVATE: Threat Actors Target France with CV Lures to Deploy Crypto miners and Infostealers Targeting Enterprise Environments |
|||
| 17.3.26 | ForceMemo | ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push | CAMPAIGN | CAMPAIGN |
| 17.3.26 | KakaoTalk | Analysis of the Spear-Phishing and KakaoTalk-Linked Threat Campaign by the Konni Group | CAMPAIGN | CAMPAIGN |
| 2.3.26 | StegaBin | Novel DPRK stager using Pastebin and text steganography | CAMPAIGN | CAMPAIGN |
| 26.2.26 | GRIDTIDE | GRIDTIDE Global Cyber Espionage Campaign | CAMPAIGN | CAMPAIGN |
| 24.2.26 | Monero Mining Campaign | Technical Deep Dive: The Monero Mining Campaign | CAMPAIGN | CAMPAIGN |
| 21.2.26 | Monero Mining Campaign | In the contemporary threat landscape, while ransomware grabs headlines with high-impact disruptions, cryptojacking operations have quietly evolved into sophisticated, persistent threats. | CAMPAIGN | CAMPAIGN |
| 20.2.26 | AiFrame | “AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes | CAMPAIGN | CAMPAIGN |
| 19.2.26 | Massiv | Massiv: When your IPTV app terminates your savings | CAMPAIGN | CAMPAIGN |
| 19.2.26 | CRESCENTHARVEST | CRESCENTHARVEST: Iranian protestors and dissidents targeted in cyberespionage campaign | CAMPAIGN | CAMPAIGN |
| 13.2.26 | Fake recruiter campaign | A new branch of a fake job recruitment campaign, dubbed "graphalgo," is targeting developers with a RAT. | CAMPAIGN | CAMPAIGN |
|
11.2.26 |
SideCopy Launch Cross-Platform RAT Campaigns | Espionage Without Noise: Understanding APT36’s Enduring Campaigns | CAMPAIGN | CAMPAIGN |
| 9.2.26 | TeamPCP | Threat Alert: TeamPCP, An Emerging Force in the Cloud Native and Ransomware Landscape | CAMPAIGN | CAMPAIGN |
| 6.2.26 | Shadow Campaigns | The Shadow Campaigns: Uncovering Global Espionage | CAMPAIGN | CAMPAIGN |
| 5.2.26 | NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign | Web Traffic Hijacking: When Your Nginx Configuration Turns Malicious | CAMPAIGN | CAMPAIGN |
| 5.2.26 | Dead#Vax | Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode | CAMPAIGN | CAMPAIGN |
| 2.2.26 | RedKitten | RedKitten: AI-accelerated campaign targeting Iranian protests | CAMPAIGN | CAMPAIGN |
| 2.2.26 | ShinyHunters | Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft | CAMPAIGN | CAMPAIGN |
| 27.1.26 | SyncFuture Espionage Targeted Campaign | Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign | CAMPAIGN | CAMPAIGN |
| 26.1.26 | AI-orchestrated cyber espionage campaign | We have developed sophisticated safety and security measures to prevent the misuse of our AI models. | CAMPAIGN | CAMPAIGN |
| 25.1.26 | doxxing campaign | Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing | CAMPAIGN | CAMPAIGN |
| 25.1.26 | GhostPoster Campaign | Browser Extensions Gone Rogue: The Full Scope of the GhostPoster Campaign | CAMPAIGN | CAMPAIGN |
| 22.1.26 | Fortinet FortiGate Devices via SSO Accounts | Arctic Wolf has observed a new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices. | CAMPAIGN | CAMPAIGN |
| 21.1.26 | Campaign Targeting LastPass Customers | New Phishing Campaign Targeting LastPass Customers | CAMPAIGN | PHISHING |
| 21.1.26 | Contagious Interview campaign | Threat Actors Expand Abuse of Microsoft Visual Studio Code | CAMPAIGN | CAMPAIGN |
| 14.1.26 | SHADOW#REACTOR | SHADOW#REACTOR – Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment | CAMPAIGN | CAMPAIGN |
| 8.1.26 | Boto-Cor-de-Rosa | Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil | CAMPAIGN | CAMPAIGN |