ALERTS OPERATION
HOME AI APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 5.12.25 | DupeRunner and AdaptixC2 malware deployed within the Operation DupeHike | The SEQRITE researchers have uncovered a targeted cyber espionage campaign dubbed Operation DupeHike. The campaign is focused on various sectors including HR, payroll, and administrative departments. The attack utilizes sophisticated social engineering tactics, deploying realistic decoy documents centered on employee financial bonuses to lure victims. | OPERATION | |
| 5.12.25 | LotusHarvest malware deployed in Operation Hanoi Thief | SEQRITE Labs’ researchers have identified "Operation Hanoi Thief," a malicious cyber campaign targeting IT professionals and HR recruiters in Vietnam. The campaign employs spear-phishing emails containing fake resumes to deliver malware used to steal confidential user data. | OPERATION | |
| 19.10.25 | Operation Silk Lure delivers ValleyRAT | A spear-phishing campaign dubbed Operation Silk Lure, which targets Chinese HR and hiring teams in fintech, crypto exchanges and trading firms by weaponizing realistic résumés, has been uncovered by Seqrite Labs. Attackers send CVs containing malicious .lnk shortcuts that download a second-stage payload, deploy a script to create a hidden daily scheduled task for persistence, and then RC4-decrypt an in-memory loader that launches the final payload — ValleyRAT. | ALERTS | OPERATION |
| 4.10.25 | WARMCOOKIE Operators Expand Infrastructure, Refine Tactics | Researchers recently published a report on the WARMCOOKIE backdoor, revealing that its operators have expanded their infrastructure and refined their tactics. First observed in recruitment-themed phishing campaigns, WARMCOOKIE is still active and capable of host fingerprinting, command execution, screenshot capture, and delivery of additional payloads. | ALERTS | OPERATION |
| 27.9.25 | Operation Rewrite leads to BadIIS malware distribution | Researchers from Palo Alto reported on a SEO poisoning campaign, dubbed "Operation Rewrite". The primary tool used by the attackers in this operation is the BadIIS malware, that can intercept and modify web traffic, utilizing compromised legitimate servers to deliver malicious content. | OPERATION | |
| 17.9.25 | Contagious Interview operation continues | SentinelLABS has identified North Korean threat actors associated with the "Contagious Interview" campaign cluster exhibiting a sophisticated approach to operational security. | OPERATION | |
| 11.6.25 | DragonClone malicious operation | DragonClone is a new malicious campaign identified in the wild. The attackers have been targeting the Chinese Telecom Industry and distributing Veletrix and VShell malware implants as payloads. | OPERATION | |
|
26.3.25 |
Funnelweb attack group targets victims in Operation FishMedley | The China-backed advanced persistent threat group known as Funnelweb (aka Aquatic Panda, Earth Lusca, FishMonger) was responsible for an extensive campaign identified as Operation FishMedley. The campaign targeted entities including governments, NGOs, and think tanks across numerous countries. | OPERATION | |
| 10.3.25 | Phantom-Goblin operation spreading infostealers to victims | Phantom-Goblin is the name of a malicious infostealing campaign recently identified in the wild. The attackers responsible are leveraging social engineering techniques luring victims into execution of malicious .LNK files. | OPERATION | |
| 27.2.25 | Threat actors spoof Sagawa Express services to steal credentials | Symantec has identified a new wave of phishing attacks that impersonate Sagawa Express services to steal credentials. In this campaign, phishing emails are disguised as delivery notifications requesting an immediate update of the delivery address. The email content is brief, encouraging recipients to click on a phishing URL. Once clicked, victims encounter webpages designed for credential harvesting. | OPERATION | |
|
1.11.24 | HeptaX Cyberattack Operations | A researcher recently identified a multi-stage cyberattack targeting the healthcare industry, initiated through a ZIP file containing a malicious shortcut (.lnk) file, likely spread via phishing emails. When executed, the LNK file runs a PowerShell command that downloads additional payloads including scripts and BAT files from a remote server. These scripts create a new administrative user account and alter RDP settings to reduce authentication requirements, allowing attackers to gain remote access for further malicious actions such as data theft and malware installation. | ALERTS | OPERATION |
| 14.6.24 | Operation Celestial Force | A new malicious campaign dubbed 'Operation Celestial Force' has been reported by the researchers from Cisco Talos. The campaign has been active since at least 2018 and targeting Indian organizations from the defense, government and technology sectors. According to the published research, 'Operation Celestial Force' has been attributed to the threat group known as Cosmic Leopard. The attackers have been leveraging Android malware variant - GravityRAT as well as Electron-based Windows loader called HeavyLift. The attacks carried out by this APT group have been managed by a standalone custom tool called GravityAdmin, that centralizes execution of malicious actions on the compromised systems. | ALERTS | OPERATION |
| 8.4.24 | Operation HamsaUpdate | Operation HamsaUpdate is a recently identified campaign targeting Israeli customers using F5’s network devices. The attackers have been reported to leverage wiper malware targeting Windows servers (variant called Hatef) as well as Linux platform (variant called Hamsa). | ALERTS | Operation |