Cyber Campaigns Operation 2026 - 2026 | 2025 | 2024 | 2023 | 2022 | 2021 | 2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008
|
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 2026 | Operation Dragon Whistle | Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Analysis of Decoys & Spear phishing Email: Technical Analysis: Stage1: Analysis of LNK File. Stage2: Analysis of VBS. Stage3: DLL Side Loading. Infrastructural Artefacts & Threat actor... | OPERATION | OPERATION |
| 2026 | Operation NoVoice | Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices | OPERATION | OPERATION |
| 2026 | Operation GriefLure | Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Analysis of Decoys: Technical Analysis: Campaign-1: Stage-1: Ho so.rar Campaign: 2 Stage-1: download.zip Stage-2: The LNK & Batch file (Common in 1 & 2 both) Stage-3: Analysis | OPERATION | OPERATION |
| 2026 | Operation Silent Rotor | Operation Silent Rotor: Targeted Campaign Compromises Unmanned Aviation Sector Ahead of Moscow Summit Table of Content Introduction Key Targets Industries Affected Geographical focus Infection Chain Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Analysis of... | OPERATION | OPERATION |
| 2026 | Operation HumanitarianBait | Cyble analyzes Operation HumanitarianBait, a stealthy espionage campaign using aid-themed lures to deploy a fileless Python infostealer. | OPERATION | OPERATION |
| 2026 | Iranian-Nexus Operation | Iranian-Nexus Operation Against Oman's Government: 12 Ministries Hit and 26,000 Citizen Records Exposed | OPERATION | OPERATION |
| 2026 | Operation TrustTrap | CRIL uncovered 16,800+ spoofed domains by analyzing URL trust abuse, cloud infra clustering, and human‑centric deception instead of technical exploits. | OPERATION | OPERATION |
| 2026 | Operation NoVoice | Operation NoVoice: Rootkit Tells No Tales | OPERATION | OPERATION |
| 2026 | Operation TrueChaos | Check Point Research identified a zero-day vulnerability in the TrueConf client application, tracked as CVE-2026-3502, with a CVSS score of 7.8. The flaw stems from the abuse of TrueConf’s updater validation mechanism, allowing an attacker who controls the on-premises TrueConf server to distribute and execute arbitrary files across all connected endpoints. | OPERATION | OPERATION |
| 2026 | Operation DualScript | Operation DualScript – A Multi-Stage PowerShell Malware Campaign Targeting Cryptocurrency and Financial Activity Introduction During our investigation, we identified a multi-stage malware infection leveraging Scheduled Task persistence, VBScript launchers, and PowerShell-based execution. The attack operates through two parallel chains:... | OPERATION | OPERATION |
| 2026 | Multi-Tool Mining Operation | Fake Installers to Monero: A Multi-Tool Mining Operation | OPERATION | OPERATION |
| 2026 | Operation GhostMail | Contents Introduction Key Targets Industries Affected Geographical focus Geopolitical Context Infection Chain Timeline of Activity Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Malicious Archive Delivery Stage 2 – Malicious Shortcut Execution Stage 3 | OPERATION | OPERATION |
| 2026 | LeakNet’s | Casting a Wider Net: ClickFix, Deno, and LeakNet’s Scaling Threat | OPERATION | OPERATION |
| 2026 | Operation CamelClone: | Contents Introduction Key Targets Industries Affected Geographical focus Geopolitical Context Infection Chain Timeline of Activity Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Malicious Archive Delivery Stage 2 – Malicious Shortcut Execution Stage 3 | OPERATION | OPERATION |
| 2026 | Operation Epic Fury/Roaring Lion | Retaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring Lion | OPERATION | OPERATION |
| 2026 | Operation MacroMaze | Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure | OPERATION | OPERATION |
| 2026 | Operation Olalampo | MuddyWater APT has launched a new cyber offensive operation, dubbed Operation Olalampo, deploying new malware variants and leveraging Telegram bots for command-and-control. | OPERATION | OPERATION |
| 2026 | Operation Neusploit | APT28 Leverages CVE-2026-21509 in Operation Neusploit | OPERATION | OPERATION |
| 2026 | Operation DupeHike | Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – DUPERUNNER Implant Stage 3 – AdaptixC2 Beacon. Infrastructural Artefacts. Conclusion SEQRITE Protection.... | OPERATION | OPERATION |
| 2026 | Operation Covert Access | Table of Contents: Introduction: Infection Chain: Targeted sectors: Initial Findings about Campaign: Analysis of Decoy: Technical Analysis: Stage-1: Analysis of Windows Shortcut file (.LNK). Stage-2: Analysis of Batch file. Stage-3: Details analysis of Covert RAT. Conclusion: Seqrite Coverage: IOCs... | OPERATION | OPERATION |
| 2026 | Operation Nomad Leopard | Contents Introduction Key Targets Industries Affected Geographical focus Infection Chain. Initial Findings Looking into the decoy-document Technical Analysis Stage 1 – Malicious ISO File Stage 2 – Malicious LNK File Stage 3 – Final Payload: FALSECUB Infrastructure & Attribution... | OPERATION | OPERATION |
| 2026 | Megalodon | Megalodon: Mass GitHub Repo Backdooring via CI Workflows | CAMPAIGN | CAMPAIGN |
| 2026 | GemStuffer Campaign | GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government | CAMPAIGN | CAMPAIGN |
| 2026 |
Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise |
Phishing campaigns continue to improve sophistication and refinement in blending social engineering, delivery and hosting infrastructure, and authentication abuse to remain effective against evolving security controls. | CAMPAIGN | CAMPAIGN |
| 2026 | VENOMOUS#HELPER | You’re invited: Four phishing lures in campaigns dropping RMM tools | CAMPAIGN | CAMPAIGN |
| 2026 | Snow Flurries | Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite | CAMPAIGN | CAMPAIGN |
| 2026 | Rotten Apple | Rotten Apple: An Invasive Threat Actor Targeting Civil Society in Lebanon | CAMPAIGN | CAMPAIGN |
| 2026 | Pawn Storm Campaign | Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities | CAMPAIGN | CAMPAIGN |
| 2026 | Internet-exposed ComfyUI instances | Hackers Are Attempting to Turn ComfyUI Servers Into a Cryptomining Proxy Botnet | CAMPAIGN | CAMPAIGN |
| 2026 | Iran-nexus Password Spray Campaign Targeting Cloud Environments | Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East | CAMPAIGN | CAMPAIGN |
| 2026 |
DPRK-Related Campaigns with LNK and GitHub C2 |
How DPRK actors use LNK files and GitHub C2 to evade detection and maintain persistence | CAMPAIGN | CAMPAIGN |
| 2026 | WhatsApp malware campaign | WhatsApp malware campaign delivers VBScript and MSI backdoors | CAMPAIGN | CAMPAIGN |
| 2026 |
Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns |
Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns | CAMPAIGN | CAMPAIGN |
| 2026 | Analyzing FAUX#ELEVATE | Analyzing FAUX#ELEVATE: Threat Actors Target France with CV Lures to Deploy Crypto miners and Infostealers Targeting Enterprise Environments | CAMPAIGN | CAMPAIGN |
| 2026 | ForceMemo | ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push | CAMPAIGN | CAMPAIGN |
| 2026 | KakaoTalk | Analysis of the Spear-Phishing and KakaoTalk-Linked Threat Campaign by the Konni Group | CAMPAIGN | CAMPAIGN |
| 2026 | StegaBin | Novel DPRK stager using Pastebin and text steganography | CAMPAIGN | CAMPAIGN |
| 2026 | GRIDTIDE | GRIDTIDE Global Cyber Espionage Campaign | CAMPAIGN | CAMPAIGN |
| 2026 | Monero Mining Campaign | Technical Deep Dive: The Monero Mining Campaign | CAMPAIGN | CAMPAIGN |
| 2026 | Monero Mining Campaign | In the contemporary threat landscape, while ransomware grabs headlines with high-impact disruptions, cryptojacking operations have quietly evolved into sophisticated, persistent threats. | CAMPAIGN | CAMPAIGN |
| 2026 | AiFrame | “AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes | CAMPAIGN | CAMPAIGN |
| 2026 | Massiv | Massiv: When your IPTV app terminates your savings | CAMPAIGN | CAMPAIGN |
| 2026 | CRESCENTHARVEST | CRESCENTHARVEST: Iranian protestors and dissidents targeted in cyberespionage campaign | CAMPAIGN | CAMPAIGN |
| 2026 | Fake recruiter campaign | A new branch of a fake job recruitment campaign, dubbed "graphalgo," is targeting developers with a RAT. | CAMPAIGN | CAMPAIGN |
| 2026 | SideCopy Launch Cross-Platform RAT Campaigns | Espionage Without Noise: Understanding APT36’s Enduring Campaigns | CAMPAIGN | CAMPAIGN |
| 2026 | TeamPCP | Threat Alert: TeamPCP, An Emerging Force in the Cloud Native and Ransomware Landscape | CAMPAIGN | CAMPAIGN |
| 2026 | Shadow Campaigns | The Shadow Campaigns: Uncovering Global Espionage | CAMPAIGN | CAMPAIGN |
| 2026 | NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign | Web Traffic Hijacking: When Your Nginx Configuration Turns Malicious | CAMPAIGN | CAMPAIGN |
| 2026 | Dead#Vax | Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode | CAMPAIGN | CAMPAIGN |
| 2026 | RedKitten | RedKitten: AI-accelerated campaign targeting Iranian protests | CAMPAIGN | CAMPAIGN |
| 2026 | ShinyHunters | Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft | CAMPAIGN | CAMPAIGN |
| 2026 | SyncFuture Espionage Targeted Campaign | Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign | CAMPAIGN | CAMPAIGN |
| 2026 | AI-orchestrated cyber espionage campaign | We have developed sophisticated safety and security measures to prevent the misuse of our AI models. | CAMPAIGN | CAMPAIGN |
| 2026 | doxxing campaign | Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing | CAMPAIGN | CAMPAIGN |
| 2026 | GhostPoster Campaign | Browser Extensions Gone Rogue: The Full Scope of the GhostPoster Campaign | CAMPAIGN | CAMPAIGN |
| 2026 | Fortinet FortiGate Devices via SSO Accounts | Arctic Wolf has observed a new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices. | CAMPAIGN | CAMPAIGN |
| 2026 | Campaign Targeting LastPass Customers | New Phishing Campaign Targeting LastPass Customers | CAMPAIGN | PHISHING |
| 2026 | Contagious Interview campaign | Threat Actors Expand Abuse of Microsoft Visual Studio Code | CAMPAIGN | CAMPAIGN |
| 2026 | SHADOW#REACTOR | SHADOW#REACTOR – Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment | CAMPAIGN | CAMPAIGN |
| 2026 | Boto-Cor-de-Rosa | Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil | CAMPAIGN | CAMPAIGN |