Cyber Campaigns Operation-  2023 | 2022 | 2021 | 2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008

DATE

NAME

CATEGORY

 

27.12.23

Triangulation Operation Operation Triangulation: The last (hardware) mystery

24.12.23

RusticWeb Operation Operation RusticWeb targets Indian Govt: From Rust-based malware to Web-service exfiltration

19.12.23

Operation Blacksmith Operation Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang

14.12.23

Bearded Barbie Operation Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials

14.12.23

Big Bang Operation The Big Bang attack campaign: Gaza hackers suspected of targeting Middle Eastern victims

14.12.23

Operation Parliament Operation The objective of the attacks is clearly espionage – they involve gaining access to top legislative, executive and judicial bodies around the world.

25.11.23

Telekopye Operation Telekopye: Chamber of Neanderthals’ secrets
22.10.23 Operation King TUT OperationESET researchers reveal a growing sophistication in threats affecting the LATAM region by employing evasion techniques and high-value targeting

19.10.23

TetrisPhantom Operation Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom.

16.10.23

EtherHiding

Operation

“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts

5.10.23

Operation Jacana

Operation

ESET researchers discovered a cyberespionage campaign against a governmental entity in Guyana

19.9.23

Operation Rusty Flag Operation Operation Rusty Flag – A Malicious Campaign Against Azerbaijanian Targets

19.9.23

AMBERSQUID OperationThe Sysdig Threat Research Team (TRT) has uncovered a novel cloud-native cryptojacking operation which they’ve named AMBERSQUID.

6.9.23

Smishing Triad

Operation

"Smishing Triad" Targeted USPS And US Citizens For Data Theft

19.8.23 LABRAT OperationLABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab

22.6.23

Operation Triangulation's

Operation

Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus.

12.6.23 Mexals campaign Operation One of the changes between the two campaigns is their name: The group previously known as Mexals (see their web page in Figure 1) now call themselves Diicot, and one of their tools bears the same name.
8.6.23 Operation Red Deer Operation

Outing Aggah’s Sophisticated Tactics, Techniques and Procedures (TTPs) Targeting Israel

7.6.23

Operation CMDStealer

Operation

Financially Motivated Campaign Leverages CMD-Based Scripts and LOLBaS for Online Banking Theft in Portugal, Peru, and Mexico

3.6.23 Operation Triangulation Operation

While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA).

25.5.23 Operation Groundbait Operation

In addition to the armed conflict in eastern Ukraine, in recent years the country has been facing a significantly higher number of targeted cyberattacks, or so-called advanced persistent threats (APTs).

14.5.2023

Hunting Russian Intelligence “Snake” Malware

Operation

The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets.

14.5.2023

DownEx

Operation

Deep Dive Into DownEx Espionage Operation in Central Asia

17.3.23

SCARLETEEL

Operation

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software.

17.3.23

PROXYSHELLMINER CAMPAIGN

Operation

Morphisec has recently identified a highly evasive malware campaign delivering ProxyShellMiner to Windows endpoints.

15.3.23

ENDTRADE

Operation

We found cyberespionage group TICK targeting critical systems and enterprises to steal information. In this research brief, we show the group's activities and technical analyses of the new malware families, modified tools, and upgraded routines.

15.3.23

Dero Cryptojacking Campaign

Operation

CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure.

11.3.23

Operation Dream Job

Operation

Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors.

2.3.23

SCARLETEEL

Operation

Operation leveraging Terraform, Kubernetes, and AWS for data theft

18.2.23

OPERATION SILENT WATCH

Operation

Amid rising tensions between Azerbaijan and Armenia over the Lachin corridor in late 2022, Check Point Research identified a malicious campaign against entities in Armenia. The malware distributed in this campaign is a new version of a backdoor we track as OxtaRAT

5.2.23

'No Pineapple' Campaign

Operation

During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group.

4.2.23

Operation Ice Breaker

Operation

In September of last year, our Incident Response team was called to an incident that was identified as an attempt of social engineering an online customer service platform.

3.2.23

GOOTLOADER Operations

Operation

Beginning in 2022, UNC2565 began incorporating notable changes to the tactics, techniques, and procedures (TTPs) used in its operations.

23.6.22

Operation Bearded Barbie

Operation

Molerats and APT-C-23. Both groups are Arabic-speaking and politically-motivated that operate on behalf of Hamas, the Palestinian Islamic-fundamentalist movement and a terrorist organization that has controlled the Gaza strip since 2006.

23.6.22

BRONZE STARLIGHT

Operation

The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0.

8.5.22

Mustang Panda

Operation

MustangPanda, also known as "RedDelta" or "Bronze President," is a China-based threat actor that has targeted entities all over the world since at least 2012.

5.5.22

Operation CuckooBees

Operation

Researchers at Cybereason recently discovered such an attack, which was assessed to be the work of Chinese APT Winnti.

4.22

SnatchCrypto

Operation

 

4.22

Operation Dream Job

Operation

 

4.22

Azerbaijanian operation

Operation

 

4.22

Operation Armor Piercer

Operation

 

4.22

Operation Dream Job

Operation

 

4.22

Operation AppleJeus

Operation

 

4.22

Operation Dragon Castling

Operation

 

4.22

Operation Tropic Trooper

Operation

 

2021

Operation GhostShell

Operation

In July 2021, the Cybereason Nocturnus and Incident Response Teams responded to Operation GhostShell, a highly-targeted cyber espionage campaign targeting the Aerospace and Telecommunications industries mainly in the Middle East

19.3.21

O p e r a t i o n Diànxùn

Operation

In this attack, we discovered malware using similar tactics, techniques, and procedures (TTPs) to those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda.

26.2.21

Operation ‘Dream Job’

Operation

During June-August of 2020, ClearSky’s team had investigated an offensive campaign attributed with high probability to North Korea, which we call “Dream Job”.

15.1.21

Operation Spalax

Operation

ESET researchers uncover attacks targeting Colombian government institutions and private companies, especially from the energy and metallurgical industries

18.12.20

Operation SignSight

Operation

Just a few weeks after the supply-chain attack on the Able Desktop software, another similar attack occurred on the website of the Vietnam Government Certification Authority (VGCA): ca.gov.vn.

12.12.20

Operation StealthyTrident

Operation

LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in Mongolian supply-chain attack

30.11.20

Dark Caracal

Operation

As the modern threat landscape has evolved, so have the actors. The barrier to entry for cyber-warfare has continued to decrease, which means new nation states

30.11.20

Operation Manul

Operation

This report covers a campaign of phishing and malware which we have named “Operation Manul” and which, based on the available evidence, we believe is likely to 1 have been carried out on behalf of the government of Kazakhstan against journalists, dissidents living in Europe.

20.11.20

Operation PowerFall

Operation

In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer.

17.11.20

Operation-Blockbuster

Operation

The Lazarus group was first identified in Novetta’s report Operation Blockbuster in February 2016

7.11.20

Operation (노스 스타) North Star

Operation

We are in the midst of an economic slump, with more candidates than there are jobs, something that has been leveraged by malicious actors to lure unwitting victims into opening documents laden with malware.

7.11.20

Operation North Star

Operation

It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm.

7.11.20

Operation North Star:

Operation

McAfee’s initial research into Operation North Star revealed a campaign that used social media sites, spearphishing and weaponized documents to target employees working for organizations in the defense sector.

7.11.20

INJ3CTOR3 Operation

Operation

Recently, Check Point Research encountered a series of worldwide attacks relevant to VoIP, specifically to Session initiation Protocol (SIP) servers.

31.10.20

Uncovering DRBControl

Operation

The DRBControl campaign attacks its targets using a variety of malware and techniques that coincide with those used in other known cyberespionage campaigns.

31.10.20

Operation Earth Kitsune

Operation

A watering hole campaign we dubbed as Operation Earth Kitsune is spying on users’ systems through compromised websites.

23.9.20

Operation DisrupTor

Operation

Today, a coalition of law enforcement agencies across the world announced the results of a coordinated operation known as DisrupTor which targeted vendors and buyers of illicit goods on the dark web.

24.8.20

Mispadu

Operation

In this installment of our blog series, we will focus on Mispadu, an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers.

24.8.20

Mekotio

Operation

In this installment of our series, we introduce Mekotio, a Latin American banking trojan targeting mainly Brazil, Chile, Mexico, Spain, Peru and Portugal.

24.8.20

Casbaneiro

Operation

Most reverse engineers would agree that quite often one can learn something new on the job. However, it is not every day you learn how to cook a delicious meal while analyzing malware.

24.8.20

Grandoreiro

Operation

Although it’s been some weeks since the height of the income tax season in many countries around the globe, the year 2020 has been looking less than normal even for cybercriminal activity.

21.8.20

Operation Transparent tribe

Operation

The APT group Transparent Tribe is mounting an ongoing cyberespionage campaign, researchers said, which is aimed at military and diplomatic targets around the world.

30.7.20

‘Ghostwriter’ Influence Campaign:

Operation

Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned with Russian Security Interests

30.7.20

Operation North Star

Operation

North Korea-linked hackers continue to be very active in this period, researchers reported a campaign aimed at the US defense and aerospace sectors.

17.7.20

Operation In(ter)ception

Operation

At the end of last year, we discovered targeted attacks against aerospace and military companies in Europe and the Middle East, active from September to December 2019.

27.3.20

Operation Poisoned News

Operation

Experts observed a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to spy on them.

23.3.20

Operation Pangea

Operation

Operation Pangea is the name of a joint international operation lead by the Interpol that seized €13 million in counterfeit drugs for care.

17.2.20

Fox Kitten Campaign

Operation

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign.

28.1.20

Operation Night Fury

Operation

Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world

22.1.20

OP Glowing Symphony

Operation

US military claims to have disrupted the online propaganda activity of the Islamic State (ISIS) in a hacking operation dating back at least to 2016.

2019

Glupteba Expands Operation

Operation

Glupteba was first spotted in 2011 as a malicious proxy generating spam and click-fraud traffic from a compromised machine. Since then, it has been distributed through several different methods and used in multiple attacks, including Operation Windigo until 2018.

19.10.19

OPERATION GHOST

Operation

ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families

7.6.19

Operation WebStorage

Operation

The campaign uses compromised routers and man-in-the-middle attacks to target legitimate ASUS WebStorage software to distribute the Plead malware.

11.6.19

Operation MuddyWater POWERSTATS V3

Operation

The campaign targets a range of sectors with spear-phishing emails delivered from legitimate compromised accounts to drop a PowerShell-based backdoor labeled POWERSTATS v3.

11.6.19

Operation ShellTea

Operation

The campaign targets the hotel and entertainment sectors with spear-phishing emails to infiltrate systems with the ShellTea backdoor.

11.6.19

Operation HAWKBALL

Operation

The campaign targets the government sector in Central Asia with malicious documents that take advantage of vulnerabilities in Microsoft Office to drop the HAWKBALL backdoor.

10.6.19

Operation Frankenstein

Operation

The campaign used a range of open-source tools to carry out their attacks including Microsoft's MSbuild, the post-exploitation framework FruityC2, and PowerShell Empire.

27.6.19

Operation TA505 Shifting Tactics

Operation

The group behind the operation target users in South Korea, China, and Taiwan with new tactics, techniques, and procedures including Amadey to distribute EmailStealer, using VBA macro and Excel 4.0 macro.

27.6.19

Operation Waterbug New Toolset

Operation

The threat actor behind the operation launched a series of attacks in the last 18 months against multiple sectors including government, IT, communications, and education.

27.6.19

Operation Soft Cell

Operation

The campaign has been active since at least 2012 and targets telecommunications providers in multiple countries. T

28.5.19

Operation SharePoint Middle East

Operation

The campaign targeted Microsoft SharePoint servers located at Middle Eastern government organizations to steal sensitive information.

28.5.19

Operation BlackWater

Operation

The campaign used trojanized documents attached to phishing emails to steal sensitive information from victims located in the Middle East.

26.6.19

ViceLeaker Operation

Operation

In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens.

14.5.19

Operation Daybreak

Operation

Earlier this year, we deployed new technologies in Kaspersky Lab products to identify and block zero-day attacks.

23.4.19

Operation ShadowHammer

Operation

In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility, which was featured in a Kim Zetter article on Motherboard.

26.3.19

Operation SaboTor

Operation

Today, members of the Joint Criminal Opioid and Darknet Enforcement (J-CODE) team announce the results of Operation SaboTor, a coordinated international effort targeting drug trafficking organizations operating on the Darknet.

26.3.19

Operation ShadowHammer

Operation

Earlier today, Motherboard published a story by Kim Zetter on Operation ShadowHammer, a newly discovered supply chain attack that leveraged ASUS Live Update software.

5.3.19

#OpJerusalem

Operation

Over the weekend, hundreds of popular Israeli sites were targeted by an attack called #OpJerusalem whose goal was to infect Windows users with the JCry ransomware.

2018

Operation Soft Cell

Operation

In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with Chinese-affiliated threat actors, such as APT10.

12.12.18

Operation Sharpshooter

Operation

The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies.

17.11.18

Operation Oceansalt

Operation

A wall eight feet high with three strands of barbed wire is considered sufficient to deter a determined intruder, at least according to the advice offered by the CISSP professional certification.

14.11.18

OperationShaheen

Operation

We have dubbed the first campaignOperation Shaheen. It examines complex espionage effort directed military Pakistani the at

4.5.18

ZOO. CYBERESPIONAGE OPERATION

Operation

ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targetssince at least June 2015.

4/5/18

OpIsrael 2018

Operation

OpIsrael is a yearly campaign created by Anonymous in 2012 with the stated goal of “erasing Israel from the internet” in protest against the Israeli government’s conduct in the Israli-Palestinian conflict.

12/21/18

OpCatalunya: Phase 4

Operation

In October 2017, citizens of Catalonia – an autonomous community in Spain - held an independence referendum.

17.12.18

Operation Dragonfly

Operation

On September 6, Symantec published details of the Dragonfly campaign, which targeted dozens of energy companies throughout 2017.

12/14/17

OpKillingBay/OpWhales

Operation

With a new whale hunting season comes a new wave of attacks by environmental and animal rights hacktivist communities within the Anonymous collective.

12/12/17

OpUSA / OpIsrael

Operation

In 1995, the United States Congress passed the Jerusalem Embassy Act, which was created for the purposes of initiating and funding the relocation of the Embassy of the United States in Israel from Tel Aviv to Jerusalem.

10/31/17

OpCatalonia

Operation

At the beginning of October 2017, citizens of Catalonia – an autonomous community in Spain - held an independence referendum.

6/8/17

OpIcarus2017

Operation

OpIcarus is a multiphase operation originally launched by Anonymous on February 8, 2016 and is now entering its fifth phase on June 11, 2017. Its

6/7/17

OpSingleGateway

Operation

In the first week of June there has been a dramatic increase in activity from #OpSingleGateway, an Anonymous operation designed to combat the government of Thailand’s strategy to implement central control of the nation’s Internet,.

6/5/17

OpKillingBay 2017

Operation

OpKillingBay is a yearly hacktivism operation by Anonymous, activists, and others organizations in response to the hunting of whales and dolphins in Japan.

3/28/17

OpIsrael 2017

Operation

With the stated goal of "erasing Israel from the Internet,” Anonymous will launch OpIsrael 2017, its yearly cyber operation against Israel on April 7, 2017.

1/17/17

OpSingleGateway:

Operation

In a move to combat the government of Thailand’s strategy to implement central control of the nation’s Internet, Anonymous has launched OpSingleGateway.

11/10/16

OpKillingBay 2016 Update

Operation

Online protests in the form of network and application attacks against countries and organizations involved in whale and dolphin hunting has become an integral part of hunting season.

9/19/16

OpNoDAPL

Operation

The Dakota Access Pipeline Project (DAPL) is the construction of a 1,172-mile-long pipeline that will span across three states.

6/8/16

OpIcarus Project Mayhem

Operation

Anonymous has initiated the third and final phase of OpIcarus: “Project Mayhem” – a systematic cyber assault against worldwide stock exchanges.

5/18/16

OperationLGBT

Operation

Anonymous has launched OpLGBT, a DDoS campaign targeting the state of North Carolina and its governmental institutes in response to controversial legislation passed by the state’s General Assembly.

5/6/16

OpIcarus Re-Engaged

Operation

The Hacktivist Group Anonymous announced its plans to relaunch its cyber assaults on leading financial services companies worldwide.

4/25/16

OpOperadoras

Operation

In an effort to fight for the rights of digital consumers throughout South America, the hacktivist group Anonymous has launched OpOperadoras,i coordinated cyber assault against Brazilian telecommunication companies.

4/5/16

OpIsrael Update - April 2016

Operation

With the stated goal of “erasing Israel from the internet” in protest against claimed crimes against the Palestinian people, Anonymous will launch its yearly operation against Israel.

4/4/16

OpTrump Attacks & Other DDoS

Operation

Since our previous OpWhiteRose vs Donald Trump ERT alert outlining the potential cyber-attack against Donald Trump on April fool's day, the presidential candidate was eventually hit and online entities of key Trump.

3/24/16

OpWhiteRose vs Donald Trump

Operation

Donald Trump and his presidential campaign has gained a new round of attention from the Anonymous collective.

3/16/16

OpRight2Rest

Operation

The hacktivist group Anonymous launched an operation against the city of Denver, CO and its officials. Entitled OpRight2Rest, the operation is a response to the passing of the Denver Homeless Camping Ban.

3/14/16

OpAbdiMohamed

Operation

The hacktivist group New World Hackers is currently targeting the capital and most populous city of Utah, Salt Lake City, as part of a new operation, OpAbdiMohamed.

3/10/16

OpAfrica Update - March 2016

Operation

The hacktivist group Anonymous has upped the ante in its cyber-assault against corporations and government that "enable and perpetuate corruption on the African continent."

2/26/16

OpIsrael Update - February 2016

Operation

With the stated goal of "erasing Israel from the internet" in protest against claimed crimes against the Palestinian people, Anonymous will launch its yearly operation against Israel.

2/24/16

OpGaston

Operation

Hacktivists have targeted the Cincinnati Police Department after last week’s police shooting of Paul Gaston.

2/16/16

OpAfrica

Operation

The hacktivist group Anonymous is back, this time fighting corruption across the continent of Africa.

2/11/16

OpKillingBay Update - February 2016

Operation

OpKillingBay is an annual campaign that was started in 2013 by Anonymous. It was created by Anonymous to bring attention to the hunting of whales and dolphins in Japan and Denmark.

2/8/16

OpIcarus

Operation

The hacktivist group Anonymous announced its plan to attack leading financial services companies on Monday, February 8, 2016, starting at 6AM UTC with the goal of taking down their websites and services.

12/18/15

OpTrump

Operation

On December 11, 2015 Anonymous announced Operation Trump (#OpTrump), a three phase hacking campaign to "expose the real Donald Trump" and take down the presidential candidate's online footprint

12/1/15

OpParis Update

Operation

OpParis has faced a number of challenges since the launch of its operation. Organizations such as Anonymous have targeted non-ISIS accounts and any twitter account with Arabic writing by only assuming its association with ISIS.

11/16/15

OpKillingBay Update

Operation

OpKillingBay, the annual campaign created by Anonymous, has continued into November and predicted to remain until the end of dolphin hunting season.

11/10/15

OpParis

Operation

Radware's ERT has been investigating OpParis, an Anonymous revenge campaign against ISIS for the Paris attacks on November 13, 2015. This campaign is an aggressive operation targeting supporters and sympathizers of the Paris attacks.

10/26/15

OpKillingBay

Operation

OpKillingBay is an annual campaign created by Anonymous, activists and other organizations in response to whale and dolphin hunting in Japan and Denmark.

4/17/15

OpISIS

Operation

Islamic State in Iraq and Syria (ISIS), an Al-Qaeda splinter group, is infamously known for its malicious, physical attacks. Recently, however, ISIS has been credited with cyber-attacks.

3/30/15

OpIsrael 2015

Operation

OpIsrael 2015 is an organized set of attacks aimed at the Israeli government, public institutions and other high profile Web sites.

7/11/14

OpSaveGaza

Operation

Due to the growing tension between Palestine and Israel that includes military actions in the sector of Gaza, several hacktivists groups have united in a cyber-attack campaign against Israel, named #OpSaveGaza.

15.7.14

OPERATION WINDIGO

Operation

This document details a large and sophisticated operation, code named “Windigo”, in which a malicious group has compromised thousands of Linux and Unix servers.

4/7/14

OpIsrael 2014

Operation

#OpIsrael is an organized set of attacks aimed at Israeli Web sites, which was officially first launched on 14 November, 2012 against the Israeli government, public institutions and other high profile Web sites.

7/26/13

#OpAbabil Phase 4

Operation

In early September 2012, videos of about 14 minutes in length that claimed to be trailers of a longer film named “Innocence of Muslims” were uploaded to YouTube.

4/30/13

OPUSA

Operation

AnonGhost – A hacking group affiliated with Anonymous announced a new cyber-attack campaign against US websites named #OPUSA, scheduled for May 7th, 2013.

4/7/13

OpIsrael

Operation

Various anti-Israeli hacking groups join hands to launch a massive cyber attack on Israeli cyber space with the aim to disconnect the country from the Internet.

2011

OPERATION POTAO EXPRESS

Operation

The Operation Potao Express whitepaper presents ESET’s latest findings based on research into the Win32/Potao malware family.