Campaign
DATE | NAME | CATEGORY | SUBCATE | INFO |
|
30.10.24 |
Rampant Phishing | CAMPAIGN | PHISHING | You’re Invited: Rampant Phishing Abuses Eventbrite |
|
28.10.24 | Gun Campaign | CAMPAIGN | CAMPAIGN | TeamTNT’s Docker Gatling Gun Campaign |
|
28.10.24 | ClickFix | CAMPAIGN | SOCIAL | ClickFix tactic: The Phantom Meet |
27.9.24 | SilentSelfie | CAMPAIGN | CAMPAIGN | SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites |
26.9.24 | SloppyLemming | CAMPAIGN | Crypto | Unraveling SloppyLemming’s Operations Across South Asia |
26.9.24 | Salt Typhoon | CAMPAIGN | ISP | China's 'Salt Typhoon' Cooks Up Cyberattacks on US ISPs |
23.9.24 | Earth Baxia | CAMPAIGN | PHISHING | Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC |
19.9.24 | Vanilla Tempest | CAMPAIGN | Ransomware | Highway Blobbery: Data Theft using Azure Storage Explorer |
19.9.24 | Storm clouds | CAMPAIGN | CAMPAIGN | Storm clouds on the horizon: Resurgence of TeamTNT? |
13.9.24 | Proxyjacking | CAMPAIGN | CRYPTOCURRENCY | From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking |
11.9.24 | Crimson Palace | CAMPAIGN | APT | Crimson Palace returns: New Tools, Tactics, and Targets |
11.9.24 | Earth Preta | CAMPAIGN | APT | Earth Preta Evolves its Attacks with New Malware and Strategies |
30.8.24 | Voldemort | CAMPAIGN | CAMPAIGN | The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort” |
30.8.24 | SLOW#TEMPEST | CAMPAIGN | APT | From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users |
16.8.24 | Tusk | CAMPAIGN | Malware | Tusk: unraveling a complex infostealer campaign |
15.8.24 | River of Phish | CAMPAIGN | Phishing | SPEAR-PHISHING CASES FROM EASTERN EUROPE 2022-2024A TECHNICAL BRIEF |
15.8.24 | Earth Baku | CAMPAIGN | CAMPAIGN | A Dive into Earth Baku’s Latest Campaign |
4.8.24 | Panamorfi | CAMPAIGN | DDOS | A New Discord DDoS Campaign |
2.8.24 | ERIAKOS | CAMPAIGN | Scam | "ERIAKOS" Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team |
2.8.24 | CAMPAIGN | The Securonix Threat Research team has been monitoring the threat actors behind the ongoing investigation into the DEV#POPPER campaign, we have identified additional malware variants linked to the same North Korean threat actors using similar, stealthy malicious code execution tactics, though now with much more robust capabilities. | ||
2.8.24 | PHISHING | OneDrive Pastejacking: The crafty phishing and downloader campaign | ||
25.7.24 | CVE-2024-21412 | CAMPAIGN | CVE | Exploiting CVE-2024-21412: A Stealer Campaign Unleashed |
| 20.6.24 | Sustained | CAMPAIGN | CAMPAIGN | Sustained Campaign Using Chinese Espionage Tools Targets Telcos |
| 18.6.24 | Spinning YARN | CAMPAIGN | Malware | Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence |
18.5.24 | Earth Hundun's | Campaign | CyberSpy | Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024 |
10.5.24 | APT28 | Campaign | APT | APT28 campaign targeting Polish government institutions |
| 30.4.24 | DEV#POPPER | Campaign | Campaign | ANALYSIS OF DEV#POPPER: NEW ATTACK CAMPAIGN TARGETING SOFTWARE DEVELOPERS LIKELY ASSOCIATED WITH NORTH KOREAN THREAT ACTORS |
| 25.4.24 | ArcaneDoor | Campaign | Spy | ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices |
| 25.4.24 | FROZEN#SHADOW Attack | Campaign | Campaign | Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover |
| 19.4.24 | BlackTech | Campaign | Cyberespionage | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear |
| 19.4.24 | DuneQuixote | Campaign | Campaign | DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware |
| 17.4.24 | Connect:fun | Campaign | Campaign | In a new threat briefing, Forescout Research – Vedere Labs details an exploitation campaign targeting organizations running Fortinet’s FortiClient EMS which is vulnerable to CVE-2023-48788. We are designating this campaign Connect:fun because of the use of ScreenConnect and Powerfun as post-exploitation tools – our first-ever named campaign. |
| 16.4.24 | SteganoAmor | Campaign | Campaign | SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world |
| 12.4.24 | DarkBeatC2 | Campaign | APT | DarkBeatC2: The Latest MuddyWater Attack Framework |
11.4.24 | Android | ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps | ||
11.4.24 | Virus | Raspberry Robin Now Spreading Through Windows Script Files | ||
| 28.3.24 | ShadowRay | Campaign | AI | ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild |
| 27.3.24 | RedAlpha | Campaign | Campaign | Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. The campaigns, which we are collectively naming RedAlpha, combine light reconnaissance, selective targeting, and diverse malicious tooling. |
| 12.3.24 | Copybara Fraud Operation | Campaign | Operation | On top of this fraud operation architecture, TAs exploit Social Engineering techniques for distributing the Copybara banking trojan, which typically involves smishing and vishing techniques, leveraging native-speaker operators. In particular, several samples reveal TAs distributing Copybara through seemingly legitimate apps, utilizing logos of well-known banks and names that sound authentic, such as “Caixa Sign Nueva”, “BBVA Codigo”, “Sabadell Codigo”. |
| 7.3.24 | Spinning YARN | Campaign | Campaign | Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence |
| 21.2.24 | SMUGX | Campaign | Campaign | CHINESE THREAT ACTORS TARGETING EUROPE IN SMUGX CAMPAIGN |
| 21.2.24 | Earth Preta | Campaign | Campaign | Earth Preta Campaign Uses DOPLUGS to Target Asia |
2.2.24 | Commando Cat | Campaign | Cryptocurrency | The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker |
18.1.24 | Mind Sandstorm | Campaign | Campaign | New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs |
10.1.24 | Campaign | Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware | ||
24.12.23 | Campaign | A Look at the Nim-based Campaign Using Microsoft Word Docs to Impersonate the Nepali Government |