Campaign
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 13.11.25 | NPM Spam Campaign | The Great Indonesian TEA Theft: Analyzing a NPM Spam Campaign | CAMPAIGN | SPAM |
| 10.11.25 | I Paid Twice | Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers | CAMPAIGN | PHISHING |
| 26.10.25 | Odyssey | Odyssey Stealer and AMOS Campaign Targets macOS Developers Through Fake Tools | CAMPAIGN | Malware |
| 25.10.25 | Smishing Deluge | The Smishing Deluge: China-Based Campaign Flooding Global Text Messages | CAMPAIGN | CAMPAIGN |
| 25.10.25 | Jingle Thief | Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign | CAMPAIGN | CAMPAIGN |
| 22.10.25 | PassiveNeuron | PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations | CAMPAIGN | CAMPAIGN |
|
13.10.25 |
RondoDox | RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits | CAMPAIGN | CAMPAIGN |
|
12.10.25 |
Akira’s SonicWall Campaign | Inside Akira’s SonicWall Campaign: Darktrace’s Detection and Response | CAMPAIGN | CAMPAIGN |
|
7.10.25 |
Exploitation of CVE-2025-10035 | Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | CAMPAIGN | CAMPAIGN |
|
5.10.25 |
Smash and Grab | Smash and Grab: Aggressive Akira Campaign Targets SonicWall VPNs, Deploys Ransomware in an Hour or Less | CAMPAIGN | Ramsomware |
| 4.10.25 | RedNovember | Network edge devices such as routers, switches, firewalls, VPNs, and access points are being targeted by waves of cyberattacks. | CAMPAIGN | CAMPAIGN |
| 3.10.25 | ProSpy and ToSpy | New spyware campaigns target privacy-conscious Android users in the UAE | CAMPAIGN | CAMPAIGN |
| 17.9.25 | Clickfix HijackLoader Phishing Campaign | With the evolution of cyber threats, the final execution of a malicious payload is no longer the sole focus of the cybersecurity industry. | CAMPAIGN | PHISHING |
| 17.9.25 | GhostAction | The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows | CAMPAIGN | CAMPAIGN |
| 16.9.25 | FileFix | FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography | CAMPAIGN | CAMPAIGN |
| 11.9.25 | Madgicx Plus | Behind the Mask of Madgicx Plus: A Chrome Extension Campaign Targeting Meta Advertisers | CAMPAIGN | Social |
| 29.8.25 | TAOTH | TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents | CAMPAIGN | Exploit |
| 27.8.25 | ZipLine | ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies | CAMPAIGN | Phishing |
| 26.8.25 | ShadowCaptcha | Israel National Digital Agency Uncovers Global Cyberattack Campaign “ShadowCaptcha” | CAMPAIGN | CAMPAIGN |
| 26.8.25 | PRC-Nexus Espionage Campaign | Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats | CAMPAIGN | CAMPAIGN |
| 13.8.25 | Amadey | MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities | CAMPAIGN | CAMPAIGN |
| 22.7.25 | LARVA-208’s New Campaign Targets Web3 Developers | LARVA-208 , known for its phishing attacks and social engineering tactics targeting English-speaking IT staff through phone calls, has adopted a new technique in its operations. | CAMPAIGN | CAMPAIGN |
| 2.7.25 | Nebulous Mantis |
(a.k.a. Cuba, STORM-0978, Tropical Scorpius, UNC2596) is
a Russian-speaking cyber espionage group that has actively deployed the
RomCom remote access trojan (RAT) and Hancitor loader in targeted campaigns since mid-2019. |
CAMPAIGN | CAMPAIGN |
| 26.6.25 | Phishing Campaigns Galore | The surge in ClickFix campaigns also coincides with the discovery of various phishing campaigns that | CAMPAIGN | CAMPAIGN |
| 20.6.25 | Shadow Vector | Shadow Vector targets Colombian users via privilege escalation and court-themed SVG decoys | CAMPAIGN | CAMPAIGN |
| 20.6.25 | Stargazers Ghost Network Campaigns | Since March 2025, Check Point Research has been tracking malicious GitHub repositories targeting Minecraft users with an undetected Java downloader. | CAMPAIGN | CAMPAIGN |
| 20.6.25 | SERPENTINE#CLOUD | Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware | CAMPAIGN | CAMPAIGN |
| 14.6.25 | JSFireTruck | JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique | CAMPAIGN | CyberCrime |
| 1.6.25 | ASUS Routers campaign | GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers | CAMPAIGN | CAMPAIGN |
| 9.5.24 | (RMM) tools | Spam campaign targeting Brazil abuses Remote Monitoring and Management tools | CAMPAIGN | PHISHING |
| 9.5.24 | FreeDrain | FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network | CAMPAIGN | PHISHING |
|
4.5.24 |
Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government |
APT |
||
| 1.5.24 | Hive0117 | New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware | CAMPAIGN | PHISHING |
| 19.4.25 | Smishing Triad | Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit | CAMPAIGN | SPAM |
| 17.4.25 | Sponsored Actors Try ClickFix | Around the World in 90 Days: State-Sponsored Actors Try ClickFix | CAMPAIGN | CAMPAIGN |
|
6.4.25 |
PoisonSeed Campaign | PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation | CAMPAIGN | SPAM |
| 3.4.25 | Stripe API Skimming Campaign | Stripe API Skimming Campaign: Additional Victims and Insights | CAMPAIGN | Skimming |
|
28.3.25 |
Juniper Routers, Network Devices Targeted with Custom Backdoors |
MALWARE |
||
|
28.3.25 |
Gamaredon campaign abuses LNK files to distribute Remcos backdoor |
MALWARE |
||
|
25.3.25 |
.NET MAUI | New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI | CAMPAIGN | Malware |
|
20.3.25 |
ClearFake | ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery | CAMPAIGN | MALWARE |
| 10.3.25 | Desert Dexter. Attacks | Desert Dexter. Attacks on Middle Eastern countries | CAMPAIGN | Malware |
|
8.3.25 | Phishing Campaign Using Private Video Sharing | We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization. | CAMPAIGN | PHISHING |
|
8.3.25 | Snail Mail Fail | Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear | CAMPAIGN | Ransom |
| 25.2.25 | GitVenom campaign | The GitVenom campaign: cryptocurrency theft using GitHub | CAMPAIGN | CRYPTOCURRENCY |
| 22.2.25 | DeceptiveDevelopment | Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. | CAMPAIGN | Malware |
| 18.2.25 | RevivalStone | The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. | CAMPAIGN | APT |
| 18.2.25 | Earth Freybug’s | Stealth in the Shadows: Dissecting Earth Freybug’s Recent Campaign and Operational Techniques | CAMPAIGN | Malware |
| 15.2.25 | DEEP#DRIVE | Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks | CAMPAIGN | APT |
| 15.2.25 | BadPilot | The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | CAMPAIGN | Operation |
| 10.2.25 | Webflow CDN | New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs | CAMPAIGN | Phishing |
|
18.1.25 | GSocket Gambling Scavenger | GSocket Gambling Scavenger – How Hackers Use PHP Backdoors and GSocket to Facilitate Illegal Gambling in Indonesia | CAMPAIGN | CAMPAIGN |
| 16.12.24 | DeceptionAds | “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising | CAMPAIGN | MALWARETISING |
| 18.12.24 | HubPhish | Effective Phishing Campaign Targeting European Companies and Organizations | CAMPAIGN | Phishing |
| 09.12.24 | Drops Zbot | Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware | CAMPAIGN | RANSOMWARE |
| 05.12.24 | Earth Kasha Spear | Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024 | CAMPAIGN | PHISHING |
| 04.12.24 | Secret Blizzard | Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | CAMPAIGN | ESPIONAGE |
|
13.11.24 |
Iranian “Dream Job” Campaign 11.24 |
CAMPAIGN |
||
|
07.11.24 |
Unmasking VEILDrive: Threat Actors Exploit Microsoft Services for C2 |
EXPLOIT |
||
|
07.11.24 |
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits |
EXPLOIT |
||
|
05.11.24 |
Typosquat Campaign Targeting npm Developers |
MALWARE |
||
|
30.10.24 |
Rampant Phishing | You’re Invited: Rampant Phishing Abuses Eventbrite | CAMPAIGN | PHISHING |
|
28.10.24 | Gun Campaign | TeamTNT’s Docker Gatling Gun Campaign | CAMPAIGN | CAMPAIGN |
|
28.10.24 | ClickFix | ClickFix tactic: The Phantom Meet | CAMPAIGN | SOCIAL |
27.9.24 | SilentSelfie | SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites | CAMPAIGN | CAMPAIGN |
26.9.24 | SloppyLemming | Unraveling SloppyLemming’s Operations Across South Asia | CAMPAIGN | Crypto |
26.9.24 | Salt Typhoon | China's 'Salt Typhoon' Cooks Up Cyberattacks on US ISPs | CAMPAIGN | ISP |
23.9.24 | Earth Baxia | Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC | CAMPAIGN | PHISHING |
19.9.24 | Vanilla Tempest | Highway Blobbery: Data Theft using Azure Storage Explorer | CAMPAIGN | Ransomware |
19.9.24 | Storm clouds | Storm clouds on the horizon: Resurgence of TeamTNT? | CAMPAIGN | CAMPAIGN |
13.9.24 | Proxyjacking | From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking | CAMPAIGN | CRYPTOCURRENCY |
11.9.24 | Crimson Palace | Crimson Palace returns: New Tools, Tactics, and Targets | CAMPAIGN | APT |
11.9.24 | Earth Preta | Earth Preta Evolves its Attacks with New Malware and Strategies | CAMPAIGN | APT |
30.8.24 | Voldemort | The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort” | CAMPAIGN | CAMPAIGN |
30.8.24 | SLOW#TEMPEST | From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users | CAMPAIGN | APT |
16.8.24 | Tusk | Tusk: unraveling a complex infostealer campaign | CAMPAIGN | Malware |
15.8.24 | River of Phish | SPEAR-PHISHING CASES FROM EASTERN EUROPE 2022-2024A TECHNICAL BRIEF | CAMPAIGN | Phishing |
15.8.24 | Earth Baku | A Dive into Earth Baku’s Latest Campaign | CAMPAIGN | CAMPAIGN |
4.8.24 | Panamorfi | A New Discord DDoS Campaign | CAMPAIGN | DDOS |
2.8.24 | ERIAKOS | "ERIAKOS" Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team | CAMPAIGN | Scam |
2.8.24 | The Securonix Threat Research team has been monitoring the threat actors behind the ongoing investigation into the DEV#POPPER campaign, we have identified additional malware variants linked to the same North Korean threat actors using similar, stealthy malicious code execution tactics, though now with much more robust capabilities. | CAMPAIGN | ||
2.8.24 | OneDrive Pastejacking: The crafty phishing and downloader campaign | PHISHING | ||
25.7.24 | CVE-2024-21412 | Exploiting CVE-2024-21412: A Stealer Campaign Unleashed | CAMPAIGN | CVE |
| 20.6.24 | Sustained | Sustained Campaign Using Chinese Espionage Tools Targets Telcos | CAMPAIGN | CAMPAIGN |
| 18.6.24 | Spinning YARN | Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence | CAMPAIGN | Malware |
18.5.24 | Earth Hundun's | Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024 | Campaign | CyberSpy |
10.5.24 | APT28 | APT28 campaign targeting Polish government institutions | Campaign | APT |
| 30.4.24 | DEV#POPPER | ANALYSIS OF DEV#POPPER: NEW ATTACK CAMPAIGN TARGETING SOFTWARE DEVELOPERS LIKELY ASSOCIATED WITH NORTH KOREAN THREAT ACTORS | Campaign | Campaign |
| 25.4.24 | ArcaneDoor | ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices | Campaign | Spy |
| 25.4.24 | FROZEN#SHADOW Attack | Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover | Campaign | Campaign |
| 19.4.24 | BlackTech | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear | Campaign | Cyberespionage |
| 19.4.24 | DuneQuixote | DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware | Campaign | Campaign |
| 17.4.24 | Connect:fun | In a new threat briefing, Forescout Research – Vedere Labs details an exploitation campaign targeting organizations running Fortinet’s FortiClient EMS which is vulnerable to CVE-2023-48788. We are designating this campaign Connect:fun because of the use of ScreenConnect and Powerfun as post-exploitation tools – our first-ever named campaign. | Campaign | Campaign |
| 16.4.24 | SteganoAmor | SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world | Campaign | Campaign |
| 12.4.24 | DarkBeatC2 | DarkBeatC2: The Latest MuddyWater Attack Framework | Campaign | APT |
11.4.24 |
ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps | Android |
||
11.4.24 |
Raspberry Robin Now Spreading Through Windows Script Files | Virus |
||
| 28.3.24 | ShadowRay | ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild | Campaign | AI |
| 27.3.24 | RedAlpha | Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. | Campaign | Campaign |
| 12.3.24 | Copybara Fraud Operation | On top of this fraud operation architecture, TAs exploit Social Engineering techniques for distributing the Copybara banking trojan, which typically involves smishing and vishing techniques, leveraging native-speaker operators. In particular, several samples reveal TAs distributing Copybara through seemingly legitimate apps, utilizing logos of well-known banks and names that sound authentic, such as “Caixa Sign Nueva”, “BBVA Codigo”, “Sabadell Codigo”. | Campaign | Operation |
| 7.3.24 | Spinning YARN | Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence | Campaign | Campaign |
| 21.2.24 | SMUGX | CHINESE THREAT ACTORS TARGETING EUROPE IN SMUGX CAMPAIGN | Campaign | Campaign |
| 21.2.24 | Earth Preta | Earth Preta Campaign Uses DOPLUGS to Target Asia | Campaign | Campaign |
2.2.24 | Commando Cat | The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker | Campaign | Cryptocurrency |
18.1.24 |
Mind Sandstorm | New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs | Campaign | Campaign |
10.1.24 |
Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware |
Campaign |
||
24.12.23 |
A Look at the Nim-based Campaign Using Microsoft Word Docs to Impersonate the Nepali Government |
Campaign |