Campaign
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
| 19.4.25 | Smishing Triad | CAMPAIGN | SPAM | Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit |
| 17.4.25 | Sponsored Actors Try ClickFix | CAMPAIGN | CAMPAIGN | Around the World in 90 Days: State-Sponsored Actors Try ClickFix |
|
6.4.25 |
PoisonSeed Campaign | CAMPAIGN | SPAM | PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation |
| 3.4.25 | Stripe API Skimming Campaign | CAMPAIGN | Skimming | Stripe API Skimming Campaign: Additional Victims and Insights |
|
28.3.25 |
MALWARE |
Juniper Routers, Network Devices Targeted with Custom Backdoors |
||
|
28.3.25 |
MALWARE |
Gamaredon campaign abuses LNK files to distribute Remcos backdoor |
||
|
25.3.25 |
.NET MAUI | CAMPAIGN | Malware | New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI |
|
20.3.25 |
ClearFake | CAMPAIGN | MALWARE | ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery |
| 10.3.25 | Desert Dexter. Attacks | CAMPAIGN | Malware | Desert Dexter. Attacks on Middle Eastern countries |
|
8.3.25 | Phishing Campaign Using Private Video Sharing | CAMPAIGN | PHISHING | We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization. |
|
8.3.25 | Snail Mail Fail | CAMPAIGN | Ransom | Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear |
| 25.2.25 | GitVenom campaign | CAMPAIGN | CRYPTOCURRENCY | The GitVenom campaign: cryptocurrency theft using GitHub |
| 22.2.25 | DeceptiveDevelopment | CAMPAIGN | Malware | Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. |
| 18.2.25 | RevivalStone | CAMPAIGN | APT | The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. |
| 18.2.25 | Earth Freybug’s | CAMPAIGN | Malware | Stealth in the Shadows: Dissecting Earth Freybug’s Recent Campaign and Operational Techniques |
| 15.2.25 | DEEP#DRIVE | CAMPAIGN | APT | Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks |
| 15.2.25 | BadPilot | CAMPAIGN | Operation | The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation |
| 10.2.25 | Webflow CDN | CAMPAIGN | Phishing | New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs |
|
18.1.25 | GSocket Gambling Scavenger | CAMPAIGN | CAMPAIGN | GSocket Gambling Scavenger – How Hackers Use PHP Backdoors and GSocket to Facilitate Illegal Gambling in Indonesia |
| 16.12.24 | DeceptionAds | CAMPAIGN | MALWARETISING | “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising |
| 18.12.24 | HubPhish | CAMPAIGN | Phishing | Effective Phishing Campaign Targeting European Companies and Organizations |
| 09.12.24 | Drops Zbot | CAMPAIGN | RANSOMWARE | Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware |
| 05.12.24 | Earth Kasha Spear | CAMPAIGN | PHISHING | Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024 |
| 04.12.24 | Secret Blizzard | CAMPAIGN | ESPIONAGE | Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage |
|
13.11.2024 |
CAMPAIGN |
Iranian “Dream Job” Campaign 11.24 |
||
|
07.11.24 |
EXPLOIT |
Unmasking VEILDrive: Threat Actors Exploit Microsoft Services for C2 |
||
|
07.11.24 |
EXPLOIT |
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits |
||
|
05.11.24 |
MALWARE |
Typosquat Campaign Targeting npm Developers |
||
|
30.10.24 |
Rampant Phishing | CAMPAIGN | PHISHING | You’re Invited: Rampant Phishing Abuses Eventbrite |
|
28.10.24 | Gun Campaign | CAMPAIGN | CAMPAIGN | TeamTNT’s Docker Gatling Gun Campaign |
|
28.10.24 | ClickFix | CAMPAIGN | SOCIAL | ClickFix tactic: The Phantom Meet |
27.9.24 | SilentSelfie | CAMPAIGN | CAMPAIGN | SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites |
26.9.24 | SloppyLemming | CAMPAIGN | Crypto | Unraveling SloppyLemming’s Operations Across South Asia |
26.9.24 | Salt Typhoon | CAMPAIGN | ISP | China's 'Salt Typhoon' Cooks Up Cyberattacks on US ISPs |
23.9.24 | Earth Baxia | CAMPAIGN | PHISHING | Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC |
19.9.24 | Vanilla Tempest | CAMPAIGN | Ransomware | Highway Blobbery: Data Theft using Azure Storage Explorer |
19.9.24 | Storm clouds | CAMPAIGN | CAMPAIGN | Storm clouds on the horizon: Resurgence of TeamTNT? |
13.9.24 | Proxyjacking | CAMPAIGN | CRYPTOCURRENCY | From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking |
11.9.24 | Crimson Palace | CAMPAIGN | APT | Crimson Palace returns: New Tools, Tactics, and Targets |
11.9.24 | Earth Preta | CAMPAIGN | APT | Earth Preta Evolves its Attacks with New Malware and Strategies |
30.8.24 | Voldemort | CAMPAIGN | CAMPAIGN | The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort” |
30.8.24 | SLOW#TEMPEST | CAMPAIGN | APT | From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users |
16.8.24 | Tusk | CAMPAIGN | Malware | Tusk: unraveling a complex infostealer campaign |
15.8.24 | River of Phish | CAMPAIGN | Phishing | SPEAR-PHISHING CASES FROM EASTERN EUROPE 2022-2024A TECHNICAL BRIEF |
15.8.24 | Earth Baku | CAMPAIGN | CAMPAIGN | A Dive into Earth Baku’s Latest Campaign |
4.8.24 | Panamorfi | CAMPAIGN | DDOS | A New Discord DDoS Campaign |
2.8.24 | ERIAKOS | CAMPAIGN | Scam | "ERIAKOS" Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team |
2.8.24 | CAMPAIGN | The Securonix Threat Research team has been monitoring the threat actors behind the ongoing investigation into the DEV#POPPER campaign, we have identified additional malware variants linked to the same North Korean threat actors using similar, stealthy malicious code execution tactics, though now with much more robust capabilities. | ||
2.8.24 | PHISHING | OneDrive Pastejacking: The crafty phishing and downloader campaign | ||
25.7.24 | CVE-2024-21412 | CAMPAIGN | CVE | Exploiting CVE-2024-21412: A Stealer Campaign Unleashed |
| 20.6.24 | Sustained | CAMPAIGN | CAMPAIGN | Sustained Campaign Using Chinese Espionage Tools Targets Telcos |
| 18.6.24 | Spinning YARN | CAMPAIGN | Malware | Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence |
18.5.24 | Earth Hundun's | Campaign | CyberSpy | Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024 |
10.5.24 | APT28 | Campaign | APT | APT28 campaign targeting Polish government institutions |
| 30.4.24 | DEV#POPPER | Campaign | Campaign | ANALYSIS OF DEV#POPPER: NEW ATTACK CAMPAIGN TARGETING SOFTWARE DEVELOPERS LIKELY ASSOCIATED WITH NORTH KOREAN THREAT ACTORS |
| 25.4.24 | ArcaneDoor | Campaign | Spy | ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices |
| 25.4.24 | FROZEN#SHADOW Attack | Campaign | Campaign | Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover |
| 19.4.24 | BlackTech | Campaign | Cyberespionage | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear |
| 19.4.24 | DuneQuixote | Campaign | Campaign | DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware |
| 17.4.24 | Connect:fun | Campaign | Campaign | In a new threat briefing, Forescout Research – Vedere Labs details an exploitation campaign targeting organizations running Fortinet’s FortiClient EMS which is vulnerable to CVE-2023-48788. We are designating this campaign Connect:fun because of the use of ScreenConnect and Powerfun as post-exploitation tools – our first-ever named campaign. |
| 16.4.24 | SteganoAmor | Campaign | Campaign | SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world |
| 12.4.24 | DarkBeatC2 | Campaign | APT | DarkBeatC2: The Latest MuddyWater Attack Framework |
11.4.24 |
Android |
ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps | ||
11.4.24 |
Virus |
Raspberry Robin Now Spreading Through Windows Script Files | ||
| 28.3.24 | ShadowRay | Campaign | AI | ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild |
| 27.3.24 | RedAlpha | Campaign | Campaign | Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. The campaigns, which we are collectively naming RedAlpha, combine light reconnaissance, selective targeting, and diverse malicious tooling. |
| 12.3.24 | Copybara Fraud Operation | Campaign | Operation | On top of this fraud operation architecture, TAs exploit Social Engineering techniques for distributing the Copybara banking trojan, which typically involves smishing and vishing techniques, leveraging native-speaker operators. In particular, several samples reveal TAs distributing Copybara through seemingly legitimate apps, utilizing logos of well-known banks and names that sound authentic, such as “Caixa Sign Nueva”, “BBVA Codigo”, “Sabadell Codigo”. |
| 7.3.24 | Spinning YARN | Campaign | Campaign | Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence |
| 21.2.24 | SMUGX | Campaign | Campaign | CHINESE THREAT ACTORS TARGETING EUROPE IN SMUGX CAMPAIGN |
| 21.2.24 | Earth Preta | Campaign | Campaign | Earth Preta Campaign Uses DOPLUGS to Target Asia |
2.2.24 | Commando Cat | Campaign | Cryptocurrency | The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker |
18.1.24 |
Mind Sandstorm | Campaign | Campaign | New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs |
10.1.24 |
Campaign |
Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware | ||
24.12.23 |
Campaign |
A Look at the Nim-based Campaign Using Microsoft Word Docs to Impersonate the Nepali Government |