Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Campaigns

Campaigns Description
Operation Luoxk The campaign performs a range of actions including performing DDOS attacks, the use of GHOST RAT for remote administration, crypto-mining using XMRig, and the use of malicious Android APKs. In 2018 the threat actors behind the operation started exploiting a flaw in the Oracle WebLogic Server component of Oracle Fusion Middleware to carry out the operation.
Operation Leafminer The campaign targets a range of organizations across the Middle East with watering hole attacks, remote exploits, and brute-force logins in an attempt to steal credentials, emails, files, and databases. The group behind the operation are known to use custom malware and backdoors as well as take advantage of public exploits including Heartbleed and EternalBlue.
Operation FELIXROOT 2018 The campaign uses malicious Microsoft Word documents to take advantage of multiple flaws in Microsoft Office. The backdoor dropped on infected systems is capable of uploading/downloading files, stealing system information, and creating a remote shell. The current FELIXROOT backdoor uses documents that claim to contain information related to seminars and environmental protection.
Operation Donot The campaign targets users mainly in South Asia and has been active since at least 2016. The attacks use malicious macros embedded in Microsoft Office documents in an attempt to steal sensitive information. The group behind the operation are known to use the EHDevel and yty malicious code frameworks.
Operation RogueRobin The campaign was discovered in July 2018 and focuses on victims in the Middle East. The attack targeted users with spear-phishing emails containing malicious Microsoft Excel Web Query files in an attempt to steal sensitive information.
Operation Gorgon The campaign targets a range of organizations with both criminal and targeted attacks. The operation uses a range of malware including NjRAT, RevengeRAT, LokiBot, and RemcosRAT in an attempt to gain remote access and steal sensitive information. The threat actors use the URL shortening service Bitly heavily in their attacks to shorten and distribute the operations command and control servers.
Operation TeamViewer/RMS The campaign targeted a range of industrial companies in Russia with phishing emails containing malicious attachments. Successful attacks resulted in the installation of either TeamViewer or RMS on the infected system to allow remote control to the threat actors. The operations main goal was not to gain access to sensitive information but to steal money from the victims.
Operation Phishery The campaign targeted government and educational institutions in the Middle East with malicious Microsoft Word documents in an attempt to steal credentials. The threat actors behind the operation used the open-source Phishery tool to create the documents as well as host the command-and-control server.
Operation Personality Disorder The campaign uses either a malicious attachment or a URL contained in an email message to drop an initial backdoor on the infected system labeled "More_eggs." Successful exploitation allows the threat actors to take control of the computer to gain access to system information and install the final payload known as Cobalt Strike.
Operation Goldfin The campaign targets financial institutions in Commonwealth of Independent States (CIS) countries with malicious attachments in an attempt to install malware from the SOCKSBOT family.