Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Campaigns

Campaigns Description
Operation MuddyWater The attacks targeted victims in the United States and the Middle East in an attempt to steal sensitive information. The group behind the campaign used fake documents claiming to be from the NSA in spear-phishing emails to convince victims to open the malicious attachments.
Operation Oceansalt The campaign reuses a portion of code from the Seasalt implant (circa 2010) that is linked to the Chinese hacking group Comment Crew. Oceansalt appears to have been part of an operation targeting South Korea, United States, and Canada in a well-focused attack.
Operation DNSpionage The campaign targets government and private companies in the Middle East. The threat actors behind the operation use malicious Microsoft Office documents with embedded macros hosted on fake websites to infected users with malware intended to steal a range of sensitive information. The actors are also known to compromise DNS nameservers to redirect traffic to IP addresses under their control.
Operation STOLEN PENCIL Operation STOLEN PENCIL has been in operation since at least May of 2018 and focuses on users in the academic sector. The threat actors behind the attacks use a malicious Google Chrome extension to gain access to the victim’s network. Once inside the attacker uses Microsoft Windows administration tools including Remote Desktop Protocol (RDP) to maintain persistence. Malware used in the attacks are also able to log keystrokes and change Ethereum wallet addresses to addresses under the threat acto...
Operation Joohn The attack campaign targeted a range of sectors including government, media, and foreign affairs organizations located around the world. The threat actors used multiple tools to carry out the operation including the Cannon and Zebrocy Trojans to steal sensitive information from the victims. The infection vector consisted of spear-phishing emails containing malicious Microsoft Word attachments.
Operation Sharpshooter The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor...
Operation Shamoon v3 A new variant of Shamoon was discovered in late 2018 targeting several sectors, including oil, gas, energy, telecom, and government organizations in the Middle East and southern Europe. Similar to the previous wave, Shamoon Version 3 uses several mechanisms as evasion techniques to bypass security as well as to circumvent analysis and achieve its ends.
Operation Charming Kitten 2018 The threat actors behind the attacks use spear-phishing emails with malicious links and target a range of users around the world including journalist, political entities, and civil and human rights activists. The emails are delivered from known and unknown email or social media and messaging accounts. The attackers also attempt to hide their original location by using VPN's and proxies with Dutch and French IP addresses.
Operation Department The campaign targets a range of users including those in the finance, commercial, food and agriculture, and government sectors. Some of the phishing emails used in the attacks contain attachments with malicious Publisher files while other attacks used Microsoft Word documents to deliver the payload.
Operation Seedworm 2018 The threat actors behind the campaign target multiple sectors in the Middle East, Europe, and North America with a focus on telecommunications, education, government, and oil and gas. The operation uses a range of customized tools to gather intelligence from their victims including Powermud, PowerShell, LaZagne, and Crackmapexec.