Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Campaigns

Campaigns Description
Operation Dragonfly 2.0 The attack campaign has been active since at least 2015 and focuses on the energy sector. The group behind the attacks gain access to the systems to learn how the victims operation works. From industry research the campaign is believed to be the work of the same actor who was behind the original DragonFly operation.
Operation FALLCHILL The campaign infects systems with the FALLCHILL malware and uses multiple proxies to obfuscate network traffic. The goal of the attacks are to gain sensitive information including operating system information, system name, and other details about the compromised computer.
Operation MuddyWater The attacks targeted victims in the United States and the Middle East in an attempt to steal sensitive information. The group behind the campaign used fake documents claiming to be from the NSA in spear-phishing emails to convince victims to open the malicious attachments.
Operation TRITON The campaign targeted Triconex Safety Instrumented System (SIS) controllers at a critical infrastructure organization in the Middle East in an attempt to modify the safety devices. The operation was first discovered in November 2017 and is reported to be the first malware to target safety systems in the ICS sector.
Operation Dark Caracal The campaign targets a wide range of sectors across the globe in an attempt to steal sensitive information. The operation uses trojanized Android apps as the primary attack vector.
Operation HaoBao The Bitcoin-stealing phishing campaign targets Bitcoin users and global financial organizations with malicious documents that pretend to be for job recruitment.
Operation GhostSecret The campaign targets a range of sectors around the world in an attempt to steal sensitive information. The group behind the operation used multiple implants, tools, and malware variants to carry out the attacks.
Operation Kwampirs The campaign targets the healthcare sector with a backdoor Trojan called "Kwampirs" in an attempt to steal sensitive information. The group behind the attacks has been in operation since at least 2015 and do not try to hide their actions.
Operation ZooPark The campaign focuses on users in the Middle East in an attempt to infect Android devices with malware. The threat actors behind the operation mainly use waterhole attacks to infect victims to steal sensitive information. The attacks date back to at least 2015 and have been known to also use Telegram channels to infect users.
Operation VPNFilter The attack focuses on networking equipment from various vendors as well as network-attached storage (NAS) devices. The malware used in the campaign has the ability to steal sensitive information and make infected devices unusable. Equipment affected includes those from Linksys, MikroTik, NETGEAR, TP-Link, and QNAP.