Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Campaigns

Campaigns Description
Operation ZooPark The campaign focuses on users in the Middle East in an attempt to infect Android devices with malware. The threat actors behind the operation mainly use waterhole attacks to infect victims to steal sensitive information. The attacks date back to at least 2015 and have been known to also use Telegram channels to infect users.
Operation VPNFilter The attack focuses on networking equipment from various vendors as well as network-attached storage (NAS) devices. The malware used in the campaign has the ability to steal sensitive information and make infected devices unusable. Equipment affected includes those from Linksys, MikroTik, NETGEAR, TP-Link, and QNAP.
Operation Prowli The campaign targets a range of platforms in an attempt to carry out traffic-hijacking and cryptomining. The operation has affected thousands of devices including IoT, modems, and web servers for financial gain.
Operation InvisiMole The campaign consist on two main backdoor components used to spy on its victims in an attempt to steal sensitive information. The malware used in the operation has the ability to record audio using the computer's microphone as well as take screenshots using the system's camera.
Operation HyperBro The threat actors behind the campaign used the HyperBro RAT in the last stage of the attacks to gain access to the infected systems. The operation targeted organizations associated with the government in an attempt to steal sensitive information.
Operation MirageFox The campaign used an updated version of a RAT known as Mirage that dates back to at least 2012. The operation focuses on exfiltrating data from the victim including computer name, cpu information, and username and sends the data back to C2 servers under the attackers control.
Operation TYPEFRAME The campaign targets Microsoft Windows users with malware labeled as TYPEFRAME. The operation uses Microsoft Word documents that contain malicious Visual Basic for Applications macros. The malicious software is capable of modifying firewall rules, installing Remote Access Trojans, and downloading additional malware from command and control servers.
Operation Thrip The campaign targets a range of sectors using off the shelf tools including PsExec, PowerShell, Mimikatz, WinSCP, and LogMeIn in an attempt to gain a foot-hold in the network to steal sensitive information and disrupt operations.
Operation RANCOR The campaigns main focus is for espionage purposes and targets victims in South East Asia. The threat actors behind the attacks use various malware including PLAINTEE and DDKONG. The malicious software used in the attacks are known to have been embedded in compromised websites, weaponized Microsoft Excel documents, and email attachments.
Operation Stolen Digital Certs BlackTech The campaign used code-signing digital certificates stolen from D-Link and Changing Information Technologies to sign malicious files to carry out cyber espionage. The operation's targets were located in the East Asia region including Taiwan, Japan, and Hong Kong.