Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Campaigns

Campaigns Description
Operation Tripoli A large-scale campaign was discovered that used Facebook pages to spread malware to mobile and desktop environments with a focus on Libya. The social media pages included malicious links to documents that contained fake information about the latest airstrikes and the capturing of terrorists. The threat actor also set up a fake Facebook page impersonating the commander of Libya’s National Army, Khalifa Haftar, which had more than 11,000 followers.
Operation Topinambour A new campaign was discovered that has been in operation since early 2019. The threat actor behind the operation uses multiple tools including one dropper known as “Topinambour”. Successful exploitation allows the attacker to gain access to sensitive data as well as upload, download, and execute files under their control.
Operation Ratsnif OceanLotus The threat group behind the campaign is using the Ratsnif remote access trojan family to carry out attacks that perform a range of malicious activity including packet sniffing, ARP poisoning, DNS poisoning, HTTP injection, and MAC spoofing. The group of trojans have been under active development since 2016.
Operation Multiple Threat Groups Equation Editor Multiple threat groups with ties to China have updated their arsenal to include the exploit for the Microsoft Equation Editor vulnerability classified under CVE-2018-0798. Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory.
Operation Gelup FlowerPippi The TA505 threat group was found targeting multiple countries including United Arab Emirates, Morocco, Saudi Arabia, India, Japan, Argentina, the Philippines, and South Korea. The actor distributed a range of malware including downloaders, backdoors, and remote access trojans including FlowerPippi, Gelup, and FlawedAmmyy.
Operation Double Dragon The threat group behind the campaign has been in operation since at least 2012 and initially focused on attacking the video game industry. Over time the group expanded their attacks to other sectors around the world including telecom, automotive, education, and travel to name a few. The threat actor is financially motivated in some attacks and focused on stealing sensitive information in others.
Operation Corporate IoT Strontium A state-sponsored attack group was discovered compromising IoT devices including a VOIP phone, an office printer, and a video decoder at multiple companies. The threat actor used the IoT devices to gain an initial foothold into the company and then used various tools and techniques to move across the network and establish persistence.
Operation Sharper Machete A cyber espionage operation was discovered targeting the government, military, education, police, and foreign affairs sectors in the Central and South American regions. The threat actor behind the campaign used spear-phishing emails with malicious attachments to drop the Machete backdoor capable of exfiltrating sensitive information including screenshots, keystrokes, documents, and geolocation.
Operation Cloud Atlas 2019 The Cloud Atlas threat group was discovered targeting multiple sectors with spear-phishing emails that contained malicious Microsoft Office documents. The group focused on high profile targets in Russia, Central Asia, and Ukraine and dropped a backdoor known as VBShower.
Operation Silence Going Global The Silence Group has been in operation since at least 2016 and target financial institutions in multiple countries around the world. The threat actor has updated their arsenal over time and use a range of tools including TrueBot, Ivoke, EDA, and the Atmosphere Trojan to control ATM machines.