Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Campaigns

Campaigns Description
Operation Luoxk The campaign performs a range of actions including performing DDOS attacks, the use of GHOST RAT for remote administration, crypto-mining using XMRig, and the use of malicious Android APKs. In 2018 the threat actors behind the operation started exploiting a flaw in the Oracle WebLogic Server component of Oracle Fusion Middleware to carry out the operation.
Operation FELIXROOT 2018 The campaign uses malicious Microsoft Word documents to take advantage of multiple flaws in Microsoft Office. The backdoor dropped on infected systems is capable of uploading/downloading files, stealing system information, and creating a remote shell. The current FELIXROOT backdoor uses documents that claim to contain information related to seminars and environmental protection.
Operation Donot The campaign targets users mainly in South Asia and has been active since at least 2016. The attacks use malicious macros embedded in Microsoft Office documents in an attempt to steal sensitive information. The group behind the operation are known to use the EHDevel and yty malicious code frameworks.
Operation RogueRobin The campaign was discovered in July 2018 and focuses on victims in the Middle East. The attack targeted users with spear-phishing emails containing malicious Microsoft Excel Web Query files in an attempt to steal sensitive information.
Operation Gorgon The campaign targets a range of organizations with both criminal and targeted attacks. The operation uses a range of malware including NjRAT, RevengeRAT, LokiBot, and RemcosRAT in an attempt to gain remote access and steal sensitive information. The threat actors use the URL shortening service Bitly heavily in their attacks to shorten and distribute the operations command and control servers.
Operation Personality Disorder The campaign uses either a malicious attachment or a URL contained in an email message to drop an initial backdoor on the infected system labeled "More_eggs." Successful exploitation allows the threat actors to take control of the computer to gain access to system information and install the final payload known as Cobalt Strike.
Operation Outlook Backdoor The campaign was discovered in 2018 and does not use command and control servers to interact with the remote access Trojan installed on the victim but instead uses malicious PDF documents which are transmitted via email. The threat actors have used the backdoor since at least 2013 to stay under the radar in an attempt to steal sensitive information. The attacks are able to go unnoticed by interacting with Microsoft Outlook using the Messaging Application Programming Interface (MAPI).
Operation Double Infection The campaign targets organizations with spear phishing emails containing two malicious URL's in an attempt to install two backdoors. The attacks pretend to come from financial institutions and are motivated to steal funds from the victims. The attackers behind the operation are focused on companies located in eastern Europe and Russia.
Operation CHAINSHOT The targeted campaign uses multiple stages to carry out the attack and uses malicious Microsoft Excel documents containing a small Shockwave Flash ActiveX object. The operation takes advantage of a flaw in Adobe Flash to drop a final payload responsible for stealing sensitive information from the victim and uploading the data to servers under the threat actors control.
Operation Domestic Kitten The campaign targets users in the Middle East with three malicious mobile apps in an attempt to steal a range of data including call records, contact lists, photos, browser history as well as other information. The operation is suspected to have been in operation since at least 2016.