Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Campaigns

Campaign Description
Operation Oilrig Targeted attacks primarily focused on financial institutions and technology organizations within Saudi Arabia. Artifacts identified within the malware samples related to these attacks also suggest the targeting of the defense industry in Saudi Arabia, which appears to be related to an earlier wave of attacks carried out in the fall of 2015.
Operation Dragonfly 2.0 The attack campaign has been active since at least 2015 and focuses on the energy sector. The group behind the attacks gain access to the systems to learn how the victims operation works. From industry research the campaign is believed to be the work of the same actor who was behind the original DragonFly operation.
Operation BRONZE BUTLER The campaign targets a wide range of verticals in Japan with the intent to steal confidential data. The group behind the operation is suspected to operate out of China and has been in operation since at least 2012. The group uses multiple avenues to infect their victims including spear-phishing, compromised websites, and zero-day vulnerabilities.
Operation FALLCHILL The campaign infects systems with the FALLCHILL malware and uses multiple proxies to obfuscate network traffic. The goal of the attacks are to gain sensitive information including operating system information, system name, and other details about the compromised computer.
Operation MuddyWater The attacks targeted victims in the United States and the Middle East in an attempt to steal sensitive information. The group behind the campaign used fake documents claiming to be from the NSA in spear-phishing emails to convince victims to open the malicious attachments.
Operation Volgmer The campaign uses the Volgmer malware to perform various task including stealing information about the compromised host as well as terminating processes and uploading/downloading files. The group has been using the malware since at least 2013 targeting a wide range of sectors.
Operation TRITON The campaign targeted Triconex Safety Instrumented System (SIS) controllers at a critical infrastructure organization in the Middle East in an attempt to modify the safety devices. The operation was first discovered in November 2017 and is reported to be the first malware to target safety systems in the ICS sector.
Operation Dark Caracal The campaign targets a wide range of sectors across the globe in an attempt to steal sensitive information. The operation uses trojanized Android apps as the primary attack vector.
Operation HaoBao The Bitcoin-stealing phishing campaign targets Bitcoin users and global financial organizations with malicious documents that pretend to be for job recruitment.
Operation Gold Dragon The campaign targets organizations involved with the 2018 Pyeongchang Olympics with malicious Microsoft Word documents. The operation used a range of implants to carry the attacks to gain persistence and exfiltrate data. The implants have been labeled Gold Dragon, Brave Prince, Ghost419, and Running Rat.