Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Campaigns

Campaign Description
Operation Dropping Anchor A new targeted campaign against the financial, manufacturing, and retail sectors in the United States and Europe was discovered in October 2019. The operation focused on Point-of-Sale systems and used multiple malware families including Trickbot and the Anchor backdoor. The group also used various tools for reconnaissance and lateral movement including Meterpreter, PowerShell Empire, and Cobalt Strike.
Operation Waterbear API Hooking The cyberespionage group BlackTech has continued their Waterbear campaign against targets in East Asia. The threat actor's recent attacks deployed a new API hooking technique to avoid detection by injecting code into a specific security application to hide the backdoor.
Operation GALLIUM Global Telecom The GALLIUM threat group targeted telecommunication providers to steal sensitive information. The actor focused on vulnerabilities in internet-facing services to gain initial access and used a range of tools for persistence and lateral movement including HTRAN, Mimikatz, web shells, and multiple RATs.
Operation macOS Cryptocurrency The Lazarus group is suspected to be behind an attack that uses a fake website to target crypto-currency exchange users or administrators. The site contains a malicious unsigned application which installs a launch daemon for persistence and invokes a function to gather system information from the infected host.
Operation ZeroCleare The OilRig threat group, also known as APT34, is suspected to be behind a destructive attack against the energy and industrial sectors in the Middle East. The operation used malicious software to overwrite the Master Boot Record (MBR) and disk partitions on Microsoft Windows targets. The actor deployed the legitimate EldoS RawDisk toolkit to carry out the attacks and used various techniques during the campaign including PowerShell, code signing, WMI, and Group Policy Objects (GPO).
Operation Balkan Toolset An unknown attacker targeted the financial sector in the Balkans region with spear-phishing emails containing links to malicious documents. The campaigns focus was to drop both the BalkanRAT and BalkanDoor onto victims' computers. The operation used various techniques for persistence and to stay under the radar including disabling security tools, obfuscation, code signing, and process injection.
Operation ENDTRADE The Tick cyber group, also known as BRONZE BUTLER and REDBALDKNIGHT, targeted multiple sectors with a focus on organizations in Japan and subsidiaries in China. The operation delivered spear-phishing emails from hijacked email addresses with enticing subject lines to convince the victims to open the malicious attachments.
Operation MoonLight 2019 The Moonlight cyber organization targeted the Middle Eastern region with spear-phishing emails which contained malicious attachments. The group, also known as Gaza Hacker Team, XtremeRAT, Molerats and DustSky, used various techniques to stay under the radar including obfuscation, PowerShell, and cloud service providers for command and control.
Operation Behind The Second Stone The Lazarus Group used compromised websites as command and control servers to host a second-stage ASP page. The operation used various techniques for defense evasion including obfuscation, encoding, and non-standard ports.
Operation Government Imposter The TA2101 threat group targeted a range of sectors in Germany, Italy, and the United States with spear-phishing emails that contained a malicious Microsoft Word document. The spoofed emails were sent from multiple senders that appeared to come from various entities including the German Federal Ministry of Finance, the Italian Revenue Agency, and the United States Postal Service. Malware used during the operation included the IcedID banking Trojan, Maze ransomware, and Cobalt Strike.