Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Campaigns

Campaigns Description
Operation MuddyWater The attacks targeted victims in the United States and the Middle East in an attempt to steal sensitive information. The group behind the campaign used fake documents claiming to be from the NSA in spear-phishing emails to convince victims to open the malicious attachments.
Operation Personality Disorder The campaign uses either a malicious attachment or a URL contained in an email message to drop an initial backdoor on the infected system labeled "More_eggs." Successful exploitation allows the threat actors to take control of the computer to gain access to system information and install the final payload known as Cobalt Strike.
Operation Outlook Backdoor The campaign was discovered in 2018 and does not use command and control servers to interact with the remote access Trojan installed on the victim but instead uses malicious PDF documents which are transmitted via email. The threat actors have used the backdoor since at least 2013 to stay under the radar in an attempt to steal sensitive information. The attacks are able to go unnoticed by interacting with Microsoft Outlook using the Messaging Application Programming Interface (MAPI).
Operation Double Infection The campaign targets organizations with spear phishing emails containing two malicious URL's in an attempt to install two backdoors. The attacks pretend to come from financial institutions and are motivated to steal funds from the victims. The attackers behind the operation are focused on companies located in eastern Europe and Russia.
Operation Oceansalt The campaign reuses a portion of code from the Seasalt implant (circa 2010) that is linked to the Chinese hacking group Comment Crew. Oceansalt appears to have been part of an operation targeting South Korea, United States, and Canada in a well-focused attack.
Operation GreyEnergy The campaign mainly targets industrial control system workstations running SCADA software at energy companies in Ukraine and Poland. The operation attempts to gain access by targeting an organizations Internet facing website or by sending malicious attachments in spear phishing emails. The malware used in the attacks is similar to the BlackEnergy malware which was used against the Ukrainian energy industry back in 2015.
Operation BadPatch The ongoing operation dates back to at least 2012 and targets users with malicious spear phishing emails to steal sensitive information. The attackers also compromise WordPress websites to exploit visitors with a vulnerability in various Microsoft software. The threat actors use either a blank Microsoft Word document, a Microsoft Word file with an error message, or an Adobe Flash file as decoys. The campaign also targets Android devices with malware in an attempt to steal a range of information ...
Operation POWERSHOWER The campaign takes advantage of flaws in Microsoft Word in an attempt to drop a PowerShell backdoor labeled "POWERSHOWER" onto the infected system. The malware is capable of stealing sensitive information from the compromised machine and uploading to a command and control server under the attackers control. The operation also removes traces of itself including files and registry entries to make post infection analysis difficult.
Operation Mystery Baby The campaign targets South Korean users with malicious software disguised as a security application in an attempt to steal sensitive information. The cyber espionage attack uses spear phishing emails to take advantage of a flaw in Microsoft Office to gain access to the computer system.
Operation Shaheen The ongoing campaign is focused on attacking the Pakistani government and military in an attempt to spy on the victims as well as steal sensitive information. The threat actors behind the operation use a combination of off-the-shelf and custom tools to carry the attacks. The malware used in the campaign is also coded to evade multiple anti-virus solutions to stay under the radar.