Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Campaigns

Campaigns Description
Operation Academia The Silent Librarian threat group, also known as TA407, Cobalt Dickens, and Mabna Institute, targeted entities in the academia sector with a spear-phishing campaign. The threat actor mainly used Freenom domains to host landing pages and ultimately steal sensitive information from its victims.
Operation PortReuse The Winnti Group targeted an unnamed hardware and software company in Asia with the PortReuse malware. The backdoor sits passively on the network waiting on a magic packet from the actor to trigger malicious code. The components of the modular malware are separate processes that communicate using named pipes.
Operation xHunt CASHY200 The threat actor behind the operation is suspected of targeting government organizations in Kuwait with malicious Microsoft Word documents to drop a PowerShell backdoor known as CASHY200. The malware communicates with the actor's command and control servers using DNS tunneling to stay under the radar of security analyst.
Operation Mahalo FIN7 The FIN7 threat group, also known as Anunak, used an in-memory-only tool known as BOOSTWRITE to drop the RDFSNIFFER payload and attack the “Aloha Command Center” client from NCR. The client is a remote administration tool used to manage and troubleshoot payment card processing systems that are running the Command Center Agent. The payload can perform man-in-the-middle attacks, hijack the utility's user interface, change the user's last input time, and upload, download, execute, and delet...
Operation Casbaneiro The Casbaneiro banking trojan targets banks and cryptocurrency services with a focus on entities in Brazil and Mexico. The malware, also known as Metamorfo, attempts to steal credentials from suspected victims using social engineering techniques. The malicious software is capable of gathering a range of data including usernames, system information, and a list of installed software.
Operation Adwind Westnet An attack campaign targeted the petroleum industry in the United States with the Adwind remote access trojan. The malicious software attempted to fly under the radar and steal sensitive information by modifying the registry for persistence, performing process injection, and disabling security tools such as the firewall and anti-virus solutions.
Operation COMpfun Reductor The Turla attack group targeted entities in Russia and Belarus with malware designed to compromise TLS network traffic. The malicious software used during the campaign can gather system information, download and upload files, create processes, and delete a range of files and registry keys.
Operation Year of The Phish The Rancor threat group targeted multiple government entities in the South East Asia region with spear-phishing emails containing a malicious attachment. The attackers used various techniques during the campaign including PowerShell and Scheduled task for execution and persistence to gather and exfiltrate sensitive information from the victims.
Operation Fake Veteran The Tortoiseshell threat group created a phishing website targeted toward U.S. military veterans who were looking for employment. The fake site contained three links to entice the victim to install a malicious application. Once the malware was installed it collected a range of system data and sent the information back to the attacker. The group also deployed a remote access trojan on the infected system known as "IvizTech" for persistence.
Operation Nodersok The attack campaign used various legitimate tools including PowerShell, Node.exe, WinDivert, and MSHTA to attack a range of sectors across the United States and Europe. The threat group behind the operation intended to stay under the radar of security tools by never writing their malicious software to disk and only encrypting, decrypting, and running the malware in memory.