Campaigns

Each campaign entry includes: the threat actor or group behind it, campaign timeline (first observed, last activity), targeted industries and geographies, attack techniques mapped to MITRE ATT&CK, malware families and tools used, indicators of compromise (IOCs) such as C2 IPs and domains, and a campaign summary describing objectives and impact. This consolidated view reduces the research burden on threat intelligence analysts.

SOCRadar's threat intelligence team continuously monitors dark web forums, threat actor Telegram channels, malware sandboxes, and open-source intelligence (OSINT) sources. When a new coordinated attack pattern is identified — consistent malware, shared infrastructure, or claimed responsibility by a threat group — it is analyzed, mapped to the MITRE ATT&CK framework, and added to the Campaigns tracker. Historical campaigns are preserved for longitudinal analysis and attribution research.

Yes. The Campaigns tracker allows filtering by targeted industry (healthcare, financial services, government, manufacturing, etc.) and targeted geography. This helps security teams quickly identify campaigns most relevant to their organization's sector and location. You can also search by threat actor name, malware family, or campaign name to find specific intelligence relevant to your threat model.

During an active incident, campaign intelligence helps answer critical questions: Is this a targeted attack or opportunistic infection? What other tools and techniques does this actor use that we should look for? What is the typical impact and objective of this campaign? Are other organizations in our sector being hit simultaneously? This context accelerates triage, helps predict attacker behavior during containment, and informs post-incident hardening recommendations.