Come, study threat actor campaigns from our eyes!

Campaigns is a unified digest of information regarding threat actor campaigns for you to use for improving your security. Each campaign includes IOCs, Domains, Reports ,Tweets and News regarding the threat actor operation. Being able to reach that many information conveniently is not only improves the security but also make one to be aware of their threat landscape. For reaching the recent campaigns we suggest you to initiate a free access!

Grandoreiro Malware Campaign: A Global Threat to Banking Security

Banking Trojan
Global Campaign

The cybercriminals behind the Windows-based Grandoreiro banking trojan have resurfaced in a global campaign beginning in March 2024, following a major law enforcement operation in January. These extensive phishing attacks, likely enabled by other threat actors through a malware-as-a-service (MaaS) model, are targeting over 1,500 banks worldwide. The attacks are affecting more than 60 countries across Central and South America, Africa, Europe, and the Indo-Pacific region, as reported by researchers

07 June 2024

Malvertising Attacks: A New Threat for Windows Administrators - PuTTy and WinSCP


In March 2024, attackers initiated a sophisticated campaign by distributing compromised installers for WinSCP and PuTTY through malicious ads. These installers contained a renamed pythonw.exe file, which loaded a malicious DLL, side-loading a legitimate DLL to inject a Sliver beacon via reflective DLL injection. This allowed the attackers to establish persistence, download additional payloads, steal data, and deploy ransomware with tactics resembling those of the BlackCat/ALPHV group.

13 June 2024

Black Basta is Bombarding Organisations with Fake Emails and Phone Calls


Recently, a new cyber attack campaign called "Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls" has been targeting organizations by attempting to steal information through fake emails and phone calls. This campaign is aggressively ongoing, aiming to compromise organizational security and obtain sensitive data.

17 May 2024

Scattered Spider Strikes Again: The Group Behind the MGM Attack Launches a New Campaign Targeting the Financial Sector

Black Cat/ALPHV
MGM Resorts

Scattered Spider, a hacking group previously linked to cyberattacks on MGM Resorts and Clorox, has recently shifted its focus to the financial sector. This cybercriminal group employs sophisticated techniques including social engineering, data theft, and ransomware to target banks and insurance companies. The FBI and CISA have issued advisories warning about the group's methods, which include the deployment of ransomware such as BlackCat/ALPHV to encrypt and extort their targets.

03 June 2024

GuptiMiner's Campaign: The Trojan Tango of Infiltrating Antivirus Updates for Digital Deception

dns text
dns server

Researchers have detected a malware campaign in which North Korean hackers used eScan antivirus updates to install backdoors and GuptiMiner for crypto mining on large networks. The campaign linked to Kimsuky involved multiple types of backdoors and was neutralized by eScan on July 31, 2023, following alerts to India's CERT.

03 June 2024

New Threat Wave from Earth Freybug: Unapimon Malware Campaign


Researchers report new technical details of an "Unapimon" malware campaign attributed to Earth Freybug that leverages dynamic link library (DLL) hijacking and application programming interface (API) disabling to prevent child processes from being offloaded to other processes."

18 April 2024

Latin America Under Threat: The Venom RAT Campaign's Cyber Invasion Initiative


TA558, a notorious threat actor, has reemerged with a formidable phishing campaign targeting diverse sectors across Latin America. Employing sophisticated tactics, the group aims to deploy Venom RAT to infiltrate systems and carry out financial crimes.

18 April 2024

Unveiling the ShadowRay Campaign: Exploiting Critical Ray Framework Vulnerabilities to Target and Compromise AI Workloads Globally


Since September 5, 2023, the 'ShadowRay' campaign, led by anonymous hackers, has been exploiting a hidden vulnerability in the Ray framework to capture resources in the Education, Cryptocurrency and Biopharma sectors. Developed by Anyscale, Ray is crucial for scaling AI and Python applications used by large companies such as Amazon and OpenAI. This breach, which has garnered more than 30,500 stars on GitHub, indicates a significant threat in the field of cyber espionage. Researchers found that hundreds of exposed Ray servers were compromised via CVE-2023-48022, giving attackers access to sensitive information such as artificial intelligence models. environment variables, production database

04 April 2024

Digital Deception: The LESLIELOADER Campaign's Mastery of Malware Misdirection

SPARKRAT Loader Update
Cyber Campaign SPARKRAT
Ongoing Cyber Threats

It was found by cybersecurity researchers that the SPARKRAT malware was deployed using an undocumented Golang installer, allowing it to execute undetected on target systems. Although SPARKRAT's project has been discontinued, it is still being modified for use in targeted attacks, most notably in the "DRAGONSPARK" campaign against East Asian organizations.

27 March 2024

VCURMS Malware Campaign: Hackers Use AWS and GitHub to Attack Browsers


Cybersecurity researchers have uncovered a major threat: the "Vcurms" malware. It leverages email for command and control, utilizes AWS and GitHub for storage, and employs a commercial protector to evade detection. Targeting Java-installed platforms, it poses a serious risk, granting attackers full control upon infiltration.

25 March 2024

Cyber Pandemonium Unleashed: Tracing the Trail of Sophisticated Linux Malware Campaign

Spinning Yarn

The researchers' latest discovery uncovered a sophisticated Spinning Yarn malware campaign focused on misconfigured Linux servers with popular cloud services. The cryptojacking campaign involving Linux malware misconfigured Apache Hadoop, Confluence, Docker, and Redis with new and unique malicious payloads. targets examples,

25 March 2024

Unseen Threat Infiltrating Redis Servers: The Migo Malware Campaign and Emerging Dangers

Migo Threat
Redis Servers
Linux Malware

In February, security researchers encountered a new malware campaign targeting Redis for initial access. The malware, dubbed Migo by developers, aims to compromise Redis servers in order to mine cryptocurrency on the underlying Linux host.

03 March 2024

Unleash AndroxGh0st: Master the Art of Python Malware for Dominance Over AWS and Microsoft 365 Accounts


The AndroxGh0st malware is written in Python and usually targets Simple Mail Transfer Protocol (SMTP) to enable spamming. AndroxGh0st specifically targets cloud environments — in particular, AWS secrets — and exploits vulnerabilities in web applications running in the cloud to maintain a foothold.

31 January 2024

RE TURGENCE: Turkish Hackers' New Target - MSSQL Servers

RE TURGENCE campaign by Turkish hackers using Mimic ransomware to target weak Microsoft SQL servers in the US, EU and Latin America. This campaign, uncovered by Securonix, aims to exploit vulnerabilities for financial gain by selling access or installing ransomware on compromised hosts.

25 January 2024

Campaign Alert: The Year-Long Shadow of AsyncRAT in U.S. Infrastructure

credential stealer

Researchers have identified a campaign to unwittingly distribute AsyncRAT to victim systems. For at least 11 months, this threat actor attempted to deliver the RAT via an initial JavaScript file embedded in the phishing page. Even after 300+ samples and 100+ domains, the threat actor remains persistent in its intent.

25 January 2024

WordPress Under Siege: The Expansive Reach of Balada Injector Malware


Balada Injector is a significant and persistent malware campaign that primarily targets WordPress websites. Active since 2017, this campaign has infected over a million WordPress sites. Its main strategy involves exploiting vulnerabilities in WordPress themes and plugins, employing various techniques for this purpose.

17 January 2024

Operation Triangulation Most Sophisticated Attack Chain Ever Seen


Operation Triangulation is the recent sophisticated cyber attack campaign, known for its complex and multifaceted nature. It involves a series of attacks aimed at distributing malicious software and stealing sensitive information. Security experts closely analyzed the targets and impacts of such attacks.

29 December 2023

In the Shadow of Digital Threats: The Rise of Cyber Av3ngers

Cyber Av3ngers
Critical Infrastructure
Programmable Logic Controllers

Cyber Av3ngers is a threat actor group associated with Iran's Islamic Revolutionary Guard Corps (IRGC). This group aims to create confusion and a perception of high risk through technically simple hacks.

27 December 2023

From Data Insights to Cyber Threats: The Tale of Qlik Sense and Cactus Ransomware

Qlik Sense
Manage Engine

Cactus ransomware is a type of ransomware that has been active since March 2023, targeting large commercial organizations. Cactus attempts to identify local and network user accounts and accessible endpoints within a network. This ransomware possesses a new encryption and also employs double extortion tactics to get paid ransom. . Cactus gains initial access to targeted networks by exploiting known vulnerabilities in VPN devices. It makes detection difficult by encrypting itself, thereby successfully bypassing antivirus and network monitoring tools.

27 December 2023

Excel's Blind Spot: Hackers' Strategy to Spread Agent Tesla Malware

Agent Tesla

Cyber attackers are exploiting an old Microsoft Office vulnerability to distribute a strain of malware known as Agent Tesla. These campaigns use decoy Excel documents in invoice-themed messages to deceive users into activating the CVE-2017-11882 vulnerability. The vulnerability allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". Agent Tesla functions as a Remote Access Trojan (RAT) and information stealer, built on the .NET framework.

26 December 2023

Global Chain of Deception:''Unraveling the Konni Campaign's Cyber Intrigue''


This campaign extracts information from devices and executes commands using a Remote Access Trojan (RAT). This campaign, which has been going on for years, uses a variety of methods for initial access and load delivery. Later in this campaign, FortiGuard Labs detected a Word document containing a malicious macro in Russian. Although the document was created in September, activity on the campaign's control server continues.

01 December 2023

Cybercriminals Are Misusing Google Ads to Trick Users into Installing Trojanized WinSCP Software


A new ongoing campaign has been observed that lures users mimicking download of a legitimate software, WinSCP which is a popular SSH/SCP connection platform. Threat Actors are taking advantage of Google's Dynamic Search Ads (DSA) mechanism. DSAs are designed to automatically generate ads based on a website's content.But in this case, they are being used maliciously to create negative advertising. This strategy is particularly insidious because it exploits users' trust in legitimate advertising services such as Google and the usual expectation that search engine results are trustworthy. The effectiveness of this approach lies in its subtlety

24 November 2023

Pay Attention to Magecart While Shopping


Magecart, inspired by ecommerce platform Magento, is a type of cyberattack that targets online businesses with the goal of stealing sensitive information, including payment card data. These attacks are a form of web skimming and derive from the Magecart hacker group that began in 2015 targeting several well-known global brands.

26 October 2023

Threat Actors Deploy FreeWorld Ransomware by Hijacking MSSQL Servers on DB Jammer

Cobalt Strike

Threat actors working as part of DB JAMMER attack campaigns are compromising exposed MSSQL databases using brute force attacks and appear to be well tooled and ready to deliver ransomware and Cobalt Strike payloads.

13 September 2023

Unknown Threat Actor Uses Chaos Ransomware Variant Yashma To Target English Speaking Countries In Addition To Bulgaria, China and Vietnam


Yashma, first described by the BlackBerry research and intelligence team in May 2022, is a rebranded version of another ransomware strain called Chaos. A month prior to its emergence, the Chaos ransomware builder was leaked in the wild.

25 August 2023

Mallox Ransomware Group Becomes A Very Active Threat


The group tracked as Mallox aka TargetCompany, Fargo and Tohnichi - tends to break into target networks through vulnerable SQL servers lately. Mallox attacks in 2023 are known to have increased by %174, compared to 2022.

14 August 2023

Gamaredon Steals Data Too Quickly


The Ukraine Computer Emergency Response Team (CERT-UA) begins to warn entities about stealing data 30 minutes after the first security breach by the Russian-linked APT group Gamaredon (aka UAC-0010).

19 July 2023

An Ongoing DDoS Campaign Targeting Sweden


NoName057 was among the first to respond, warning of a cyberattack on Sweden. NoName removed the websites of the Swedish Ministry of Finance and rail carrier SJ AB on 28 June. In the following days, known and unknown such as AnonymousSudan, Team 1919, Islamic Hacker Army, Host Kill Crew, USA NEXUS HACKER, Mysterious Team Bangladesh, KEP TEAM, UserSec Collective, Team Heroxr, Electronic Tigers Unit, Team R70, GANOSEC TEAM and Turkish Hack Team The hacker group carried out DDoS attacks on many websites of Sweden.

20 July 2023

Chinese Threat Actors Target European Ministries And Embassies With HTML Smuggling In Smugx Campaign

Mustang Panda

SmugX-related attacks have been observed since December 2022. The threat actors behind the campaign are using innovative distribution methods to distribute a variant of PlugX, a widely used malware associated with various Chinese threat actors. Researchers are monitoring the campaign and have identified links to a previously reported campaign attributed to RedDelta and Mustang Panda.

11 July 2023

Darknet Parliament(KILLNET,ANONYMOUS SUDAN,REVil) Tries to Paralyze the West's Financial System


Darknet Parliament, the term introduced by the notorious hacktivist group KillNet, has quickly gained traction, becoming the latest buzzword in the cyber media. KillNet introduced the phrase in a Telegram post on June 16.In the post, they outlined a plan to attack Europe’s banking system.

27 July 2023

Volt Typhoon (aka, The Bronze Silhouette) Targets Critical US Infrastructure with Living Of The Land Techniques

Bronze Silhouette
Living Of The Land
LOL Bins

BRONZE SILHOUETTE has been active since at least 2021 and primarily targets the US government and defense organizations for intelligence gathering purposes. The group leverages vulnerable internet-facing servers to gain initial access and often uses a web shell for persistence.

14 June 2023

Medusa Ransomware Won't Stop


Ransomware operation Medusa became operational in June 2021, according to Bleeping Computer. However, it gained significant momentum in 2023, targeting corporate victims worldwide with multimillion-dollar ransom demands. The ransomware gang has stepped up its effectiveness by launching a "Medusa Blog" in its recent rise. The platform serves to attract media attention by leaking data from victims who refuse to pay the ransom.

13 June 2023

Pipedream Malware Continues to Shred Industrial Systems

Industrial Control System

In 2022, the Chernovite threat group created Pipedream, a new modular malware designed to attack Industrial Control Systems (ICS). This powerful toolset has the potential to launch devastating and devastating attacks on tens of thousands of critical industrial devices.

09 June 2023

MOVEit Strikes With All Its Power


A new wave of mass attacks targeting popular file transfer tool MOVEit Transfer has been linked by security researchers to the Clop ransomware gang. The vulnerability exploited by hackers allows them to gain unauthorized access to the database of the affected MOVEit server.

08 June 2023

Xworm Enters Through the Door Follina Left Open


Security researchers have identified a new wave of attacks using XWorm malware that exploits the Follina vulnerability. XWorm is a government-sponsored remote access trojan (RAT), the Follina vulnerability is a critical vulnerability in Microsoft Windows systems that was first disclosed in 2022.

21 June 2023

Smoke Loader Bill Trap

Smoke Loader

Based on the Ukraine Computer Emergency Response Team (CERT-UA), the SmokeLoader malware is now spreading through a phishing campaign using traps focused on bills. A ZIP folder containing a fake document and a JavaScript file is attached to emails that the agency says were sent from hacked accounts.

21 June 2023

Archipelago Hide Office Documents and Cover Up Sneak Campaign With Recon Shark

Recon Shark

The North Korean state sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign

01 June 2023

Iranian Hackers Participate in Papercut Attacks


State-sponsored threat actors named Mint Sandstorm and Mango Sandstorm, both based in Iran, are taking advantage of unpatched PaperCut instances. Microsoft reports that Mango Sandstorm exploitation activity is still minimal, with operators connecting to organizations’ C2 infrastructure using tools from prior intrusions; in contrast, Mint Sandstorm exploitation activity appears opportunistic, affecting businesses across industries and regions.

01 June 2023

Decoding the Spear-Phishing Tactics of SEABORGIUM and TA453 in the UK


SEABORGIUM and TA453 are Russia-based and Iran-based threat actors conducting spear-phishing campaigns targeting organizations and individuals in the U.K. and other areas of interest. They target various sectors, including academia, defense, governmental organizations, and NGOs, using personalized phishing emails to compromise the victims' credentials and gain access to sensitive information.

14 July 2023

Raspberry Robin Global USB Malware Campaign

USB Malware
Qnap Worm

The Raspberry Robin malware campaign has been spreading around the world since it first surfaced in late 2021. "Raspberry Robin" is the name of a set of events from Red Canary that we first observed in September 2021, which often includes a worm installed via a USB drive.

01 June 2023

Graphiron Threat From Nodaria(UAC-0056) To Ukraine


The Russia-linked Nodaria group has installed a new threat, using a wide variety of information from infected computers to play.The Nodaria espionage group (aka UAC-0056) is using a new combination of information stealing malware against browsing in Ukraine. The malware (Infostealer.Graphiron) was designed to gather a wide variety of information written in Go from the infected computer, including system information, credentials, screen content, and files.

01 June 2023

Domino Effect


Former members of the Conti ransomware group use malware developed by the FIN7 group for financial purposes, compromising systems for follow-on exploits; FIN7 has used the "Domino" tool in its attacks since at least last October.

01 June 2023

Hoodoo Uses Google C2 Red Team Tool as Payload


In a strategy change, China-linked APT41 targeted a Taiwanese media outlet and an Italian employment agency with standard, open-source penetration testing tools. The Chinese state-sponsored hacking organization APT 41, also known as HOODOO, targets various industries in the US, Asia, and Europe.

01 June 2023

Anonymous Sudan Continues to Attack


The world of cyberattacks continues to evolve with the emergence of new hacktivist groups that target different countries for various political reasons. One such group that has been making headlines is KillNet Anonymous Sudan, which is affiliated with the pro-Russian hacktivist group KillNet.

02 June 2023

Operations From APT36 To Government Agencies

Transparent Tribe

APT36 is an advanced persistent threat group attiributed to Pakistan taht primarilly targets users working at Indian government organizations.SideCopy APT is a Pakistani threat actor operating since at least 2019,targeting mainly South Asian countries and more specifally India and Afghanistan.

01 June 2023

Hack For Hire Group Targets Legal, Finance and Travel Institutions


Unlike malware-as-a-service (MAAS), hacking-for-hire companies carry out sophisticated, hands-on attacks and exploit vulnerabilities in executing their campaigns, according to a report by researchers Their interest in gathering sensitive business information leads us to believe that DeathStalker is a group of mercenaries offering hacking-for-hire services, or acting as some sort of information broker in financial circles.

02 June 2023

Unleashing the Threat: Inside the SmoothOperator Supply Chain Attack on 3CX VOIP Desktop Client

Supply Chain Attack

A new supply chain attack called SmoothOperator is currently targeting 3CX's VoIP desktop client, which could cause significant impact due to the company's diverse and valued customer profile. The attackers use a trojanized version of the software to steal information from Windows and macOS users.

12 July 2023

Adversary-in-the-Middle: The Rise of AiTM Phishing Kits and the Threat Posed by DEV-1101


AiTM phishing kits, such as those developed by DEV-1101, are increasingly replacing less advanced forms of phishing. These kits can bypass MFA using reverse-proxy functionality and are available for purchase by cybercriminals, lowering the barrier of entry for cybercrime. DEV-1101 offers an open-source kit that automates phishing activity and provides support services to attackers. Since its release in May 2022, the kit has been continually enhanced with features such as managing campaigns from mobile devices and CAPTCHA evasion, making it attractive to actors with varying motivations and targets in any industry or sector.

19 June 2023

Earth Lusca


Earth Lusca is a sophisticated cybercrime group. According to reports from cybersecurity firms. They use a variety of tactics and tools to carry out their attacks, including spear-phishing emails, social engineering, and malware such as remote access trojans (RATs) and credential stealers.

04 April 2023

APT5 Smashes Citrix's Networks


APT5 is a sophisticated cyber espionage group that is believed to be based in China and has been active since at least 2007. The group primarily targets high-tech and telecommunications firms across the US, Europe, and Asia, using advanced malware and zero-day exploits to gain unauthorized access to networks and steal sensitive information.

29 March 2023

Dalbit's Ingenuity

Fast Reverse Proxy

Dalbit is a threat actor group recently discovered to have targeted Korean organisations. Their usual tactic is to target SQL and Web Servers with exploits to upload web shells. Through these web shells, additional tools such as binaries for privilege escalation, proxy tools, and scanning tools are downloaded. Upon initial foothold, FRP (Fast Reverse Proxy) is deployed to connect back to their Command-and-Control server or another victim's server via RDP. It appears that the end goal is to eventually deploy ransomware on their victims.

19 June 2023

Hiatus.RAT Data Thieves


A new malware campaign, Hiatus, targets business-grade routers to spy on Latin America, Europe, and North America victims. The campaign deploys two malicious binaries, a remote access trojan called HiatusRAT, and a variant of tcpdump that can capture packet capture on the target device.

12 July 2023

Communication Barrier from KillNet


Active since at least January 2022, KillNet has evolved from initially a leased DDoS service to a full-fledged threat group. Group distributed denial of service (DDoS) attacks birth website servers to get hit. While KillNet's ties to official Russian government agencies, such as the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service, have not been confirmed, the group is involved in the group, including the health services. should be viewed as a threat to government and critical infrastructure organizations.

28 February 2023

ESXiArgs: The Consequences of Infection


ESXiArgs is a ransomware strain that has been reported to have infected over 3000 hosts in several countries, including France, Germany, the Netherlands, the U.K., and Ukraine. The ransomware is suspected to be based on the leaked Babuk ransomware code and is believed to be targeting end-of-life ESXi servers or ESXi servers that do not have the available ESXi software patches applied.

12 July 2023

From Lazarus''No Pineapple''

Hidden Cobra

The North Korean hacker group Lazarus APT 38 ,has been active since 2009. They were a group of criminals with an indeterminate number of criminals. However, due to their intended nature, methods, and threats on the web, they were classified as an Advanced Persistent Threat. The cybersecurity community gathers these under other names such as Zinc and Hidden Cobra.

14 July 2023

The Face of Disaster: Turkey and Syria Earthquake


February 6, 2023, Turkey and Syria woke up to the morning of a major natural disaster. Two devastating earthquakes, 7.7 and 7.6 magnitudes, struck southeastern Turkey and Syria, with millions of people in dozens of different cities affected, and the death toll exceeded thousands. The Turkish government declared a Level 4 alert, the highest level, and requested international assistance for the disaster area.

13 February 2023

Messy Adventures of Cozy Bear

The Dukes
Cozy Bear

Cozy Bear, also known as APT29, is a sophisticated advanced persistent threat (APT) group believed to be associated with the Russian government. The group has been active since at least 2008. It has been linked to several high-profile cyber espionage operations, including the 2016 hack of the Democratic National Committee (DNC) in the United States. Cozy Bear is known for its sophisticated techniques and ability to remain undetected for long periods of time within compromised networks.

14 July 2023

Aoqin Dragon


Aoqin Dragon is a known threat actor that has been active since 2013 and primarily targets government, education, and telecommunication organizations in Southeast Asia and Australia.

10 February 2023

Red Menshen: A Look into the Chinese Cyber Espionage Threat

Red Dev 18

Red Menshen, a China based threat actor, which has been observed targeting telecommunications providers across the U.S, Turkey, Middle East and Asia, as well as entities in the government, education, and logistics sectors using a custom backdoor referred as BPFDoor.

09 February 2023

Glupteba: The Blockchain-Enabled Modular Malware


Glupteba is a complex and advanced form of malware that has been affecting Windows devices globally since 2019. It utilizes blockchain technology and has multiple modules that can be used for various malicious activities,

14 July 2023

Exploit of Romcom RAT's


The RomCom RAT is a malicious software program used by a threat actor to remotely control compromised systems, often by impersonating well-known brands and deploying fake versions of legitimate software through phishing campaigns.

14 July 2023

Bronze President


Bronze President is a likely Chinese government-sponsored threat group that has been active since at least 2012. It is known for conducting cyber-espionage campaigns targeting organizations and individuals in the Asia-Pacific region and beyond.

09 February 2023

Who will be Earth Bogle's Victims in North Africa and the Middle East?


The campaign is active, and currently, threat actors are targeting victims with NjRAT (also known as Bladabindi) in the Middle East and North Africa.

14 July 2023

StrongPity Expand It's Target


StrongPity, also known as APT-C-41 and Promethium, is a cyber espionage group that has been active since at least 2012. The group's initial focus was on targeting individuals and organizations in Syria and Turkey, but their campaigns have since expanded to encompass a wider range of targets across Africa, Asia, Europe, and North America. The group uses various methods such as watering hole attacks and phishing messages to infiltrate targeted systems and steal sensitive information. These attacks are designed to activate the killchain, which is the sequence of actions taken by the attackers to gain access, establish control, and exfiltrate data from the targeted systems.

14 July 2023

World Cup Qatar


The 2022 FIFA World Cup is scheduled to be the 22nd running of the FIFA World Cup competition, the quadrennial international men's football championship contested by the senior national teams of the member associations of FIFA. It is scheduled to take place in Qatar from 20 November to 18 December 2022. This will be the first World Cup ever to be held in the Arab world, and the second World Cup held entirely in Asia after the 2002 tournament in South Korea and Japan.[a] In addition, the tournament will be the last to involve 32 teams, with an increase to 48 teams scheduled for the 2026 tournament in the United States, Mexico, and Canada.

28 January 2023

Cyber Risk to the Oil and Gas Industry


There has been significant interest within the offshore oil and gas industry to utilise Industrial Internet of Things (IIoT) and Industrial Cyber-Physical Systems (ICPS). There has also been a corresponding increase in cyberattacks targeted at oil and gas companies.

14 November 2022

The New Target: Immigrations


Financial and investment entities, including those involved in the decentralized finance (DeFi) and cryptocurrency markets, are being actively targeted by a group of hackers identified as TA4563, who are leveraging Evilnum malware.

14 November 2022

Cyber Security in Elections

election security

In recent years, the effect of cyber operations on the elections of countries has been increasing rapidly and it has been observed that interstate operations are carried out with cyber espionage campaigns.

14 November 2022

The Return of Emotet


The notorious Emotet malware is staging a comeback of sorts, months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. While the malware maintainers remain unknown, this campaign suspiciously coincides with the Russian invasion of Ukraine.

14 November 2022

Prestige Ransomware: Targeting Ukraine & Poland

Prestige Ransomware

A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. "The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper)," the Microsoft Threat Intelligence Center (MSTIC) said.

28 January 2023

Russia - Ukraine Cyberwar


The day before the invasion of Ukraine by Russian forces, a new wiper malware sample spreading across Ukrainian companies is observed. An hour before the invasion, an IssacWiper attack against government websites was recorded. Moreover, cyber-attacks continued in March, as well, with the CaddyWiper malware which infiltrated the systems of several Ukrainian organizations, from both the government and the financial sectors.

28 January 2023


Microsoft Exchange Server Zerodays

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.

28 September 2022

Attacks on industrial control systems using ShadowPad


Researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan. These infected machines includes engineering hardware systems related to automation systems Infected machines includes engineering computers used in building automation systems.

28 January 2023

Operation AppleJeus: North Korea’s Cryptocurrency Malware

North Korea

After releasing Operation AppleJeus, the Lazarus group continued to use a similar modus operandi in order to compromise cryptocurrency businesses.

14 November 2022



Austin, Texas-based SolarWinds sells software that lets an organization see what's happening on its computer networks. Hackers inserted malicious code into an update of that software, which is called Orion. Around 18,000 SolarWinds customers installed the tainted update onto their systems

28 September 2022

Operation Quicksand: MuddyWater's Attacks to Israeli Organizations


During September 2020, identified a new campaign targeting many prominent Israeli organizations was identified. The campaign was attributed to the Iranian threat actor ‘MuddyWater’ (also known as TEMP.Zagros, Static Kitten and Seedworm).

28 January 2023



Many threat actors are leveraging the high level of global anxiety around the spread of the Coronavirus and are using it to gain initial access to their victim ictim’s network and launch their campaigns. The common factor among these campaigns is the use of social engineering techniques to manipulate their victims into trusting their malicious scams.

28 January 2023

US Federal Agencies Targeted by Kitten's

Nemesis Kitten
Charming Kitten

An APT group called Nemesis Kitten, which has ties to Iran, reportedly directed its attack towards an unidentified U.S. federal agency, with some suspicions suggesting the targeted entity was the U.S. Merit Systems Protections Board. The group infiltrated the agency's network and loaded cryptocurrency-mining software onto it.

28 March 2023

Magniber Ransomware Used a Variant of Microsoft SmartScreen Bypass with Malformed Signature


Magniber ransomware, which targeted Asian countries in 2017, continues to attack with expanded targets worldwide since 2021

01 June 2023

Energy War


BlackEnergy is a malware toolkit that has been used by both criminal and APT actors. It dates back to at least 2007 and was originally designed to create botnets for use in conducting Distributed Denial of Service (DDoS) attacks, but its use has evolved to support various plug-ins

28 January 2023

Hackers Behind the Iran


The asymmetric nature of the cyberwarfare domain has enabled Iran to carry out the most sophisticated and costly cyber attacks in the history of the internet age

14 November 2022

The Pegasus Project


The Pegasus Project is a collaborative investigation into NSO Group, an Israeli “cyber intelligence” company that sells sophisticated spyware to governments around the world.

06 November 2022

The Cyber Face of Economic Development


Like other Chinese espionage operators, hacker groups, espionage targeting has generally aligned with China's Five-Year economic development plans. The group has established and maintained strategic access to organizations in the healthcare, high-tech, and telecommunications sectors. Activity traces back to 2012 when individual members of APT41 conducted primarily financially motivated operations focused on the video game industry before expanding into likely statesponsored activity.

14 November 2022

Red Children of Censorship


North Korean state-sponsored cyber espionage groups. Focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 group expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities. APT37 has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.

14 November 2022

From Altai To The Red Square

Fancy Bear

The Russian government engages in malicious cyber activities to enable broad-scope cyber espionage, to suppress certain social and political activity, to steal intellectual property, and to harm regional and international adversaries.

14 November 2022