The 5 Most Notorious Cyber Campaigns of 2024 Tracked by SOCRadar

As cyber threats evolve in scale and sophistication, organizations must stay alert to emerging tactics that challenge traditional defenses. In this post, we spotlight five of the most high-profile cyber campaigns observed in 2024. Each showcases a distinct strategy and set of targets, offering important lessons in digital defense.

1. Campaign Chameleon Unleashed

The Chameleon malware emerged as a silent predator, initially targeting general Android users but later evolving into a sophisticated banking trojan. By impersonating Customer Relationship Management (CRM) applications, Chameleon specifically targeted organization employees, compromising financial and personal data.

Key Highlights:

• Target Sectors: Finance, retail, healthcare, and telecommunications.
• Affected Regions: Poland, India, Singapore, Australia, and the United Kingdom.
• Advanced Tactics:
  • Use of droppers to bypass Android 13+ restrictions.
  • Credential harvesting through fake login pages.
  • Biometric operation disruptions.

Mitigation Strategies:

• Endpoint Protection: Deploy advanced endpoint detection and response (EDR) solutions to identify and mitigate malware activity.
• Mobile Threat Defense: Incorporate mobile-specific threat detection systems to identify malicious app behavior, including phishing and keylogging attempts.
• Security Awareness Training: Regularly educate employees about identifying phishing emails, suspicious app permissions, and secure practices for downloading applications.
• Access Control: Implement strict access control policies and monitor privileged accounts to prevent unauthorized data access.

You can explore SOCRadar Labs Campaign page to gain more detailed insights about Campaign Chameleon Unleashed.

2. Earth Baku 2.0: Advanced APT Tactics

Earth Baku, an Advanced Persistent Threat (APT) group linked to APT41, expanded its operations from the Indo-Pacific to Europe, the Middle East, and Africa. Their tactics, particularly exploiting IIS server vulnerabilities, highlighted their capacity for stealthy and persistent cyber espionage.

Key Highlights:

• Target Sectors: National security, telecommunication, education, and healthcare.
• Affected Regions: Italy, Germany, UAE, Qatar, and Romania.
• Advanced Tactics:
  • Exploitation of public-facing applications.
  • Use of compromised accounts for lateral movement.
  • Sophisticated malware deployment to exfiltrate sensitive data.

Mitigation Strategies:

• Patch Management: Ensure timely application of security patches for public-facing applications, including IIS servers, to mitigate exploitation.
• Network Monitoring: Utilize advanced intrusion detection systems (IDS) and intrusion prevention systems (IPS) to detect abnormal traffic patterns.
• Credential Security: Enforce multi-factor authentication (MFA) for all user accounts and conduct regular audits of privileged access.
• Incident Response Plan: Develop a robust incident response framework to quickly identify and contain potential APT activities.
• Threat Intelligence Integration: leverage threat intelligence platforms to monitor and track APT activities in real time.

You can explore SOCRadar Labs Campaign page to gain more detailed insights about Earth Baku 2.0.

3. PWA Phishing Attacks Target Mobile Banking

Progressive Web Apps (PWAs) have become the vector for an innovative phishing campaign targeting mobile banking users. These attacks take advantage of the seamless integration of PWAs with mobile browsers to easily trick users into providing sensitive credentials.

Key Highlights:

• Target Sectors: Banking and Finance.
• Tactics:
  • Mimicking legitimate banking PWAs.
  • Injecting malicious code to capture user credentials.
  • Leveraging social engineering to bypass 2FA.

Mitigation Strategies:

• Secure Application Development: Collaborate with developers to implement safeguards in PWAs, such as detecting and blocking unauthorized script injections.
• Enhanced Authentication: Encourage financial institutions to adopt biometric authentication and device-specific identity verification mechanisms.
• Phishing Awareness Campaigns: Run organization-wide campaigns to educate users on identifying spoofed PWAs and phishing attempts.
• Browser Extensions: Develop and distribute browser plugins that warn users of known malicious URLs associated with spoofed PWAs.

You can explore SOCRadar Labs Campaign page to gain more detailed insights about PWA Phishing Attacks Target Mobile Banking.

4. OneDrive Pastejacking

OneDrive became a surprising vector for a sophisticated phishing and downloader campaign known as pastejacking. By exploiting clipboard functionalities, attackers distributed malware disguised as benign links or files.

Key Highlights:

• Target Sectors:E-commerce, healthcare, and small businesses.
• Advanced Tactics:
  • Manipulating clipboard data to redirect users to malicious sites.
  • Disguising malware payloads as legitimate downloads.

Mitigation Strategies:

• Clipboard Monitoring Tools: Deploy tools that monitor clipboard modifications and block unauthorized changes.
• Access Policies: Restrict access to cloud storage platforms based on role-based permissions and ensure secure file-sharing practices.
• User Education: Raise awareness about the risks of Pastejacking and provide guidance on verifying clipboard content before use.
• Security Solutions: Implement browser-based defenses that detect and block attempts to manipulate clipboard data.

You can explore SOCRadar Labs Campaign page to gain more detailed insights about OneDrive Pastejacking.

5. DNS Under Siege: The Covert Campaign Hijacking Thousands of Domains

This campaign marked a significant escalation in DNS hijacking tactics. By exploiting vulnerabilities in domain name systems, attackers redirected traffic from legitimate sites to malicious ones, compromising sensitive user data.

Key Highlights:

• Target Sectors: Telecommunications and international affairs.
• Tactics:
  • Poisoning DNS caches to reroute traffic.
  • Exploiting registrar vulnerabilities to gain control of domain settings.

Mitigation Strategies:

• Adopt DNSSEC: Implement Domain Name System Security Extensions (DNSSEC) to secure domain integrity.
• Registrar Security: Regularly audit registrar accounts and enforce strong authentication mechanisms.
• DNS Monitoring: Continuously monitor DNS traffic for unusual patterns that may indicate hijacking attempts.
• Backup and Recovery: Maintain regular backups of DNS configurations and have a recovery plan in place to quickly restore services.

You can explore SOCRadar Labs Campaign page to gain more detailed insights about DNS Under Siege: The Covert Campaign Hijacking Thousands of Domains.

Conclusion

These five campaigns from 2024 reveal just how adaptive cybercriminals have become, blending technical exploits with social engineering to bypass even advanced defenses. Organizations must adopt multi-layered strategies that combine detection, education, and real-time intelligence.

SOCRadar’s unified threat intelligence platform is designed to meet this challenge. With modules like Threat Hunting, Digital Footprint, and Dark Web Monitoring, security teams gain a comprehensive view of the threat landscape and tools to act quickly.

SOCRadar’s Threat Hunting module

To dive deeper into current and emerging threats, the SOCRadar Labs Campaigns page offers detailed analyses of active cyber campaigns.

Want to better understand what risks your organization might be facing on the dark web? Get a Free Dark Web Report from SOCRadar and take the first step toward proactive defense.