Cyber Campaigns Central
A list of over 125 (and growing!) cyber campaigns
This website simply lists multiple cyber-espionage and cyber-attack campaigns. Click on any of the links below to access detailed information regarding these cyber campaigns. If you see one missing, just let me know. – Jim
Updates:
January 2017 – Several updates and Analysis Tools
October 28, 2015 – Threat Group 2889, Op Clean Internet
July 27, 2015 – APT 3, Operation Shrouded Horizon
May 1, 2015 – Operation Armageddon, APT30, Hellsing, Naikon
Analyst Tools
Cyber Arms Dealers
China (People’s Republic of China AKA PRC)
- APT1 (Mandiant Report on PLA Unit 61398)
- APT 3 (Cladestine Fox)
- APT 12
- APT18 (Dynamite Panda) (Video)
- APT30
- Aurora
- Axiom (Operation SMN) consisting of:
- Beijing North Computer Center (also known as the General Staff Department 418th Research Institute or the PLA’s 61539 Unit)
- Clandestine Fox
- Codoso
- Deep Panda
- Elderwood Project
- GhostNet
- Gothic Panda (APT 3)
- Hellsing APT
- Hurricane Panda
- Ice Fog
- IXESHE (APT12/Numbered Panda)
- Lotus Blossom
- Lucky Cat
- Nation Research Council (Canada)
- Net Traveler
- Mirage
- Naikon
- Night Dragon
- Numbered Panda
- Putter Panda (CrowdStrike Report on PLA Unit 61486)
- RSA Hack
- Safe – A Targeted Threat
- Samurai Panda
- Shady Rat
- Shiqiang Gang
- Sin Digoo
- Su Bin
- SunShop
- Titan Rain and Moonlight Maze
- Tropic Trooper
- VOHO
- Yanbian Group
- Other Pandas (Anchor)
Iran
- Operation Ababil (Bank DDOS)
- Operation Cleaver (Tarh Andishan)
- U.S. Navy Marine Corps Intranet (1, 2, 3)
- Newscaster
- Copy Kitten
- Rocket Kitten
- Saffron Rose (Flying Kitten) (and more)
- Sands Casino
- Shamoon
- Threat Group-2889 (LinkedIn espionage operations)
- Woolen Goldfish
Other
- 414s
- Corsair Jackal (Tunisia?)
- DustySky (Gaza)
- Equation Group (2)
- Flame (2)
- Stuxnet
- Regin
- OceanLotus
- Operation Emmental
- Operation Socialist (British?)
- Operation Pawn Storm (Targeting European Govt)
- Volatile Cedar (Possibly Lebanon group)
- Desert Falcon (Arabic Language APT group)
Russia
- 2008 Attack on Georgia
- Anunak
- Armageddon
- Berserk Bear
- Cloud Atlas
- CozyDuke (aka CozyBear, CozyCar, OnionDuke or Office Monkeys)
- Energetic Bear/DragonFly/Havex
- Fort Disco
- Inception
- Kelihos Botnet
- Red October
- PawnStorm (AKA Sofacy/APT28/ More APT 28)
- Scarab
- Scarcruft
- Sandworm
- TeamSpy
- Turla
- Uroburos
North and South Korea
- Cyber Attacks in South Korea March 2013
- Bureau 121 (2)
- DarkSeoul (2)
- OnionDog
- Guardians of Peace (Sony Pictures) (Alternate site) (alternate name: Silent Chollima)
- Operation Troy
- DarkHotel <possible South Korea>
India/Pakistan90
France
- Snowglobe (aka Babar)
Spanish
U.S. Hacktivists
- Payback
- Blitzkrieg
- Operation Ferguson
- Operation KKK
- Operation Uncaged (PawSec/Op4Paws)
- Operation Death Eaters (Anonymous vs. Pedophiles
- OpSeaWorld
- OpDonaldTrump
Middle Eastern Hactivists
Cyber Criminals and Botnets
- Asporx
- Butteryfly
- CoreFlood
- CryptoLocker
- DarkHotel
- Fin4
- Ghost Click
- High Roller
- Threat Group-3279 (targeting video game industry)
- Xu Gang
Law Enforcement / Military Operations
- Operation 54 (Citadel)
- Operation ACHing Mules
- Operation Buckshot Yankee (DOD – Agent.Btz)
- Operation Card Shop
- Operation Clean Internet (China)
- Operation Cyber Knight
- Operation Cyberslam
- Operation Onymous
- Operation Rolling Tide
- Operation Shrouded Horizon
- Operation Torpedo
- Operation Tovar (Gameover Zeus)
- Bot Roast
- Gozi Takedown
- LulzsSec Demantling
- MegaUpload (KimDotCom Arrest)
- Silk Road Takedown
- Silk Road 2.0 Takedown
- U.S. Charges Five Chinese Military Hackers
Malware Used
- Agent BTZ (Russia)
- Comfoo (PRC APTs)
- DNS Changer (Ghost Click)
- HTRAN (PRC APTs)
- Hydraq (Aurora)
- IEXPLORE RAT
- LOIC (Anonymous)
- Lurid (PRC)
- MyDoom (Korea)
- Poison Ivy (PRC)
Other Resources
- INSA and Cyber Intelligence
- Cyber Sanctions (Treasury.gov)
- Advanced Persistent Threats: A Symantec Perspective
Email the webmaster and cyber security researcher Steve Borden:
Recent Comments