Cyber Campaigns Operation- Úvod  Cyber Campaigns  Operation  CERT Alert  CERT Analysy  CERT Publication  CERT Tips New 

2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008




27.3.20 Operation Poisoned News Experts observed a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to spy on them.


Operation Pangea Operation Pangea is the name of a joint international operation lead by the Interpol that seized €13 million in counterfeit drugs for care.
17.2.20 Fox Kitten Campaign Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign.


Operation Night Fury Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world
22.1.20 OP Glowing Symphony US military claims to have disrupted the online propaganda activity of the Islamic State (ISIS) in a hacking operation dating back at least to 2016.


OPERATION GHOST ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families


Operation WebStorage

The campaign uses compromised routers and man-in-the-middle attacks to target legitimate ASUS WebStorage software to distribute the Plead malware.


Operation MuddyWater POWERSTATS V3

The campaign targets a range of sectors with spear-phishing emails delivered from legitimate compromised accounts to drop a PowerShell-based backdoor labeled POWERSTATS v3.


Operation ShellTea

The campaign targets the hotel and entertainment sectors with spear-phishing emails to infiltrate systems with the ShellTea backdoor.


Operation HAWKBALL

The campaign targets the government sector in Central Asia with malicious documents that take advantage of vulnerabilities in Microsoft Office to drop the HAWKBALL backdoor.


Operation Frankenstein

The campaign used a range of open-source tools to carry out their attacks including Microsoft's MSbuild, the post-exploitation framework FruityC2, and PowerShell Empire.


Operation TA505 Shifting Tactics

The group behind the operation target users in South Korea, China, and Taiwan with new tactics, techniques, and procedures including Amadey to distribute EmailStealer, using VBA macro and Excel 4.0 macro.


Operation Waterbug New Toolset

The threat actor behind the operation launched a series of attacks in the last 18 months against multiple sectors including government, IT, communications, and education.


Operation Soft Cell

The campaign has been active since at least 2012 and targets telecommunications providers in multiple countries.


Operation SharePoint Middle East

The campaign targeted Microsoft SharePoint servers located at Middle Eastern government organizations to steal sensitive information.


Operation BlackWater

The campaign used trojanized documents attached to phishing emails to steal sensitive information from victims located in the Middle East.


ViceLeaker Operation

In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens.


Operation Daybreak

Earlier this year, we deployed new technologies in Kaspersky Lab products to identify and block zero-day attacks.


Operation ShadowHammer

In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility, which was featured in a Kim Zetter article on Motherboard.


Operation SaboTor

Today, members of the Joint Criminal Opioid and Darknet Enforcement (J-CODE) team announce the results of Operation SaboTor, a coordinated international effort targeting drug trafficking organizations operating on the Darknet.


Operation ShadowHammer

Earlier today, Motherboard published a story by Kim Zetter on Operation ShadowHammer, a newly discovered supply chain attack that leveraged ASUS Live Update software.



Over the weekend, hundreds of popular Israeli sites were targeted by an attack called #OpJerusalem whose goal was to infect Windows users with the JCry ransomware.


Operation Sharpshooter  pdf

The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence.


Operation Oceansalt

A wall eight feet high with three strands of barbed wire is considered sufficient to deter a determined intruder, at least according to the advice offered by the CISSP professional certification.



We have dubbed the first campaignOperation Shaheen. It examines complex espionage effort directed military Pakistani the at



ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targetssince at least June 2015.


OpIsrael 2018

OpIsrael is a yearly campaign created by Anonymous in 2012 with the stated goal of “erasing Israel from the internet” in protest against the Israeli government’s conduct in the Israli-Palestinian conflict.


OpCatalunya: Phase 4

In October 2017, citizens of Catalonia – an autonomous community in Spain - held an independence referendum.


Operation Dragonfly

On September 6, Symantec published details of the Dragonfly campaign, which targeted dozens of energy companies throughout 2017.



With a new whale hunting season comes a new wave of attacks by environmental and animal rights hacktivist communities within the Anonymous collective.


OpUSA / OpIsrael

In 1995, the United States Congress passed the Jerusalem Embassy Act, which was created for the purposes of initiating and funding the relocation of the Embassy of the United States in Israel from Tel Aviv to Jerusalem.



At the beginning of October 2017, citizens of Catalonia – an autonomous community in Spain - held an independence referendum.



OpIcarus is a multiphase operation originally launched by Anonymous on February 8, 2016 and is now entering its fifth phase on June 11, 2017.


OpSingleGateway – Summer Edition

In the first week of June there has been a dramatic increase in activity from #OpSingleGateway, an Anonymous operation designed to combat the government of Thailand’s strategy to implement central control of the nation’s Internet.


OpKillingBay 2017

OpKillingBay is a yearly hacktivism operation by Anonymous, activists, and others organizations in response to the hunting of whales and dolphins in Japan.


OpIsrael 2017

With the stated goal of "erasing Israel from the Internet,” Anonymous will launch OpIsrael 2017, its yearly cyber operation against Israel on April 7, 2017..



In a move to combat the government of Thailand’s strategy to implement central control of the nation’s Internet, Anonymous has launched OpSingleGateway.


OpKillingBay 2016 Update

Online protests in the form of network and application attacks against countries and organizations involved in whale and dolphin hunting has become an integral part of hunting season.



The Dakota Access Pipeline Project (DAPL) is the construction of a 1,172-mile-long pipeline that will span across three states.


OpIcarus Project Mayhem

Anonymous has initiated the third and final phase of OpIcarus: “Project Mayhem” – a systematic cyber assault against worldwide stock exchanges.



Anonymous has launched OpLGBT, a DDoS campaign targeting the state of North Carolina and its governmental institutes in response to controversial legislation passed by the state’s General Assembly.

5/17/16 Operation Groundbait Operation Groundbait (Russian: Прикормка, Prikormka) is an ongoing cyber-surveillance operation targeting individuals in Ukraine. The group behind this operation has been launching targeted and possibly politically-motivated attacks to spy on individuals.


OpIcarus Re-Engaged

The Hacktivist Group Anonymous announced its plans to relaunch its cyber assaults on leading financial services companies worldwide.



In an effort to fight for the rights of digital consumers throughout South America, the hacktivist group Anonymous has launched OpOperadoras,i coordinated cyber assault against Brazilian telecommunication companies.


OpIsrael Update - April 2016

With the stated goal of “erasing Israel from the internet” in protest against claimed crimes against the Palestinian people, Anonymous will launch its yearly operation against Israel.


OpTrump Attacks

Since our previous OpWhiteRose vs Donald Trump ERT alert outlining the potential cyber-attack against Donald Trump on April fool's day, the presidential candidate was eventually hit and online entities of key Trump.


OpWhiteRose vs Donald Trump

Donald Trump and his presidential campaign has gained a new round of attention from the Anonymous collective.



The hacktivist group Anonymous launched an operation against the city of Denver, CO and its officials. Entitled OpRight2Rest, the operation is a response to the passing of the Denver Homeless Camping Ban.



The hacktivist group New World Hackers is currently targeting the capital and most populous city of Utah, Salt Lake City, as part of a new operation, OpAbdiMohamed.


OpAfrica Update - March 2016

The hacktivist group Anonymous has upped the ante in its cyber-assault against corporations and government that "enable and perpetuate corruption on the African continent."


OpIsrael Update - February 2016

With the stated goal of "erasing Israel from the internet" in protest against claimed crimes against the Palestinian people, Anonymous will launch its yearly operation against Israel.



Hacktivists have targeted the Cincinnati Police Department after last week’s police shooting of Paul Gaston.



The hacktivist group Anonymous is back, this time fighting corruption across the continent of Africa.


OpKillingBay Update - February 2016

OpKillingBay is an annual campaign that was started in 2013 by Anonymous. It was created by Anonymous to bring attention to the hunting of whales and dolphins in Japan and Denmark.



The hacktivist group Anonymous announced its plan to attack leading financial services companies on Monday, February 8, 2016, starting at 6AM UTC with the goal of taking down their websites and services.



On December 11, 2015 Anonymous announced Operation Trump (#OpTrump), a three phase hacking campaign to "expose the real Donald Trump" and take down the presidential candidate's online footprint


OpParis Update

OpParis has faced a number of challenges since the launch of its operation. Organizations such as Anonymous have targeted non-ISIS accounts and any twitter account with Arabic writing by only assuming its association with ISIS.


OpKillingBay Update

OpKillingBay, the annual campaign created by Anonymous, has continued into November and predicted to remain until the end of dolphin hunting season.


Operation Buhtrap Financially motivated group targeting banks and businesses in Russia



Radware's ERT has been investigating OpParis, an Anonymous revenge campaign against ISIS for the Paris attacks on November 13, 2015.



OpKillingBay is an annual campaign created by Anonymous, activists and other organizations in response to whale and dolphin hunting in Japan and Denmark.

7/7/2015 Operation Liberpy For several years now, we have been reporting that Latin America is not only a region that receives threats from elsewhere; on the contrary, we have witnessed the increasing attacks and threats across the region.
In this article we analyze one of the latest research project of ESET‘s Latin America Labs, where through joint actions with HISPASEC, we dismantled a botnet devoted to information theft affecting in 98% of the cases to Latin American users.



Islamic State in Iraq and Syria (ISIS), an Al-Qaeda splinter group, is infamously known for its malicious, physical attacks. Recently, however, ISIS has been credited with cyber-attacks.


OpIsrael 2015

OpIsrael 2015 is an organized set of attacks aimed at the Israeli government, public institutions and other high profile Web sites



Due to the growing tension between Palestine and Israel that includes military actions in the sector of Gaza, several hacktivists groups have united in a cyber-attack campaign against Israel, named #OpSaveGaza.

15.7.14 OPERATION WINDIGO This document details a large and sophisticated operation, code named “Windigo”, in which a malicious group has compromised thousands of Linux and Unix servers.
The compromised servers are used to steal SSH credentials, redirect web visitors to malicious content and send spam.


OpIsrael 2014

#OpIsrael is an organized set of attacks aimed at Israeli Web sites, which was officially first launched on 14 November, 2012 against the Israeli government, public institutions and other high profile Web sites.


#OpAbabil Phase 4

In early September 2012, videos of about 14 minutes in length that claimed to be trailers of a longer film named “Innocence of Muslims” were uploaded to YouTube.



AnonGhost – A hacking group affiliated with Anonymous announced a new cyber-attack campaign against US websites named #OPUSA, scheduled for May 7th, 2013.



Various anti-Israeli hacking groups join hands to launch a massive cyber attack on Israeli cyber space with the aim to disconnect the country from the Internet.

2011 OPERATION POTAO EXPRESS The Operation Potao Express whitepaper presents ESET’s latest findings based on research into the Win32/Potao malware family. Even though the malware was detected long ago by ESET and a few other anti-virus companies,
it hasn’t received any public attention since 2011, when the first known samples were detected