Campaigns
Campaigns
Strategic operations spanning multiple incidents — coordinated attribution, technique, or intent. From Stuxnet to the Snowflake cohort.
- 1
Cl0p mass-exploitation campaign
2020– · active
Multi-year Cl0p / TA505 operation exploiting zero-days in managed-file-transfer (MFT) products to mass-extort thousands of organisations: Accellion FTA (2020), GoAnywhere MFT (2023), MOVEit Transfer (2023), Cleo (2024).
$12.15B - 4
Lazarus cryptocurrency-theft programme
2017– · active
Sustained North Korean state cybercrime programme (2017–present) targeting cryptocurrency exchanges, custody providers, and DeFi protocols. Estimated cumulative proceeds exceed $5 billion across hundreds of attributed operations.
$2.74B - 4
Chinese 'Big Four' PII collection campaign
2014–2018 · concluded
Coordinated Chinese state cyberespionage campaign (2014–2018) against U.S. personal-records-rich data sources: OPM, Anthem, Marriott/Starwood, and Equifax. Together the four datasets enable comprehensive intelligence dossiers on cleared U.S. personnel.
$2.19B - 3
LockBit ransomware-as-a-service franchise
2019–2024 · disrupted
The most prolific ransomware-as-a-service operation of 2022–2024, responsible for ~25% of all observed ransomware attacks at peak. Disrupted by NCA-led Operation Cronos in February 2024, with developer Dmitry Khoroshev unmasked as LockBitSupp.
$200.0M - 1
Snowflake cohort credential-stuffing campaign (2024)
2024–2024 · concluded
Coordinated 2024 criminal campaign against ~165 Snowflake-customer tenants. Operators used infostealer-harvested credentials to authenticate against tenants without MFA, exfiltrating data from AT&T, Ticketmaster, Santander, Advance Auto Parts, and many others.
$200.0M - 1
Operation Olympic Games
2006–2012 · concluded
Joint U.S.-Israeli covert programme (2006–2012) to delay Iran's nuclear enrichment via cyber means. Best known for Stuxnet but encompassing Duqu, Flame, and related malware families.
$100.0M - 1
lapsus-2022-extortion-spree
$5.0M - 1
dark-caracal-gdgs-surveillance
- 1
flame-stuxnet-equation-toolchain
- 1
jia-tan-xz-backdoor
- 1
mirai-botnet
- 1
nile-phish-civil-society-targeting
- 1
okta-support-har-token-theft
- 1
sandvine-packetlogic-network-injection
- 1
smoothoperator