Cyber Resilience

Campaign · all campaigns

Operation SpalaxC0005 unknown

aka Operation Spalax

Last updated: 2026-07-03

0attributed CVEs
24ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Operation Spalax](https://attack.mitre.org/campaigns/C0005) was a campaign that primarily targeted Colombian government organizations and private companies, particularly those associated with the energy and metallurgical industries. The [Operation Spalax](https://attack.mitre.org/campaigns/C0005) threat actors distributed commodity malware and tools using generic phishing topics related to COVID-19, banking, and law enforcement action. Security researchers noted indicators of compromise and some infrastructure overlaps with other campaigns dating back to April 2018, including at least one separately attributed to [APT-C-36](https://attack.mitre.org/groups/G0099), however identified enough differences to report this as separate, unattributed activity.(Citation: ESET Operation Spalax Jan 2021)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-313 / 2454%
SI-413 / 2454%
CA-711 / 2446%
CM-210 / 2442%
CM-610 / 2442%
AC-49 / 2438%
SC-79 / 2438%
CM-77 / 2429%
SI-27 / 2429%
SI-77 / 2429%
SC-446 / 2425%
SI-86 / 2425%
SI-105 / 2421%
IA-94 / 2417%
SC-204 / 2417%

Co-occurring actors

None.

Similar actors

Similar TTPs