Campaign · all campaigns
Operation SpalaxC0005 unknown
aka Operation Spalax
Last updated: 2026-07-03
About this actor
[Operation Spalax](https://attack.mitre.org/campaigns/C0005) was a campaign that primarily targeted Colombian government organizations and private companies, particularly those associated with the energy and metallurgical industries. The [Operation Spalax](https://attack.mitre.org/campaigns/C0005) threat actors distributed commodity malware and tools using generic phishing topics related to COVID-19, banking, and law enforcement action. Security researchers noted indicators of compromise and some infrastructure overlaps with other campaigns dating back to April 2018, including at least one separately attributed to [APT-C-36](https://attack.mitre.org/groups/G0099), however identified enough differences to report this as separate, unattributed activity.(Citation: ESET Operation Spalax Jan 2021)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-3 | 13 / 24 | 54% |
SI-4 | 13 / 24 | 54% |
CA-7 | 11 / 24 | 46% |
CM-2 | 10 / 24 | 42% |
CM-6 | 10 / 24 | 42% |
AC-4 | 9 / 24 | 38% |
SC-7 | 9 / 24 | 38% |
CM-7 | 7 / 24 | 29% |
SI-2 | 7 / 24 | 29% |
SI-7 | 7 / 24 | 29% |
SC-44 | 6 / 24 | 25% |
SI-8 | 6 / 24 | 25% |
SI-10 | 5 / 24 | 21% |
IA-9 | 4 / 24 | 17% |
SC-20 | 4 / 24 | 17% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- LazyScripter 0.46
- Operation Dust Storm 0.45
- C0021 0.43
- C0011 0.41
- TA2541 0.40