Cyber Resilience

Campaign · all campaigns

Operation CuckooBeesC0012 unknown

aka Operation CuckooBees

Last updated: 2026-07-03

0attributed CVEs
48ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Operation CuckooBees](https://attack.mitre.org/campaigns/C0012) was a cyber espionage campaign targeting technology and manufacturing companies in East Asia, Western Europe, and North America since at least 2019. Security researchers noted the goal of [Operation CuckooBees](https://attack.mitre.org/campaigns/C0012), which was still ongoing as of May 2022, was likely the theft of proprietary information, research and development documents, source code, and blueprints for various technologies. Researchers assessed [Operation CuckooBees](https://attack.mitre.org/campaigns/C0012) was conducted by actors affiliated with [Winnti Group](https://attack.mitre.org/groups/G0044), [APT41](https://attack.mitre.org/groups/G0096), and BARIUM.(Citation: Cybereason OperationCuckooBees May 2022)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-432 / 4867%
CM-628 / 4858%
CM-222 / 4846%
CM-722 / 4846%
AC-321 / 4844%
AC-220 / 4842%
AC-620 / 4842%
SI-320 / 4842%
RA-515 / 4831%
AC-514 / 4829%
IA-214 / 4829%
SI-714 / 4829%
CA-713 / 4827%
CM-513 / 4827%
SI-1010 / 4821%

Co-occurring actors

None.

Similar actors

Similar TTPs