Threat-actor campaigns
Discrete named operations run by threat actors — MITRE C-series campaigns plus a small set of MISP-tracked operations. A campaign is not an actor in its own right; each campaign here links to the actor (when known) under “Run by”. For the actors themselves, see 512 actors →. 56 campaigns indexed.
| Campaign | Run by | Category | Sponsor | CVEs | Techniques | Years |
|---|---|---|---|---|---|---|
| 2015 Ukraine Electric Power Attack (C0028) | Sandworm Team | state | 🇷🇺 RU | 3 | 25 | 2014 |
| 2016 Ukraine Electric Power Attack (C0025) | Sandworm Team | state | 🇷🇺 RU | 1 | 28 | 2015 |
| 2022 Ukraine Electric Power Attack (C0034) | Sandworm Team | state | 🇷🇺 RU | 0 | 16 | — |
| 2025 Poland Wiper Attacks (C0063) | — | state | 🇷🇺 RU | 0 | 77 | — |
| 3CX Supply Chain Attack (C0057) | AppleJeus | state | 🇰🇵 KP | 0 | 31 | — |
| APT28 Nearest Neighbor Campaign (C0051) | APT28 | state | 🇷🇺 RU | 0 | 28 | — |
| APT41 DUST (C0040) | APT41 | state-contractor | 🇨🇳 CN | 0 | 42 | — |
| Anthropic AI-orchestrated Campaign (C0062) | — | unknown | — | 0 | 36 | — |
| ArcaneDoor (C0046) | — | unknown | — | 2 | 30 | 2018–2025 |
| C0010 (C0010) | — | unknown | — | 0 | 14 | — |
| C0011 (C0011) | — | state | 🇮🇳 IN | 0 | 14 | — |
| C0015 (C0015) | — | unknown | — | 0 | 46 | — |
| C0017 (C0017) | APT41 | state-contractor | 🇨🇳 CN | 0 | 40 | — |
| C0018 (C0018) | — | unknown | — | 3 | 26 | 2021 |
| C0021 (C0021) | — | unknown | — | 0 | 26 | — |
| C0026 (C0026) | — | unknown | — | 0 | 8 | — |
| C0027 (C0027) | — | unknown | — | 1 | 42 | 2026 |
| C0032 (C0032) | TEMP.Veles | state | 🇷🇺 RU | 0 | 28 | — |
| C0033 (C0033) | PROMETHIUM | state | 🇹🇷 TR | 0 | 0 | — |
| CostaRicto (C0004) | — | unknown | — | 0 | 15 | — |
| Cutting Edge (C0029) | — | state | 🇨🇳 CN | 0 | 42 | — |
| FLORAHOX Activity (C0053) | — | state | 🇨🇳 CN | 0 | 9 | — |
| Frankenstein (C0001) | — | unknown | — | 0 | 39 | — |
| FrostyGoop Incident (C0041) | — | unknown | — | 0 | 7 | — |
| FunnyDream (C0007) | — | state | 🇨🇳 CN | 0 | 19 | — |
| HomeLand Justice (C0038) | — | state | 🇮🇷 IR | 0 | 36 | — |
| Indian Critical Infrastructure Intrusions (C0043) | — | unknown | — | 0 | 12 | — |
| J-magic Campaign (C0050) | — | unknown | — | 0 | 8 | — |
| Juicy Mix (C0044) | OilRig | state | 🇮🇷 IR | 0 | 22 | — |
| KV Botnet Activity (C0035) | Volt Typhoon | state | 🇨🇳 CN | 1 | 28 | — |
| Leviathan Australian Intrusions (C0049) | Leviathan | state | 🇨🇳 CN | 0 | 32 | — |
| Night Dragon (C0002) | — | state | 🇨🇳 CN | 0 | 43 | — |
| Operation AkaiRyū (C0060) | — | unknown | — | 0 | 40 | — |
| Operation CuckooBees (C0012) | — | unknown | — | 0 | 48 | — |
| Operation Digital Eye (C0061) | — | state | 🇨🇳 CN | 0 | 37 | — |
| Operation Dream Job (C0022) | Lazarus Group | state | 🇰🇵 KP | 3 | 81 | 2026 |
| Operation Dust Storm (C0016) | — | unknown | — | 1 | 24 | 2011 |
| Operation Ghost (C0023) | APT29 | state | 🇷🇺 RU | 0 | 16 | — |
| Operation Honeybee (C0006) | — | unknown | — | 0 | 43 | — |
| Operation MidnightEclipse (C0048) | — | unknown | — | 0 | 25 | — |
| Operation Sharpshooter (C0013) | — | unknown | — | 0 | 22 | — |
| Operation Spalax (C0005) | — | unknown | — | 0 | 24 | — |
| Operation Wocao (C0014) | — | state | 🇨🇳 CN | 0 | 95 | — |
| Outer Space (C0042) | OilRig | state | 🇮🇷 IR | 0 | 14 | — |
| Pikabot Distribution February 2024 (C0036) | — | unknown | — | 0 | 6 | — |
| Quad7 Activity (C0055) | — | unknown | — | 0 | 22 | — |
| RedDelta Modified PlugX Infection Chain Operations (C0047) | Mustang Panda | state-contractor | 🇨🇳 CN | 0 | 36 | — |
| RedPenguin (C0056) | UNC3886 | state | 🇨🇳 CN | 1 | 32 | 2025 |
| SPACEHOP Activity (C0052) | — | state | 🇨🇳 CN | 0 | 7 | — |
| Salesforce Data Exfiltration (C0059) | — | unknown | — | 0 | 27 | — |
| ShadowRay (C0045) | — | unknown | — | 0 | 16 | — |
| SharePoint ToolShell Exploitation (C0058) | — | state | 🇨🇳 CN | 7 | 49 | 2021–2026 |
| SolarWinds Compromise (C0024) | APT29 | state | 🇷🇺 RU | 2 | 96 | 2021–2026 |
| Triton Safety Instrumented System Attack (C0030) | TEMP.Veles | state | 🇷🇺 RU | 0 | 18 | — |
| Versa Director Zero Day Exploitation (C0039) | Volt Typhoon | state | 🇨🇳 CN | 0 | 13 | — |
| Water Curupira Pikabot Distribution (C0037) | — | unknown | — | 0 | 14 | — |