Cyber Resilience

Threat-actor campaigns

Discrete named operations run by threat actors — MITRE C-series campaigns plus a small set of MISP-tracked operations. A campaign is not an actor in its own right; each campaign here links to the actor (when known) under “Run by”. For the actors themselves, see 512 actors →. 56 campaigns indexed.

Campaign Run by Category Sponsor CVEs Techniques Years
2015 Ukraine Electric Power Attack (C0028)Sandworm Teamstate🇷🇺 RU3252014
2016 Ukraine Electric Power Attack (C0025)Sandworm Teamstate🇷🇺 RU1282015
2022 Ukraine Electric Power Attack (C0034)Sandworm Teamstate🇷🇺 RU016
2025 Poland Wiper Attacks (C0063)state🇷🇺 RU077
3CX Supply Chain Attack (C0057)AppleJeusstate🇰🇵 KP031
APT28 Nearest Neighbor Campaign (C0051)APT28state🇷🇺 RU028
APT41 DUST (C0040)APT41state-contractor🇨🇳 CN042
Anthropic AI-orchestrated Campaign (C0062)unknown036
ArcaneDoor (C0046)unknown2302018–2025
C0010 (C0010)unknown014
C0011 (C0011)state🇮🇳 IN014
C0015 (C0015)unknown046
C0017 (C0017)APT41state-contractor🇨🇳 CN040
C0018 (C0018)unknown3262021
C0021 (C0021)unknown026
C0026 (C0026)unknown08
C0027 (C0027)unknown1422026
C0032 (C0032)TEMP.Velesstate🇷🇺 RU028
C0033 (C0033)PROMETHIUMstate🇹🇷 TR00
CostaRicto (C0004)unknown015
Cutting Edge (C0029)state🇨🇳 CN042
FLORAHOX Activity (C0053)state🇨🇳 CN09
Frankenstein (C0001)unknown039
FrostyGoop Incident (C0041)unknown07
FunnyDream (C0007)state🇨🇳 CN019
HomeLand Justice (C0038)state🇮🇷 IR036
Indian Critical Infrastructure Intrusions (C0043)unknown012
J-magic Campaign (C0050)unknown08
Juicy Mix (C0044)OilRigstate🇮🇷 IR022
KV Botnet Activity (C0035)Volt Typhoonstate🇨🇳 CN128
Leviathan Australian Intrusions (C0049)Leviathanstate🇨🇳 CN032
Night Dragon (C0002)state🇨🇳 CN043
Operation AkaiRyū (C0060)unknown040
Operation CuckooBees (C0012)unknown048
Operation Digital Eye (C0061)state🇨🇳 CN037
Operation Dream Job (C0022)Lazarus Groupstate🇰🇵 KP3812026
Operation Dust Storm (C0016)unknown1242011
Operation Ghost (C0023)APT29state🇷🇺 RU016
Operation Honeybee (C0006)unknown043
Operation MidnightEclipse (C0048)unknown025
Operation Sharpshooter (C0013)unknown022
Operation Spalax (C0005)unknown024
Operation Wocao (C0014)state🇨🇳 CN095
Outer Space (C0042)OilRigstate🇮🇷 IR014
Pikabot Distribution February 2024 (C0036)unknown06
Quad7 Activity (C0055)unknown022
RedDelta Modified PlugX Infection Chain Operations (C0047)Mustang Pandastate-contractor🇨🇳 CN036
RedPenguin (C0056)UNC3886state🇨🇳 CN1322025
SPACEHOP Activity (C0052)state🇨🇳 CN07
Salesforce Data Exfiltration (C0059)unknown027
ShadowRay (C0045)unknown016
SharePoint ToolShell Exploitation (C0058)state🇨🇳 CN7492021–2026
SolarWinds Compromise (C0024)APT29state🇷🇺 RU2962021–2026
Triton Safety Instrumented System Attack (C0030)TEMP.Velesstate🇷🇺 RU018
Versa Director Zero Day Exploitation (C0039)Volt Typhoonstate🇨🇳 CN013
Water Curupira Pikabot Distribution (C0037)unknown014