# Campanhas e Incidentes Documentação de operações de ataque, campanhas de malware e incidentes de segurança relevantes. Cada entrada inclui contexto da operação, atores envolvidos, setores alvejados, TTPs utilizadas e linha do tempo dos eventos. **Tipos de entradas:** - **Campanhas ativas** - operações em andamento com monitoramento contínuo - **Campanhas encerradas** - operações históricas com análise completa - **Operações de aplicação da lei** - takedowns e ações coordenadas contra grupos criminosos --- ## Campanhas LATAM Ativas > [!danger] Campanha Ativa - Horabot LATAM 2026 > Banking trojan brasileiro com 5.384 dispositivos comprometidos (93% México). Cadeia: ClickFix → mshta → VBScript polimórfico → AutoIt → Delphi DLL. > **Setores:** [[financial]], [[government]], [[accounting]], [[construction]] | **Países:** México, Brasil, Argentina > **Operadores:** [[horabot-operators]] | **Status:** Ativo desde maio de 2025 > → [[horabot-latam-2026|Horabot LATAM 2026]] --- ## Fluxo de Campanhas Ativas ```mermaid graph TB subgraph ransomware["Ransomware & Extorsão"] IL["Interlock<br/>Ransomware"] -->|"CVE-2026-20131"| CISCO["Cisco FMC"] LB["LockBit"] -->|"Citrix Bleed"| INFRA["Infraestrutura Global"] CL["Cl0p"] -->|"File Transfer"| FT["MOVEit · Cleo"] end subgraph espionagem["Espionagem Estatal"] MW["MuddyWater"] -->|"Op. OlaLampo"| GOV_LATAM["Governos LATAM"] APT29["APT29"] -->|"Phishing Diplomático"| EU["Diplomatas EU"] VT["Volt Typhoon"] -->|"LOTL"| IC["Infra Crítica EUA"] end subgraph financeiro["Fraude Financeira"] GR["Grandoreiro"] -->|"Overlay + PIX"| BANCOS["Bancos BR/MX/ES"] LAZ["Lazarus"] -->|"Bybit Heist"| CRYPTO["Exchanges Crypto"] HB["Horabot<br/>Banking Trojan"] -->|"ClickFix → VBScript"| LATAM_BANKS["Bancos LATAM"] end classDef ransom fill:#5a1a1a,color:#fff,stroke:#e74c3c classDef espion fill:#1a3a5c,color:#fff,stroke:#2980b9 classDef finance fill:#4a3a1a,color:#fff,stroke:#f39c12 classDef target fill:#1a4a2a,color:#fff,stroke:#27ae60 class IL,LB,CL ransom class MW,APT29,VT espion class GR,LAZ,HB finance class CISCO,INFRA,FT,GOV_LATAM,EU,IC,BANCOS,CRYPTO,LATAM_BANKS target ``` --- ## Campanhas Ativas %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Campanha", join(threat-actors, ", ") AS "Atores", join(sectors-targeted, ", ") AS "Setores", dates.start AS "Início" FROM "cti/campaigns" WHERE type = "campaign" AND status = "active" SORT dates.start DESC ``` %% <!-- QueryToSerialize: TABLE WITHOUT ID link(file.link, title) AS "Campanha", join(threat-actors, ", ") AS "Atores", join(sectors-targeted, ", ") AS "Setores", dates.start AS "Início" FROM "cti/campaigns" WHERE type = "campaign" AND status = "active" SORT dates.start DESC --> <!-- SerializedQuery: TABLE WITHOUT ID link(file.link, title) AS "Campanha", join(threat-actors, ", ") AS "Atores", join(sectors-targeted, ", ") AS "Setores", dates.start AS "Início" FROM "cti/campaigns" WHERE type = "campaign" AND status = "active" SORT dates.start DESC --> | Campanha | Atores | Setores | Início | | -------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------ | ------------------ | | [[operation-olalampo\|Operation Olalampo]] | [[g0069-mango-sandstorm\|MuddyWater]] | financial, government, defense | 2025 | | [[trivy-supply-chain-2026\|TeamPCP Supply Chain Campaign 2026]] | [[teampcp]] | technology, financial, government | March 20, 2026 | | [[operation-ghostmail-2026\|Operation GhostMail]] | [[cti/groups/g0007-apt28.md\|g0007-apt28]] | government, critical-infrastructure | January 22, 2026 | | [[darksword-ios-campaign-2026\|DarkSword iOS Campaign 2026]] | [[darksword-group]] | government, financial, human-rights | January 01, 2026 | | [[interlock-cisco-fmc-campaign-2026\|Interlock Cisco FMC Campaign 2026]] | [[cti/groups/interlock-ransomware.md\|interlock-ransomware]] | technology, healthcare, government, financial | January 01, 2026 | | [[operation-ghostmail-zimbra-2026\|Operation GhostMail Zimbra 2026]] | [[cti/groups/g0007-apt28.md\|g0007-apt28]], [[cti/groups/g0007-apt28.md\|g0007-apt28]] | government, military, critical-infrastructure | January 01, 2026 | | [[operation-neusploit\|Operation Neusploit]] | | technology, financial | January 01, 2026 | | [[veeam-ransomware-exploitation-2026\|Veeam Ransomware Exploitation 2026]] | [[g0046-fin7]], [[s0625-cuba-ransomware-group]], [[akira-ransomware-group]], [[frag-ransomware-group]] | technology, financial, critical-infrastructure, healthcare, government | January 01, 2026 | | [[venon-banking-campaign-2026\|VENON Banking Campaign 2026]] | [[Ator desconhecido - VENON]] | financial, cryptocurrency | January 01, 2026 | | [[tekir-mexico-government-attack-2025\|Tekir Mexico Government Attack 2025]] | [[tekir]] | government, legal | November 01, 2025 | | [[silver-fox-tax-campaign-2026\|Silver Fox Tax Campaign 2026]] | [[silver-fox\|Silver Fox]] | financial, government, technology | October 01, 2025 | | [[darksword-ios-campaign\|DarkSword iOS Campaign]] | [[unc6748]], [[pars-defense]], [[unc6353]] | government, technology, financial, defense | September 01, 2025 | | [[ghosthire-campaign-2025\|GhostHire Campaign 2025]] | [[g0124-bluenoroff]], [[g0032-lazarus-group]] | financial, technology, cryptocurrency | September 01, 2025 | | [[operation-macromaze-2025\|Operation MacroMaze]] | [[cti/groups/g0007-apt28.md\|g0007-apt28]], [[sednit]], [[cti/groups/g0007-apt28.md\|g0007-apt28]] | government, defense | September 01, 2025 | | [[matanbuchus-teams-2025\|Matanbuchus Teams 2025]] | | technology, financial, healthcare, government | June 01, 2025 | | [[horabot-latam-2026\|Horabot LATAM 2026]] | [[horabot-operators]] | financial, government, accounting, construction | May 01, 2025 | | [[kimsuky-whatsapp-qr-2025\|Kimsuky WhatsApp QR 2025]] | [[g0094-kimsuky]] | government, think-tanks, academia | May 01, 2025 | | [[ivanti-cve-2025-22457-campaign\|Ivanti Connect Secure CVE-2025-22457 - UNC5221]] | [[unc5221\|UNC5221]] | government, financial, telecommunications | March 01, 2025 | | [[redcurl-qwcrypt-campaign-2025\|RedCurl QWCrypt Campaign 2025]] | [[g1039-redcurl]] | technology, financial, manufacturing | March 01, 2025 | | [[akira-sonicwall-campaign-2025\|Akira Ransomware via SonicWall SSL-VPN - 2025]] | [[storm-1567\|Storm-1567 (Akira)]] | healthcare, manufacturing, financial | January 01, 2025 | | [[european-diplomatic-phishing-2025\|European Diplomatic Phishing 2025]] | [[g0016-apt29\|APT29 / Cozy Bear]] | government | January 01, 2025 | | [[black-basta-microsoft-teams-2024\|Black Basta Microsoft Teams Campaign 2024]] | [[cardinal-cybercrime-group]] | financial, healthcare, critical-infrastructure | October 01, 2024 | | [[cleo-file-transfer-exploitation\|Cleo File Transfer Exploitation 2024]] | [[s0611-clop-ransomware]] | logistics, retail, financial, manufacturing | October 01, 2024 | | [[silk-typhoon-it-supply-chain-2024\|Silk Typhoon - Ataque à Cadeia de Suprimentos TI (2024-2025)]] | [[g0125-silk-typhoon]] | technology, government, healthcare, legal, defense, energy | October 01, 2024 | | [[apt41-silver-dragon-2024\|APT41 Silver Dragon 2024]] | [[cti/groups/g0096-apt41.md\|g0096-apt41]] | government, telecommunications, technology | June 01, 2024 | | [[unc1549-defense-aerospace-2024\|UNC1549 Defense Aerospace 2024]] | [[imperial-kitten]] | defense, aerospace, government, technology | June 01, 2024 | | [[clickfix-campaign-2025\|ClickFix Campaign 2025]] | [[clearfake]], [[g0032-lazarus-group]], [[g1037-ta577]], [[storm-0249]] | hospitality, financial, healthcare, government, technology | May 01, 2024 | | [[clickfix-campaign-2024\|ClickFix Campaign 2024]] | | technology, financial, government | March 01, 2024 | | [[clickfix-campaign\|ClickFix Campaign]] | [[cti/groups/ta571.md\|ta571]], [[storm-0249]], [[storm-1877]], [[uac-0050]] | technology, financial, healthcare, government, transportation | March 01, 2024 | | [[grandoreiro-smishing-campaign-2024\|Grandoreiro Smishing Campaign 2024]] | [[s0531-grandoreiro]] | financial, government | March 01, 2024 | | [[emmenhtal-campaign\|Emmenhtal Campaign]] | | technology, financial, government | February 01, 2024 | | [[campaign-weblogic-cryptomining-2024\|8220 Gang WebLogic Cryptomining 2024]] | [[8220-gang]] | technology, cloud, financial | January 01, 2024 | | [[grandoreiro-global-expansion-2024\|Grandoreiro Global Expansion 2024]] | [[s0531-grandoreiro\|Grandoreiro]] | financial, banking | January 01, 2024 | | [[operation-urban-ghost\|Operation Urban Ghost]] | | technology, government, financial | January 01, 2024 | | [[targeting-western-logistics\|Targeting Western Logistics 2024-2025]] | [[cti/groups/g0007-apt28.md\|APT28]], [[g0034-sandworm\|Sandworm]] | critical-infrastructure, government | January 01, 2024 | | [[ivanti-connect-secure-exploitation-2024\|Ivanti Connect Secure Exploitation 2024]] | [[unc5221]] | government, military, technology, telecommunications, financial | December 01, 2023 | | [[latrodectus-campaigns-2024\|Latrodectus Campaigns 2024]] | [[g1037-ta577]], [[g1038-ta578]] | financial, automotive, healthcare, technology | November 01, 2023 | | [[hunters-international-campaign-2023\|Hunters International Campaign 2023]] | [[hunters-international-ransomware]] | manufacturing, healthcare, financial, government | October 01, 2023 | | [[clearfake-campaign\|ClearFake Campaign]] | [[ta2726]] | technology, financial, healthcare, government | July 01, 2023 | | [[blacksuit-campaign-2023\|Blacksuit Campaign 2023]] | [[blacksuit-ransomware]], [[ignoble-scorpius]] | manufacturing, healthcare, government, technology, construction | May 01, 2023 | | [[capratube-campaign-2023\|CapraTube Campaign 2023]] | [[g0134-transparent-tribe]] | government, military, defense | April 01, 2023 | | [[campaign-unc1549-aerospace-2024\|UNC1549 Aerospace Campaign 2024]] | [[unc1549]] | aerospace, defense, aviation | January 01, 2023 | | [[earth-estries-beta-campaign-2024\|Earth Estries Beta Campaign 2024]] | [[earth-estries]], [[g1045-salt-typhoon]] | telecommunications, government, technology | January 01, 2023 | | [[gopix-campaign\|GoPix Campaign]] | [[Cibercriminosos Brasileiros - GoPix]] | financial, cryptocurrency | January 01, 2023 | | [[operation-roundpress-apt28-webmail-2024\|Operation RoundPress]] | [[cti/groups/g0007-apt28.md\|g0007-apt28]], [[sednit]], [[cti/groups/g0007-apt28.md\|g0007-apt28]] | government, defense, technology | January 01, 2023 | | [[operation-roundpress\|Operation RoundPress]] | [[cti/groups/g0007-apt28.md\|g0007-apt28]] | government, defense, critical-infrastructure | January 01, 2023 | | [[fin7-avneutralizer-campaign-2024\|FIN7 - AvNeutralizer EDR Killer Campaign (2024)]] | [[g0046-fin7]] | technology, financial, government, retail, healthcare | April 01, 2022 | | [[operation-pawn-storm\|Operation Pawn Storm]] | [[cti/groups/g0007-apt28.md\|APT28 / Fancy Bear]] | government, defense, logistics, technology, telecommunications | February 01, 2022 | | [[operation-dns-poisoning-2022-2024\|Operação DNS Poisoning - Daggerfly 2022-2024]] | [[g1034-daggerfly\|Daggerfly]] | government, telecommunications, technology | January 01, 2022 | | [[medusa-hospital-campaign-2025\|Medusa Ransomware - Campanha contra Saúde e Infraestrutura 2025]] | [[g1051-medusa-ransomware]], [[g0032-lazarus-group]] | healthcare, education, technology, financial, manufacturing | June 01, 2021 | | [[volt-typhoon-infrastructure-campaign\|Volt Typhoon Infrastructure Campaign]] | [[g1017-volt-typhoon\|Volt Typhoon]] | critical-infrastructure, telecommunications, energy, government, technology | June 01, 2021 | | [[fire-ant-campaign\|Fire Ant Campaign]] | [[g1048-unc3886]] | defense, government, technology, telecommunications | January 01, 2021 | | [[lockbit-brazil-campaigns\|LockBit Campanhas no Brasil]] | [[lockbit-ransomware-group]], [[lockbit3]] | financial, government, healthcare, technology, critical-infrastructure | January 01, 2021 | | [[clop-accellion-campaign\|Clop File Transfer Exploitation Campaign]] | [[ta505\|TA505]], [[g0085-fin11\|FIN11]] | financial, healthcare, government, legal, education, energy, technology | December 01, 2020 | | [[horabot-latam-campaign\|Horabot LATAM Campaign]] | [[horabot-operators\|Horabot Operators]] | financial, accounting, construction, technology | November 01, 2020 | | [[operation-dream-job\|Operation Dream Job]] | [[g0032-lazarus-group]] | defense, aerospace, government, technology, financial | January 01, 2020 | | [[tradertraitor-campaign\|TraderTraitor Campaign]] | [[g0032-lazarus-group\|Lazarus Group]], [[g0082-apt38\|APT38]] | financial, cryptocurrency, technology, blockchain | January 01, 2020 | | [[cti/campaigns/lockbit-ransomware.md\|LockBit Ransomware Campaign]] | [[lockbit-group\|LockBit]] | financial, healthcare, government, manufacturing, critical-infrastructure, technology, education | September 01, 2019 | | [[operation-dreamjob\|Operation DreamJob]] | [[g0032-lazarus-group\|Lazarus Group]] | technology, defense, energy, financial, aerospace, government | September 01, 2019 | | [[phobos-raas-campaign\|Phobos RaaS Campaign]] | [[phobos-ransomware-group]] | government, healthcare, education, critical-infrastructure | May 01, 2019 | | [[operation-applejeus\|Operation AppleJeus]] | [[g0032-lazarus-group\|Lazarus Group]] | financial, cryptocurrency | January 01, 2018 | | [[stop-djvu-campaign\|STOP/DJVU Campaign]] | | consumers, small-business | January 01, 2018 | | [[grandoreiro-banking-campaign\|Grandoreiro Banking Campaign]] | [[s0531-grandoreiro\|Grandoreiro Operators]] | financial | January 01, 2017 | | [[snatchcrypto-campaign\|SnatchCrypto Campaign]] | [[g0124-bluenoroff\|BlueNoroff]], [[g0032-lazarus-group\|Lazarus Group]] | cryptocurrency, financial, technology, blockchain | January 01, 2017 | | [[operation-pegasus\|Operation Pegasus]] | [[nso-group]] | government, journalism, human-rights, legal | January 01, 2016 | | [[astaroth-guildma-campaign\|Astaroth/Guildma Campaign]] | [[GOLD HERON]] | financial | January 01, 2015 | | [[guildma-campaign\|Campanha Guildma - Trojan Bancario LATAM]] | [[_inbox/_processed/guildma.md\|guildma]] | financial, retail, government | January 01, 2015 | | [[iron-tiger-campaigns\|Iron Tiger Campaigns]] | [[g0027-threat-group-3390]] | government, defense, technology, telecommunications, gambling | January 01, 2015 | | [[operation-monsoon\|Operation Monsoon]] | [[g0040-patchwork]] | government, defense, think-tanks, academia | January 01, 2015 | | [[transparent-tribe-india-campaigns\|Transparent Tribe India Campaigns]] | [[g0134-transparent-tribe]], [[g0134-transparent-tribe]] | government, military, education, technology | January 01, 2013 | | [[operation-soft-cell\|Operation Soft Cell]] | [[g0093-gallium]] | telecommunications | January 01, 2012 | | [[operation-pawnstorm\|Operation Pawn Storm]] | [[cti/groups/g0007-apt28.md\|APT28]] | government, military, defense, media, energy | January 01, 2007 | <!-- SerializedQuery END --> --- ## Campanhas Recentes (Encerradas) %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Campanha", join(threat-actors, ", ") AS "Atores", join(sectors-targeted, ", ") AS "Setores", dates.start AS "Início" FROM "cti/campaigns" WHERE type = "campaign" AND (status = "inactive" OR status = "concluded") SORT dates.start DESC LIMIT 20 ``` %% <!-- QueryToSerialize: TABLE WITHOUT ID link(file.link, title) AS "Campanha", join(threat-actors, ", ") AS "Atores", join(sectors-targeted, ", ") AS "Setores", dates.start AS "Início" FROM "cti/campaigns" WHERE type = "campaign" AND (status = "inactive" OR status = "concluded") SORT dates.start DESC LIMIT 20 --> <!-- SerializedQuery: TABLE WITHOUT ID link(file.link, title) AS "Campanha", join(threat-actors, ", ") AS "Atores", join(sectors-targeted, ", ") AS "Setores", dates.start AS "Início" FROM "cti/campaigns" WHERE type = "campaign" AND (status = "inactive" OR status = "concluded") SORT dates.start DESC LIMIT 20 --> | Campanha | Atores | Setores | Início | | ----------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | ----------------- | | [[heartbeat-campaign\|Heartbeat Campaign]] | [[g0131-tonto-team]] | government, military, media | 2009 | | [[cisco-fmc-exploitation-campaign-2026\|Cisco FMC Exploitation Campaign 2026]] | [[cti/groups/interlock-ransomware.md\|Interlock Ransomware]] | education, healthcare, government, technology | January 01, 2026 | | [[operation-ghostmail\|Operation GhostMail]] | [[cti/groups/g0007-apt28.md\|APT28]] | government, critical-infrastructure | January 01, 2026 | | [[ruby-jumper-campaign\|Ruby Jumper Campaign]] | [[g0067-apt37]], [[scarcruft]] | government, military, research | October 01, 2025 | | [[operation-hankook-phantom\|Operation Hankook Phantom]] | [[g0067-apt37]], [[scarcruft]] | government, education, research | August 01, 2025 | | [[bybit-heist-2025\|Bybit Heist 2025]] | [[g0032-lazarus-group\|Lazarus Group]] | financial, cryptocurrency | February 01, 2025 | | [[hidden-risk-campaign-2024\|Hidden Risk Campaign 2024 - BlueNoroff macOS]] | [[g0124-bluenoroff]], [[g0032-lazarus-group]] | financial, technology | July 01, 2024 | | [[akira-veeam-campaign-2024\|Akira Veeam Campaign 2024]] | [[storm-1567]], [[akira-ransomware]] | transportation, critical-infrastructure | June 01, 2024 | | [[dmm-bitcoin-heist-2024\|DMM Bitcoin Heist 2024]] | [[g0032-lazarus-group]], [[tradertraitor]] | financial | May 01, 2024 | | [[operation-cronos\|Operation Cronos]] | [[lockbit\|LockBit Operators]] | cybercrime-enforcement | February 19, 2024 | | [[detankwar-game-campaign\|DeTankWar Game Campaign]] | [[g1036-moonstone-sleet]] | technology, defense, education | February 01, 2024 | | [[microsoft-corporate-breach-2024\|Microsoft Corporaté Breach 2024]] | [[g0016-apt29\|APT29 / Cozy Bear]] | technology | November 01, 2023 | | [[lockbit-citrix-bleed-2023\|LockBit Citrix Bleed Campaign 2023]] | [[lockbit\|LockBit Operators]] | financial, government, healthcare, technology | August 01, 2023 | | [[operation-deliverycheck-ukraine-2023\|Operation DeliveryCheck - Turla contra Defesa Ucraniana 2023]] | [[g0010-turla]], [[secret-blizzard]] | defense, government, military | June 01, 2023 | | [[moveit-transfer-campaign\|MOVEit Transfer Campaign]] | [[cti/groups/cl0p.md\|Cl0p / TA505]] | government, healthcare, financial, technology, education | May 01, 2023 | | [[water-curupira-campaign\|Water Curupira Campaign]] | [[g1037-ta577]] | financial, technology, manufacturing | January 01, 2023 | | [[play-latam-campaign-2023\|Play Ransomware - Campanha LATAM 2023]] | [[play-ransomware]] | government, financial, healthcare, critical-infrastructure, technology | June 01, 2022 | | [[conti-costa-rica-attack-2022\|Conti Costa Rica Attack 2022]] | [[conti-ransomware-operations]], [[g0102-conti-group]] | government, critical-infrastructure, financial | April 17, 2022 | | [[uac-0041-campaign-2022\|UAC-0041 Campaign 2022]] | [[uac-0041]] | government, military, critical-infrastructure | March 01, 2022 | | [[apt28-nearest-neighbor-campaign\|APT28 Nearest Neighbor Campaign]] | [[cti/groups/g0007-apt28.md\|APT28]] | government, technology, defense | February 01, 2022 | <!-- SerializedQuery END --> --- ## Por Ator Responsável | Ator | Campanhas Documentadas | |------|----------------------| | [[g0032-lazarus-group\|Lazarus Group]] | [[operation-dreamjob\|Operation DreamJob]] · [[operation-applejeus\|Operation AppleJeus]] · [[bybit-heist-2025\|Bybit Heist 2025]] · [[wannacry\|WannaCry]] · [[sony-pictures-hack\|Sony Pictures Hack]] | | [[g0016-apt29\|APT29 / Cozy Bear]] | [[solarwinds-supply-chain-attack\|SolarWinds Supply Chain Attack]] · [[covid-19-vaccine-espionage\|COVID-19 Vaccine Espionage]] · [[microsoft-corporate-breach-2024\|Microsoft Corporate Breach 2024]] · [[european-diplomatic-phishing-2025\|European Diplomatic Phishing 2025]] | | [[g0007-apt28\|APT28 / Fancy Bear]] | [[dnc-hack-2016\|DNC Hack 2016]] · [[operation-pawn-storm\|Operation Pawn Storm]] · [[apt28-nearest-neighbor-campaign\|APT28 Nearest Neighbor Campaign]] · [[Targeting Western Logistics 2024-2025]] | | [[cl0p\|Cl0p / TA505]] | [[moveit-transfer-campaign\|MOVEit Transfer Campaign]] · [[accellion-fta-exploitation]] · [[cleo-file-transfer-exploitation]] | | [[g1017-volt-typhoon\|Volt Typhoon]] | [[volt-typhoon-infrastructure-campaign\|Volt Typhoon Infrastructure Campaign]] | | [[lockbit\|LockBit Operators]] | [[LockBit Citrix Bleed Campaign 2023]] | | [[s0531-grandoreiro\|Grandoreiro Operators]] | [[grandoreiro-banking-campaign\|Grandoreiro Banking Campaign]] · [[grandoreiro-global-expansion-2024\|Grandoreiro Global Expansion 2024]] | | [[interlock-ransomware\|Interlock Ransomware]] | [[cisco-fmc-exploitation-campaign-2026\|Cisco FMC Exploitation Campaign 2026]] | | [[g0034-sandworm\|Sandworm]] | [[Targeting Western Logistics 2024-2025]] | --- ## Por Setor Alvejado | Setor | Campanhas | |-------|-----------| | [[financial]] | [[bybit-heist-2025\|Bybit Heist 2025]] · [[grandoreiro-banking-campaign\|Grandoreiro Banking Campaign]] · [[moveit-transfer-campaign\|MOVEit Transfer Campaign]] · [[operation-applejeus\|Operation AppleJeus]] · [[LockBit Citrix Bleed Campaign 2023]] | | [[government]] | [[solarwinds-supply-chain-attack\|SolarWinds Supply Chain Attack]] · [[volt-typhoon-infrastructure-campaign\|Volt Typhoon Infrastructure Campaign]] · [[dnc-hack-2016\|DNC Hack 2016]] · [[moveit-transfer-campaign\|MOVEit Transfer Campaign]] · [[covid-19-vaccine-espionage\|COVID-19 Vaccine Espionage]] | | [[technology]] | [[solarwinds-supply-chain-attack\|SolarWinds Supply Chain Attack]] · [[microsoft-corporate-breach-2024\|Microsoft Corporate Breach 2024]] · [[operation-dreamjob\|Operation DreamJob]] · [[operation-pawn-storm\|Operation Pawn Storm]] | | [[healthcare]] | [[covid-19-vaccine-espionage\|COVID-19 Vaccine Espionage]] · [[moveit-transfer-campaign\|MOVEit Transfer Campaign]] · [[wannacry\|WannaCry]] · [[accellion-fta-exploitation]] | | critical-infrastructure | [[volt-typhoon-infrastructure-campaign\|Volt Typhoon Infrastructure Campaign]] · [[Targeting Western Logistics 2024-2025]] | | cryptocurrency | [[bybit-heist-2025\|Bybit Heist 2025]] · [[operation-applejeus\|Operation AppleJeus]] | --- ## Últimas Atualizações %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Campanha", type AS "Tipo", dateformat(file.mtime, "yyyy-MM-dd HH:mm") AS "Modificado" FROM "cti/campaigns" WHERE publish = true AND !contains(file.name, "_") SORT file.mtime DESC LIMIT 5 ``` %% <!-- QueryToSerialize: TABLE WITHOUT ID link(file.link, title) AS "Campanha", type AS "Tipo", dateformat(file.mtime, "yyyy-MM-dd HH:mm") AS "Modificado" FROM "cti/campaigns" WHERE publish = true AND !contains(file.name, "_") SORT file.mtime DESC LIMIT 5 --> <!-- SerializedQuery: TABLE WITHOUT ID link(file.link, title) AS "Campanha", type AS "Tipo", dateformat(file.mtime, "yyyy-MM-dd HH:mm") AS "Modificado" FROM "cti/campaigns" WHERE publish = true AND !contains(file.name, "_") SORT file.mtime DESC LIMIT 5 --> | Campanha | Tipo | Modificado | | ------------------------------------------------------------------------------- | -------- | ---------------- | | [[wannacry-global-attack-2017\|WannaCry - Ataque Global 2017]] | campaign | 2026-03-30 19:12 | | [[water-curupira-campaign\|Water Curupira Campaign]] | campaign | 2026-03-30 19:12 | | [[voho-campaign\|VOHO Campaign 2012]] | campaign | 2026-03-30 19:12 | | [[wannacry-campaign\|WannaCry Campaign]] | campaign | 2026-03-30 19:12 | | [[viasat-kasat-attack-2022\|Viasat KA-SAT Attack 2022]] | campaign | 2026-03-30 19:12 | <!-- SerializedQuery END --> --- *Campanhas são monitoradas continuamente. Para ver as técnicas utilizadas em campanhas específicas, consulte [[_techniques|Técnicas (MITRE ATT&CK)]]. Para perfis dos grupos envolvidos, consulte [[_groups|Threat Actors]].*