Operation 1 Title: Operation Iron Grid APT Group: Sandworm (Russian GRU) Description: Investigate a massive power outage affecting critical infrastructure. Use OT/ICS forensics to track the attacker's pivot from the corporate IT network into the SCADA control systems using blackenergy malware variants. Operation 2 Title: Operation Silent Tsunami APT Group: Lazarus Group (North Korea) Description: A major decentralized finance (DeFi) platform has been drained of $600M. Trace the laundered cryptocurrency through mixer services and analyze the social engineering campaign that targeted developers with weaponized job offers. Operation 3 Title: Operation Glass Serpent APT Group: APT41 (Barium) Description: A distinct supply chain attack compromising a popular server management software. Identify the malicious DLL injection in the signed update package and track the actor's dual-mission of espionage and financial theft across victim networks. Operation 4 Title: Operation Phantom Ballot APT Group: APT28 (Fancy Bear) Description: Uncover a disinformation and spear-phishing campaign targeting political organizations ahead of a national election. Analyze leaked documents, track domain infrastructure used for credential harvesting, and identify the Oauth token abuse techniques. Operation 5 Title: Operation Black Harvest APT Group: Wizard Spider (Ryuk/Conti) Description: Respond to a catastrophic ransomware attack paralyzing a regional hospital network. Recover patient data from shadow copies, identify the initial access broker's entry point via TrickBot, and trace the lateral movement using Cobalt Strike beacons. Operation 6 Title: Operation Golden Ticket APT Group: Carbanak / FIN7 Description: A global banking heist involving the manipulation of ATM withdrawal limits and SWIFT transaction gateways. Analyze the specialized administrative tools used by the attackers to impersonate bank clerks and authorize fraudulent transfers. Operation 7 Title: Operation Desert Hawk APT Group: APT34 (OilRig) Description: Investigate a cyber-espionage campaign targeting telecommunications providers in the Middle East. Analyze the use of DNS tunneling for command and control (C2) and the deployment of custom PowerShell backdoors hidden in scheduled tasks. Operation 8 Title: Operation Cloud Hopper APT Group: APT10 (Stone Panda) Description: Defend against a massive MSP (Managed Service Provider) compromise strategy. The attacker is using legitimate credentials stolen from a service provider to jump into client networks globally. Detect the "living off the land" techniques and isolate the compromised service accounts. Operation 9 Title: Operation Infinite Loop APT Group: Equation Group / Lamberts Description: Analyze a sophisticated firmware implant discovered on enterprise firewalls. This advanced persistent threat persists across reboots and OS re-installations. Conduct low-level forensic analysis of the SPI flash memory to extract the payload. Operation 10 Title: Operation Ocean Lotus APT Group: APT32 (OceanLotus) Description: A targeted watering hole attack on a human rights organization's website. Users are infected with a custom backdoor upon visiting the site. Analyze the obfuscated JavaScript payload and the subsequent macOS malware deployment. Operation 11 Title: Operation Radiant Horizon APT Group: Hafnium (China) Description: Respond to a mass-exploitation event targeting on-premise Exchange servers. Analyze web shell artifacts (China Chopper), identify the chain of zero-day vulnerabilities (ProxyLogon) used for initial access, and determine the scope of data exfiltration. Operation 12 Title: Operation Silent Star APT Group: Turla (Snake / Uroburos) Description: Uncover a covert communication channel hijacking commercial satellite internet links. Analyze the high-jacking of downstream traffic to hide Command & Control (C2) locations and identify the sophisticated rootkit used to maintain persistence on diplomatic networks. Operation 13 Title: Operation Dragon Breath APT Group: APT40 (Periscope) Description: Investigate the theft of maritime research data from a naval engineering university. Track the actor’s use of compromised web servers as relay points and analyze the custom malware designed to exfiltrate proprietary sonar technology schematics. Operation 14 Title: Operation Wasted Locker APT Group: Evil Corp (Indrik Spider) Description: A Fortune 500 company is held hostage by a targeted ransomware attack. Negotiate (simulated) with the attackers while simultaneously reverse-engineering the malware to find a flaw in the encryption routine and tracing the initial infection vector to a drive-by download. Operation 15 Title: Operation Soft Cell APT Group: Gallium (Soft Cell) Description: Detect and remediate a long-term intrusion into global telecommunications providers. The attacker is capturing Call Detail Records (CDR) of specific high-value targets. Analyze the web shell usage on IIS servers and the technique of "living off the land" to avoid detection. Operation 16 Title: Operation Rabid Dog APT Group: MuddyWater (Static Kitten) Description: A destructive wiper attack masquerading as ransomware hits a government agency. Analyze the macro-enabled document delivery vector, dissect the "POWERSTATS" backdoor, and recover forensic artifacts before the disk wiping logic executes. Operation 17 Title: Operation Gothic Panda APT Group: APT3 (Gothic Panda) Description: Investigate the use of a browser zero-day exploit (Internet Explorer) targeting defense contractors. Analyze the heap spray technique used in the exploit, track the "Pirpi" backdoor, and map the attacker's lateral movement through RDP sessions. Operation 18 Title: Operation Red Apollo APT Group: APT10 (MenuPass) Description: A sustained espionage campaign targeting intellectual property in the aerospace sector. Identify the use of DLL side-loading techniques to execute malicious payloads via legitimate applications and analyze the exfiltration of large CAD files. Operation 19 Title: Operation Whitefly APT Group: Whitefly (Singapore-based?) Description: Investigate a breach in the healthcare and materials science sector. Analyze the custom "Vcrodat" malware used for persistence and the attacker's tactic of compromising open-source tools to blend in with legitimate developer activity. Operation 20 Title: Operation Double Dragon APT Group: APT41 (Double Dragon) Description: A dual-mode operation involving both state-sponsored espionage and personal financial gain. Track the attacker as they pivot from stealing strategic game source code (for profit) to accessing databases containing citizens' personally identifiable information (PII) (for espionage). Operation 21 Title: Operation Silent Shield APT Group: Kimsuky (Velvet Chollima) Description: A spear-phishing campaign targets a global think tank specializing in nuclear policy. Analyze the malicious browser extension used to steal emails and the "BabyShark" malware VBS scripts employed for persistence. Operation 22 Title: Operation Red Echo APT Group: APT41 / RedEcho Description: Detect and mitigate a shadowing campaign within a national power grid's dispatch centers. The attacker uses a specific modular malware framework to maintain stealthy access without disrupting operations, gathering intelligence on grid load balancing. Operation 23 Title: Operation Pipeline Shut APT Group: DarkSide Description: A ransomware crisis forces the shutdown of a major fuel pipeline. Trace the affiliate's entry vector through a leaked VPN password, analyze the double-extortion tactics, and track the Bitcoin ransom payment through the blockchain. Operation 24 Title: Operation Kinetic Strike APT Group: REvil (Sodinokibi) Description: A supply chain attack via a compromised Managed Service Provider (MSP) software update. Thousands of businesses are encrypted simultaneously. Reverse engineer the unique "RC4" encryption routine and identify the kill-switch domain to stop the spread. Operation 25 Title: Operation File Transfer APT Group: Cl0p (TA505) Description: A zero-day vulnerability in a widely used file transfer appliance is exploited to steal terabytes of corporate data. Analyze the webshells dropped on the appliance and the SQL injection techniques used to bypass authentication. Operation 26 Title: Operation Midnight Storm APT Group: Nobelium (Midnight Blizzard) Description: Investigate a complex cloud identity compromise targeting diplomatic entities. The attacker uses "Password Spraying" and "Token Theft" to bypass MFA, eventually creating rogue OAuth applications to maintain persistent access to cloud emails. ===================================== Operation 27 Title: Operation Volt Strike APT Group: Volt Typhoon Description: Detect a stealthy "Living off the Land" campaign in critical infrastructure sectors. The attacker avoids custom malware, relying entirely on built-in Windows tools (LOLBins) like PowerShell, WMI, and netsh to blend in with administrative activity. Operation 28 Title: Operation Charming Charter APT Group: Charming Kitten (Phosphorus) Description: A social engineering campaign targets journalists and human rights activists via WhatsApp and email. Analyze the "DownPaper" backdoor and the credential harvesting pages disguised as legitimate interview request forms. Operation 29 Title: Operation Fox Hunt APT Group: Fox Kitten Description: A simplified but effective campaign exploiting unpatched VPN concentrators at scale. Identify the initial web shells placed on the VPN device and the rapid pivot to an internal Domain Controller to dump credentials within hours of access. Operation 30 Title: Operation Swipe Left APT Group: FIN6 Description: Investigate a breach of a retail giant's Point-of-Sale (POS) network. The attacker used compromised vendor credentials to access the network and deployed "Trinity" malware to scrape credit card data from RAM before encryption. Operation 31 Title: Operation Cart Skimmer APT Group: Magecart (Group 12) Description: A digital skimming attack infects the checkout pages of hundreds of online stores. Analyze the obfuscated JavaScript code injected via a compromised third-party advertising library and trace the exfiltrated data to a drop server. Operation 32 Title: Operation Primitive Bear APT Group: Gamaredon (Shuckworm) Description: A high-volume cyber-espionage campaign targeting military personnel. Analyze the use of weaponized Word documents with template injection and the custom VBScript backdoors used for rapid data theft. Operation 33 Title: Operation Energy Bear APT Group: Dragonfly (Energetic Bear) Description: A strategic intrusion into the energy sector supply chain. The attacker trojanized legitimate software updates for ICS equipment. Identify the "Havex" RAT and map the network reconnaissance performed on the industrial control network. Operation 34 Title: Operation Hotel Guest APT Group: DarkHotel Description: A precision spear-phishing campaign targets executives staying at luxury hotels. The attacker uses the hotel's Wi-Fi network to deliver signed malware disguised as software updates. Analyze the "Tapaoux" malware and the certificate spoofing. Operation 35 Title: Operation Sea Lotus APT Group: Naikon Description: Investigate a long-running espionage campaign in the South China Sea region. The attacker exploits the "RoyalRoad" RTF weaponizer to deliver the "Aria-body" backdoor. Analyze the C2 infrastructure mimicking legitimate regional government domains. Operation 36 Title: Operation Ghost Writer APT Group: UNC1151 Description: A hybrid cyber-influence operation hacking news websites to publish fabricated narratives. Trace the compromise of CMS accounts and the coordinated social media amplification of the fake articles. Operation 37 Title: Operation Stone Panda APT Group: APT10 (Cicada) Description: A focused campaign against Japanese automotive and heavy industry sectors. Analyze the use of the "Quasar RAT" and the DLL side-loading of malware via legitimate security products to evade detection. Operation 38 Title: Operation Wicked Game APT Group: APT41 (Wicked Panda) Description: A supply chain attack targeting the video game industry. The attacker compromises the build environment to inject a backdoor into the game executable distributed to millions of players. Identify the "ShadowPad" payload. Operation 39 Title: Operation Heavy Anchor APT Group: Lazarus (Andariel) Description: A campaign targeting the defense industrial base to steal tank and laser weapon schematics. Analyze the usage of the "DTrack" malware and the specific focus on South Korean defense contractors. Operation 40 Title: Operation Kitty Corner APT Group: CopyKittens Description: An espionage campaign targeting Ministries of Foreign Affairs. The attacker uses the "Matryoshka" RAT, which uses DNS tunneling for C2. Decode the DNS traffic to reconstruct the stolen documents. ========= Operation 41 Title: Operation Rocket Man APT Group: Rocket Kitten Description: A persistent threat actor targeting the aerospace industry. Analyze the "Gholee" malware and the use of fake Facebook personas to build trust with targets before delivering the payload via direct message. Operation 42 Title: Operation Jolly Roger APT Group: Lazarus (WannaCry) Description: A wormable ransomware outbreak spreads globally via the EternalBlue exploit. Analyze the SMB propagation mechanism, the kill-switch domain, and the encryption logic to determine if files can be decrypted without payment. Operation 43 Title: Operation Blackout APT Group: Sandworm (NotPetya) Description: A destructive wiper attack disguised as ransomware spreads via a compromised accounting software update. Identify the MBR overwriting behavior and the use of Mimikatz to harvest credentials for rapid lateral movement. Operation 44 Title: Operation Bad Rabbit APT Group: Callisto Group? (Unattributed) Description: A drive-by download attack distributes ransomware via fake Adobe Flash updates on compromised news sites. Analyze the "DiskCryptor" code used to encrypt the hard drive and the SMB spreading mechanism. Operation 45 Title: Operation False Flag APT Group: Sandworm (Olympic Destroyer) Description: A cyberattack disrupts the opening ceremony of a major sporting event. The malware contains false flags pointing to other nations. Deconstruct the malware to identify the true attribution based on code similarities to previous Sandworm operations. Operation 46 Title: Operation Shadow Hammer APT Group: Barium (Winnti) Description: One of the largest supply chain attacks ever, compromising the ASUS Live Update utility. Identify the specific MAC addresses targeted by the malware, indicating a surgical strike hidden within a mass infection. Operation 47 Title: Operation Cloud Atlas APT Group: Inception Description: A high-level espionage campaign targeting diplomatic entities in Eastern Europe. The attacker uses "Cloud Atlas" malware which relies on cloud storage services (like OneDrive/Google Drive) for C2 to evade network monitoring. Operation 48 Title: Operation Red October APT Group: Rocra Description: A massive cyber-espionage campaign targeting diplomatic, governmental, and scientific research organizations. Analyze the "Rocra" malware framework designed to steal encrypted files and recover deleted data from USB drives. Operation 49 Title: Operation Flame APT Group: Equation Group Description: A highly sophisticated malware platform used for cyber-espionage in the Middle East. Analyze the modules for audio recording, Bluetooth sniffing, and screen capture, and the use of MD5 collision attacks to sign the malware. Operation 50 Title: Operation Legacy APT Group: Equation Group (Stuxnet) Description: The first known cyber-weapon to cause physical damage. Investigate the PLC rootkit designed to manipulate the frequency of industrial centrifuges while replaying normal sensor data to the monitoring systems. Operation 51 Title: Operation Sunburst APT Group: APT29 (Cozy Bear / Nobelium) Description: Investigate the SolarWinds supply chain attack - one of the most sophisticated espionage operations in history. Analyze the SUNBURST backdoor injected into the Orion software update, the domain generation algorithm (DGA) for C2, and the targeted second-stage payloads deployed to high-value government agencies. Operation 52 Title: Operation Sony Spectacle APT Group: Lazarus Group (North Korea) Description: Respond to the devastating Sony Pictures hack that leaked unreleased films, executive emails, and employee data. Analyze the "Destover" wiper malware, trace the data exfiltration through proxy chains, and investigate the geopolitical motivations behind the attack. Operation 53 Title: Operation Bullseye APT Group: FIN7 / Anunak Description: Investigate the massive Target retail breach that compromised 40 million credit cards during holiday shopping. Trace the initial access through a compromised HVAC vendor, analyze the RAM-scraping malware on POS systems, and map the lateral movement to the payment network. Operation 54 Title: Operation Credit Bureau APT Group: Chinese State-Sponsored (Unattributed) Description: Respond to the Equifax breach exposing 147 million Americans' personal data. Analyze the Apache Struts vulnerability exploitation (CVE-2017-5638), the 76-day undetected dwell time, and the web shell persistence mechanisms used for data exfiltration. Operation 55 Title: Operation Log4Chaos APT Group: Multiple (Chinese APTs, Ransomware Groups) Description: Mass exploitation of the Log4Shell vulnerability (CVE-2021-44228) affecting millions of Java applications worldwide. Analyze JNDI injection payloads, cryptominer deployments, and the race between defenders patching and attackers establishing persistence. Operation 56 Title: Operation MOVEit Mayhem APT Group: Cl0p (TA505) Description: Zero-day exploitation of the MOVEit file transfer platform affecting thousands of organizations. Analyze the SQL injection vulnerability, the automated mass data theft, and the unique extortion model without deploying ransomware encryptors. Operation 57 Title: Operation ProxyShell APT Group: Multiple (Hafnium, LockBit, Conti) Description: Investigate mass exploitation of Microsoft Exchange vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207). Analyze web shell deployments, privilege escalation chains, and the rapid weaponization by both APT groups and ransomware operators. Operation 58 Title: Operation Meat Grinder APT Group: REvil (Sodinokibi) Description: Respond to the JBS Foods ransomware attack that disrupted meat production across North America and Australia. Trace the $11 million Bitcoin ransom payment, analyze the affiliate's tactics, and investigate the FBI's partial recovery of funds. Operation 59 Title: Operation BlackEnergy APT Group: Sandworm (Russian GRU Unit 74455) Description: Investigate the 2015 Ukrainian power grid attack - the first confirmed cyberattack to cause a power outage. Analyze BlackEnergy malware, KillDisk wiper deployment, and the coordinated SCADA manipulation that left 230,000 people without electricity. Operation 60 Title: Operation Anthem Blues APT Group: Deep Panda (APT19) Description: Investigate the Anthem health insurance breach exposing 78.8 million patient records. Analyze the phishing campaign targeting IT administrators, the use of custom "Derusbi" malware, and the peculiar lack of encryption on the stolen database. Operation 61 Title: Operation OPM Heist APT Group: APT1 (Comment Crew) / Deep Panda Description: Investigate the U.S. Office of Personnel Management breach exposing 21.5 million federal employee security clearance files. Analyze the "PlugX" RAT deployment, the theft of fingerprint records, and the counterintelligence implications of the stolen SF-86 forms. ******************** Operation 62 Title: Operation Marriott Checkout APT Group: APT1 (Chinese State-Sponsored) Description: Investigate the Starwood/Marriott breach affecting 500 million guest records over 4 years undetected. Analyze the RAT persistence through the Starwood acquisition, the encryption of exfiltrated data, and the passport number exposure. Operation 63 Title: Operation Capitol Breach APT Group: APT28 (Fancy Bear) Description: Investigate the 2016 Democratic National Committee hack that influenced a presidential election. Analyze the X-Agent and X-Tunnel implants, the weaponization of stolen emails via WikiLeaks, and the spear-phishing campaign that harvested credentials. Operation 64 Title: Operation Shamoon Storm APT Group: APT33 (Elfin) Description: Investigate the Shamoon wiper attack that destroyed 35,000 Saudi Aramco workstations. Analyze the MBR overwriting mechanism, the politically-motivated timing, and the imagery of a burning American flag left on infected machines. Operation 65 Title: Operation Cobalt Factory APT Group: Cobalt Group Description: Investigate the campaign targeting banks' ATM infrastructure across 40+ countries. Analyze the manipulation of ATM software to dispense cash on command, the compromise of card processing networks, and the money mule operation. Operation 66 Title: Operation Swift Heist APT Group: Lazarus Group (APT38) Description: Investigate the Bangladesh Bank heist that attempted to steal $951 million via SWIFT network manipulation. Analyze the custom malware that hid fraudulent transfer evidence, the typo that prevented full theft, and the laundering through Philippine casinos. Operation 67 Title: Operation CCleaner APT Group: Barium (Winnti / APT41) Description: Investigate the CCleaner supply chain attack affecting 2.27 million users. Analyze the second-stage payload targeting only 40 specific technology companies, revealing a surgical espionage operation hidden within mass distribution. ********************************************* Operation 68 Title: Operation Triton APT Group: TEMP.Veles (Russian CNIIHM) Description: Investigate the Triton/TRISIS malware targeting Schneider Electric Triconex safety systems at a petrochemical plant. Analyze the attempt to manipulate safety instrumented systems (SIS) that could have caused physical damage or loss of life. Operation 69 Title: Operation Ransomwhere APT Group: Conti Description: Respond to the devastating attack on Ireland's Health Service Executive (HSE). Analyze the 700GB data theft, the crippling of COVID-19 vaccination systems, and the unusual situation where decryption keys were provided but data was still leaked. ********************** Operation 70 Title: Operation VPN Exploit APT Group: Hafnium Description: Investigate mass exploitation of Pulse Secure, Fortinet, and Citrix VPN appliances. Analyze the authentication bypass vulnerabilities, the web shell persistence, and the targeting of defense contractors and government agencies. Operation 71 Title: Operation Kaseya Cascade APT Group: REvil (Sodinokibi) Description: Investigate the Independence Day weekend attack exploiting Kaseya VSA to encrypt 1,500+ businesses simultaneously. Analyze the MSP supply chain compromise, the $70 million ransom demand, and the eventual acquisition of decryption keys. Operation 72 Title: Operation Ukraine Grid 2016 APT Group: Sandworm (Industroyer/CrashOverride) Description: Investigate the second Ukrainian power grid attack using the first malware specifically designed for electric grids. Analyze the Industroyer framework's ICS protocol knowledge (IEC 101, IEC 104, OPC) and the coordinated multi-substation attack. Operation 73 Title: Operation Capital One APT Group: Insider / Opportunistic Description: Investigate the Capital One breach exposing 100 million credit applications via misconfigured AWS WAF. Analyze the SSRF attack vector, the IAM role abuse, and the peculiar case of an insider with cloud expertise. Operation 74 Title: Operation Twitter Takeover APT Group: Social Engineering / Insider Description: Investigate the 2020 Twitter hack that compromised high-profile accounts (Obama, Musk, Gates) for a Bitcoin scam. Analyze the social engineering of Twitter employees, the abuse of internal admin tools, and the $120,000 cryptocurrency theft. Operation 75 Title: Operation Mimecast Compromise APT Group: APT29 (Nobelium/Cozy Bear) Description: Investigate the Mimecast certificate compromise linked to SolarWinds attackers. Analyze the stolen authentication certificate used to access customer Microsoft 365 environments and the supply chain trust exploitation. Operation 76 Title: Operation Uber Breach APT Group: Lapsus$ (Teen Hackers) Description: Investigate the 2022 Uber breach where an 18-year-old compromised the entire corporate network. Analyze the MFA fatigue attack on a contractor, the Slack social engineering, and the access to HackerOne vulnerability reports. Operation 77 Title: Operation LastPass Vault APT Group: Unknown (Targeted Attack) Description: Investigate the LastPass breach affecting 30 million users' encrypted vaults. Trace the initial compromise of a DevOps engineer's home computer, the theft of cloud storage encryption keys, and assess the risk to master passwords. Operation 78 Title: Operation Okta Intrusion APT Group: Lapsus$ (DEV-0537) Description: Investigate the Okta breach through a third-party support contractor. Analyze the SuperUser portal access, the 366 affected customers, and the supply chain trust implications for identity-as-a-service providers. Operation 79 Title: Operation Nvidia Heist APT Group: Lapsus$ Description: Investigate the theft of 1TB of Nvidia proprietary data including GPU drivers and firmware. Analyze the extortion demands for open-source drivers, the leaked code-signing certificates, and the unusual public spectacle tactics. Operation 80 Title: Operation Samsung Leak APT Group: Lapsus$ Description: Investigate the theft of 190GB of Samsung source code including Galaxy device bootloaders and TrustZone security. Analyze the Telegram-based extortion channel and the impact on mobile security research. Operation 81 Title: Operation Costa Rica APT Group: Conti Description: Investigate the ransomware attack that caused Costa Rica to declare a national emergency. Analyze the multi-ministry encryption, the $20 million ransom demand, and the political messaging from the attacker. Operation 82 Title: Operation WannaCry NHS APT Group: Lazarus Group Description: Investigate the NHS impact of WannaCry where 80 hospital trusts were affected. Analyze the unpatched Windows XP systems, the canceled surgeries, and the accidental discovery of the kill-switch domain. Operation 83 Title: Operation City of Atlanta APT Group: SamSam (Iranian Hackers) Description: Investigate the ransomware attack that crippled Atlanta's municipal services for weeks. Analyze the RDP brute-force entry, the $51,000 ransom demand, and the $17 million recovery cost. ******************************** Operation 84 Title: Operation Baltimore APT Group: RobbinHood Description: Investigate the ransomware attack on Baltimore city systems lasting months. Analyze the exploitation of a vulnerable remote access tool and the city's controversial decision to refuse ransom payment. Operation 85 Title: Operation Garmin Outage APT Group: Evil Corp (WastedLocker) Description: Investigate the ransomware attack that took Garmin's services offline for days. Analyze the alleged $10 million ransom payment, the aviation service disruption, and the sanctions evasion concerns. Operation 86 Title: Operation Norsk Hydro APT Group: LockerGoga Description: Investigate the ransomware attack on the aluminum manufacturing giant. Analyze the decision to restore from backups rather than pay, the switch to manual operations, and the $75 million business impact. Operation 87 Title: Operation Maersk NotPetya APT Group: Sandworm Description: Investigate the $300 million impact on Maersk shipping operations from NotPetya. Analyze the complete IT infrastructure rebuild, the fortuitous offline Ghana domain controller, and the 10-day recovery effort. Operation 88 Title: Operation Merck Disruption APT Group: Sandworm (NotPetya) Description: Investigate the $1.4 billion NotPetya impact on pharmaceutical operations. Analyze the vaccine production disruption and the landmark cyber insurance legal battle over "act of war" exclusions. Operation 89 Title: Operation FedEx TNT APT Group: Sandworm (NotPetya) Description: Investigate the $400 million NotPetya impact on FedEx's TNT Express subsidiary. Analyze the permanent data loss in legacy systems and the integration challenges that amplified the damage. Operation 90 Title: Operation Ronin Bridge APT Group: Lazarus Group Description: Investigate the $625 million cryptocurrency theft from Axie Infinity's Ronin Bridge - the largest crypto hack in history. Analyze the compromised validator keys and the blockchain forensics tracking stolen funds. ******************** Operation 91 Title: Operation Harmony Bridge APT Group: Lazarus Group Description: Investigate the $100 million theft from Harmony Protocol's bridge. Analyze the compromised multi-sig scheme and the North Korean cryptocurrency laundering infrastructure. Operation 92 Title: Operation Wormhole Bridge APT Group: Unknown Description: Investigate the $325 million theft exploiting a signature verification vulnerability in Wormhole bridge. Analyze the smart contract exploitation and the unusual offer of a $10 million bug bounty to the attacker. ******************** Operation 93 Title: Operation Poly Network APT Group: Unknown (White Hat?) Description: Investigate the bizarre $610 million DeFi hack where the attacker returned the funds. Analyze the cross-chain vulnerability exploitation and the unusual dialogue between victim and attacker. Operation 94 Title: Operation T-Mobile Breach APT Group: John Binns (Individual) Description: Investigate the 2021 T-Mobile breach exposing 54 million customer records. Analyze the unprotected router exploitation, the public taunting of the company's security, and the data sale on underground forums. Operation 95 Title: Operation Yahoo Breach APT Group: FSB Officers / Criminal Hackers Description: Investigate history's largest data breach affecting 3 billion Yahoo accounts. Analyze the forged cookies enabling account access without passwords and the state-sponsored targeting of journalists. Operation 96 Title: Operation LinkedIn Scrape APT Group: Data Brokers Description: Investigate the scraping of 700 million LinkedIn profiles. Analyze the API abuse, the distinction between "scraping" and "breach," and the aggregation risks of combining public data. ******************** Operation 97 Title: Operation Facebook Leak APT Group: Unknown Description: Investigate the leak of 533 million Facebook users' phone numbers and personal data. Analyze the contact importer vulnerability exploitation and the years-long exposure before public disclosure. Operation 98 Title: Operation Twitch Leak APT Group: Anonymous (4chan) Description: Investigate the complete Twitch source code and streamer earnings leak. Analyze the misconfigured server exposure, the 125GB torrent release, and the competitive intelligence implications. Operation 99 Title: Operation GoDaddy Breach APT Group: Unknown (Social Engineering) Description: Investigate the multi-year GoDaddy campaign affecting 1.2 million WordPress customers. Analyze the compromised employee credentials, the sFTP password exposure, and the SSL private key theft. ******************** Operation 100 Title: Operation Microsoft Email Servers APT Group: Hafnium (ProxyLogon) Description: Investigate the mass exploitation affecting 250,000+ Exchange servers worldwide. Analyze the four zero-day vulnerabilities chained together (CVE-2021-26855, etc.), the web shell deployments, and the race to patch before ransomware operators weaponized the access. Operation 101 Title: Operation Pegasus APT Group: NSO Group (Commercial Spyware) Description: Investigate the abuse of Pegasus spyware targeting journalists, activists, and heads of state. Analyze the zero-click iMessage exploits, the FORCEDENTRY vulnerability, and the forensic indicators on infected iOS devices. Operation 102 Title: Operation APT1 Mandiant APT Group: APT1 (PLA Unit 61398) Description: The landmark investigation that publicly attributed Chinese military hackers. Analyze the "Comment Crew" tactics, the Shanghai-based infrastructure, and the theft of intellectual property from 141+ organizations across 20 industries. Operation 103 Title: Operation Regin APT Group: Five Eyes (GCHQ/NSA) Description: Investigate the highly sophisticated modular malware platform used for intelligence gathering. Analyze the GSM base station targeting, the encrypted virtual file system, and the multi-stage loading architecture. Operation 104 Title: Operation Duqu APT Group: Equation Group (Tilded Platform) Description: Investigate the Stuxnet-related reconnaissance malware targeting industrial control system vendors. Analyze the shared code lineage with Stuxnet and the focus on gathering intelligence for future attacks. ******************* Operation 105 Title: Operation Careto APT Group: The Mask (Spanish-speaking APT) Description: Investigate the sophisticated espionage campaign targeting government institutions, diplomatic entities, and energy companies. Analyze the custom "Careto" malware's ability to intercept all communication channels. Operation 106 Title: Operation Machete APT Group: Machete (Latin American APT) Description: Investigate the long-running espionage campaign targeting military and government organizations in Venezuela, Ecuador, and Colombia. Analyze the social engineering lures and custom Python-based RATs. ****************** Operation 107 Title: Operation Poseidon APT Group: Poseidon Group Description: Investigate the Brazilian-Portuguese speaking cybermercenary group. Analyze the targeted attacks on financial institutions and the extortion-based business model threatening to leak stolen data. Operation 108 Title: Operation Carbanak 2.0 APT Group: FIN7 (Carbanak) Description: Investigate the next evolution of bank-targeting malware. Analyze the shift from direct theft to point-of-sale targeting and the use of legitimate penetration testing tools for malicious purposes. ************* Operation 109 Title: Operation Silence APT Group: Silence Group Description: Investigate the Russian-speaking group targeting banks across Eastern Europe. Analyze the ATM control malware and the meticulous reconnaissance phase studying bank employee behavior. ********************* Operation 110 Title: Operation Cobalt Gypsy APT Group: APT35 (Cobalt Gypsy) Description: Investigate Iranian cyber-espionage operations against aerospace and telecommunications. Analyze the "Magic Hound" malware and the use of legitimate cloud services for command and control. **************** Operation 111 Title: Operation Leafminer APT Group: Leafminer (Iranian APT) Description: Investigate the regional espionage campaign targeting government and business entities in the Middle East. Analyze the Dropbox-based C2 infrastructure and the Total Commander remote access tool abuse. Operation 112 Title: Operation Thamar Reservoir APT Group: APT35 (Charming Kitten) Description: Investigate the targeted campaign against Israeli academics and defense officials. Analyze the fake conference invitation lures and the credential harvesting infrastructure. Operation 113 Title: Operation Spy Banker APT Group: RTM Group Description: Investigate the banking trojan targeting Russian financial institutions. Analyze the legitimate software abuse and the real-time monitoring of infected accountant workstations. Operation 114 Title: Operation TA505 APT Group: TA505 Description: Investigate one of the most prolific financially-motivated threat actors. Analyze the Dridex distribution, the evolution to Locky ransomware, and the later deployment of Clop ransomware. Operation 115 Title: Operation Winnti Evolution APT Group: Winnti Group Description: Investigate the gaming industry-focused espionage group. Analyze the code-signing certificate theft, the supply chain attacks on game distributors, and the pivot to broader targets. Operation 116 Title: Operation Tick APT Group: Tick (Bronze Butler) Description: Investigate the Japanese-targeting espionage group. Analyze the "Daserf" backdoor and the persistent focusing on defense, aerospace, and satellite technology sectors. Operation 117 Title: Operation Blackgear APT Group: Blackgear (Topgear) Description: Investigate the Taiwan-focused espionage campaign. Analyze the blog-based C2 infrastructure and the Protux backdoor targeting government and telecommunications. Operation 118 Title: Operation Patchwork APT Group: Patchwork (Dropping Elephant) Description: Investigate the South Asian espionage group known for code recycling. Analyze the "borrowed" code from various malware families and the targeting of Pakistani military and diplomatic entities. ******************** Operation 119 Title: Operation Sidewinder APT Group: Sidewinder (Rattlesnake) Description: Investigate the prolific South Asian threat actor. Analyze the military and government targeting in Pakistan and China, and the rapid exploitation of newly disclosed vulnerabilities. Operation 120 Title: Operation Transparent Tribe APT Group: APT36 (Transparent Tribe) Description: Investigate the Pakistani threat actor targeting Indian military and government. Analyze the "Crimson RAT" malware and the honeytrap social engineering using fake personas. Operation 121 Title: Operation Donot Team APT Group: Donot Team (APT-C-35) Description: Investigate the South Asian espionage campaigns targeting government and military entities. Analyze the Android malware variants and the multi-platform attack capabilities. Operation 122 Title: Operation Bitter APT Group: Bitter (T-APT-17) Description: Investigate the threat actor targeting South Asian governments. Analyze the exploitation of InPage vulnerabilities targeting Urdu-language users and the ArtraDownloader malware. Operation 123 Title: Operation Spring Dragon APT Group: Lotus Blossom (Spring Dragon) Description: Investigate the Asian espionage campaign targeting government and military organizations. Analyze the "Elise" backdoor and the decade-long operation against ASEAN countries. Operation 124 Title: Operation Keyboy APT Group: KeyBoy (APT23) Description: Investigate the Vietnam-focused espionage campaign. Analyze the exploitation of Microsoft Office vulnerabilities and the targeting of media organizations and NGOs. Operation 125 Title: Operation Mustang Panda APT Group: Mustang Panda (TA416) Description: Investigate the Chinese espionage group targeting Mongolian and Southeast Asian entities. Analyze the "PlugX" malware deployments and the COVID-19 themed lures. Operation 126 Title: Operation LuckyMouse APT Group: LuckyMouse (APT27) Description: Investigate the Chinese espionage group targeting government and telecommunications. Analyze the watering hole attacks and the HyperBro malware family. Operation 127 Title: Operation BlackTech APT Group: BlackTech (Palmerworm) Description: Investigate the East Asian espionage campaign targeting Japan and Taiwan. Analyze the router firmware tampering and the TSCookie malware family. Operation 128 Title: Operation Calypso APT Group: Calypso APT Description: Investigate the espionage campaign targeting government institutions in Central Asia. Analyze the PlugX variants and the exploitation of ProxyLogon vulnerabilities for initial access. Operation 129 Title: Operation Emissary Panda APT Group: APT27 (Emissary Panda) Description: Investigate the Chinese threat actor targeting aerospace, defense, and government. Analyze the HyperBro backdoor and the systematic theft of military technology. Operation 130 Title: Operation Axiom APT Group: Axiom (Group 72) Description: Investigate the Chinese cyber-espionage group targeting NGOs, dissidents, and pro-democracy organizations. Analyze the Hikit rootkit and the focus on human rights activists. Operation 131 Title: Operation Aurora 2.0 APT Group: APT17 (Aurora Panda) Description: Investigate the follow-on operations from the original Aurora campaign. Analyze the evolution of tactics and the continued targeting of technology and defense sectors. Operation 132 Title: Operation Deputy Dog APT Group: APT17 (Deputy Dog) Description: Investigate the Internet Explorer zero-day campaign targeting Japanese organizations. Analyze the CVE-2013-3893 exploitation and the watering hole attack delivery. Operation 133 Title: Operation Ephemeral Hydra APT Group: APT17 Description: Investigate the strategic web compromise targeting policy think tanks. Analyze the multi-staged JavaScript injection and the selective targeting of visitors. ************* Operation 134 Title: Operation Clandestine Fox APT Group: APT3 (UPS) Description: Investigate the Internet Explorer zero-day campaign targeting defense contractors. Analyze the CVE-2014-1776 exploitation and the Pirpi backdoor deployment. Operation 135 Title: Operation Clandestine Wolf APT Group: APT3 Description: Investigate the Adobe Flash zero-day campaign. Analyze the CVE-2015-3113 exploitation and the evolution to newer exploitation techniques. Operation 136 Title: Operation Double Tap APT Group: APT3 Description: Investigate the dual zero-day campaign exploiting both Flash and Windows. Analyze the coordinated vulnerability chaining and the Pirpi malware deployments. *-******* Operation 137 Title: Operation Lotus Blossom APT Group: Lotus Blossom (Elise) Description: Investigate the Southeast Asian espionage campaign targeting military and government. Analyze the custom Elise backdoor and the Philippine military targeting. Operation 138 Title: Operation Hellsing APT Group: Hellsing Description: Investigate the APT-on-APT attack where one espionage group targeted another. Analyze the Naikon group targeting and the unusual threat actor conflict. Operation 139 Title: Operation Tropic Trooper APT Group: Tropic Trooper (KeyBoy) Description: Investigate the Taiwan and Philippines-focused espionage campaign. Analyze the military and government targeting and the Yahoyah malware family. Operation 140 Title: Operation Earth Lusca APT Group: Earth Lusca Description: Investigate the Chinese threat actor targeting government and intergovernmental organizations. Analyze the ShadowPad deployments and the Cobalt Strike infrastructure. ************** Operation 141 Title: Operation Sharp Panda APT Group: Sharp Panda Description: Investigate the espionage campaign targeting Southeast Asian government entities. Analyze the Soul framework and the RoyalRoad RTF weaponizer usage. Operation 142 Title: Operation Scarlet Mimic APT Group: Scarlet Mimic Description: Investigate the espionage campaign targeting minority rights activists. Analyze the FakeM malware and the unique targeting of Uyghur and Tibetan groups. Operation 143 Title: Operation Groundbait APT Group: Groundbait (Prikormka) Description: Investigate the Ukraine-focused espionage campaign predating the 2014 conflict. Analyze the targeted surveillance of anti-government activists and separatists. Operation 144 Title: Operation BugDrop APT Group: Unknown (Ukraine-focused) Description: Investigate the large-scale surveillance operation using PC microphones. Analyze the Dropbox-based exfiltration and the targeting of Ukrainian infrastructure organizations. Operation 145 Title: Operation Armageddon APT Group: Gamaredon Description: Investigate the high-volume Ukrainian targeting campaign. Analyze the template injection techniques and the relationship to Russian security services. *************** Operation 146 Title: Operation IndigoZebra APT Group: IndigoZebra Description: Investigate the Central Asian espionage campaign targeting government entities. Analyze the Dropbox API abuse and the xCaon malware family. Operation 147 Title: Operation Moses Staff APT Group: Moses Staff (Iranian) Description: Investigate the Iranian hacktivist/APT targeting Israeli organizations. Analyze the DCSrv wiper malware and the politically-motivated data leaks. Operation 148 Title: Operation Agrius APT Group: Agrius (Iranian) Description: Investigate the Iranian threat actor blending espionage with destructive attacks. Analyze the Apostle wiper masquerading as ransomware and Israeli targeting. Operation 149 Title: Operation MuddyC3 APT Group: MuddyWater Description: Investigate the evolution of MuddyWater's custom C2 framework. Analyze the PowerShell-based backdoors and the targeting of Middle Eastern telecommunications. Operation 150 Title: Operation Lyceum APT Group: Lyceum (Hexane) Description: Investigate the Iranian threat actor targeting oil, gas, and telecommunications in the Middle East. Analyze the DanBot malware and the account credential harvesting operations. ****************** Operation 151 Title: Operation Kimsuky Campaign APT Group: Kimsuky (Thallium) Description: Investigate the North Korean espionage targeting South Korean government and unification ministry. Analyze the AppleSeed backdoor and the credential phishing infrastructure. Operation 152 Title: Operation Andariel Heist APT Group: Andariel (Silent Chollima) Description: Investigate the North Korean subgroup targeting defense and financial sectors. Analyze the ATM targeting in South Korea and the defense contractor intellectual property theft. Operation 153 Title: Operation BlueNoroff APT Group: BlueNoroff (Lazarus Subgroup) Description: Investigate the cryptocurrency-focused North Korean operation. Analyze the SnatchCrypto campaign targeting cryptocurrency startups and the AppleJeus malware. Operation 154 Title: Operation TraderTraitor APT Group: Lazarus Group Description: Investigate the targeting of cryptocurrency traders and investors. Analyze the trojanized trading applications and the social engineering of blockchain developers. Operation 155 Title: Operation Dream Job APT Group: Lazarus Group Description: Investigate the long-running campaign using fake job offers as lures. Analyze the LinkedIn-based social engineering and the targeting of aerospace and defense engineers. ******************* Operation 156 Title: Operation In(ter)ception APT Group: Lazarus Group Description: Investigate the aerospace and military contractor targeting campaign. Analyze the custom Mac malware and the elaborate persona development for social engineering. Operation 157 Title: Operation AppleJeus APT Group: Lazarus Group Description: Investigate the trojanized cryptocurrency trading applications. Analyze the first known Lazarus macOS malware and the targeting of cryptocurrency exchanges. ************** ************** Operation 158 Title: Operation CryptoCore APT Group: CryptoCore (Lazarus-linked) Description: Investigate the theft of hundreds of millions from cryptocurrency exchanges. Analyze the password manager targeting and the sophisticated spear-phishing campaigns. Operation 159 Title: Operation FASTCash APT Group: APT38 (Lazarus) Description: Investigate the ATM cash-out scheme affecting banks in Africa and Asia. Analyze the manipulation of transaction switches and the coordinated mule networks. Operation 160 Title: Operation Blockbuster APT Group: Lazarus Group Description: Investigate the Sony Pictures attack attribution investigation. Analyze the code similarities, the infrastructure overlaps, and the North Korean attribution indicators. ******** ********* ********* Operation 161 Title: Operation Ghost Secret APT Group: Hidden Cobra (Lazarus) Description: Investigate the targeting of critical infrastructure and entertainment sectors. Analyze the Destover wiper variants and the reconnaissance of Turkish financial systems. Operation 162 Title: Operation Sharpshooter APT Group: Lazarus Group Description: Investigate the global targeting of defense, nuclear, and energy sectors. Analyze the Rising Sun implant and the use of job recruitment lures. Operation 163 Title: Operation GoldDragon APT Group: Kimsuky Description: Investigate the targeting of South Korean think tanks and North Korea watchers. Analyze the GoldDragon malware family and the Hangul Word Processor exploitation. Operation 164 Title: Operation Smoke Screen APT Group: Kimsuky Description: Investigate the journalist and academic targeting campaign. Analyze the fake interview requests and the Chrome extension-based email theft. Operation 165 Title: Operation Black Vine APT Group: APT41 (Black Vine) Description: Investigate the healthcare targeting campaign stealing patient data. Analyze the Mivast backdoor and the unique focus on health insurance information. Operation 166 Title: Operation ShadowHammer APT Group: APT41 (Barium) Description: Investigate the ASUS supply chain attack affecting millions. Analyze the surgical targeting of 600 specific MAC addresses hidden within mass distribution. Operation 167 Title: Operation NetTraveler APT Group: NetTraveler Description: Investigate the decade-long espionage campaign targeting government and diplomatic entities. Analyze the simple but effective RAT and the Tibetan activist targeting. Operation 168 Title: Operation IceFog APT Group: IceFog Description: Investigate the "hit and run" espionage campaign. Analyze the unique surgical strike approach and the targeting of defense supply chains in Japan and South Korea. Operation 169 Title: Operation Hacking Team APT Group: Unknown (Counter-Hack) Description: Investigate the breach of the Italian surveillance vendor Hacking Team. Analyze the exposed zero-days, the customer list revelation, and the impact on the surveillance industry. Operation 170 Title: Operation FinSpy APT Group: Commercial Spyware (Gamma Group) Description: Investigate the controversial surveillance software deployments. Analyze the infection vectors, the mobile device targeting, and the human rights implications. Operation 171 Title: Operation Predator APT Group: Cytrox (Commercial Spyware) Description: Investigate the Predator spyware deployments by authoritarian governments. Analyze the zero-click exploits and the targeting of opposition politicians. Operation 172 Title: Operation Candiru APT Group: Candiru (Commercial Spyware) Description: Investigate the Israeli spyware vendor's operations. Analyze the Windows browser exploits and the targeting of activists and journalists in multiple countries. Operation 173 Title: Operation Quadream APT Group: Quadream (Commercial Spyware) Description: Investigate the REIGN spyware targeting iOS devices. Analyze the zero-click iCloud calendar exploits and the sale to government clients. Operation 174 Title: Operation Black Basta APT Group: Black Basta Description: Investigate the ransomware group with suspected Conti heritage. Analyze the double extortion tactics, the QBot partnerships, and the rapid rise to prominence. Operation 175 Title: Operation Royal Ransomware APT Group: Royal Description: Investigate the former Conti member ransomware operation. Analyze the callback phishing tactics and the targeting of critical infrastructure. Operation 176 Title: Operation Play Ransomware APT Group: Play Description: Investigate the ransomware group targeting Latin American entities. Analyze the exploitation of Exchange vulnerabilities and the unique intermittent encryption. Operation 177 Title: Operation Vice Society APT Group: Vice Society Description: Investigate the education sector-targeting ransomware group. Analyze the school district attacks and the impact on student data privacy. Operation 178 Title: Operation Hive Takedown APT Group: Hive Ransomware Description: Investigate the FBI infiltration and takedown of the Hive ransomware infrastructure. Analyze the decryption key distribution and the $130 million in prevented ransoms. Operation 179 Title: Operation ALPHV/BlackCat APT Group: ALPHV (BlackCat) Description: Investigate the Rust-based ransomware operation. Analyze the highly customizable encryptor and the data leak site innovations. ************ ************ ************ Operation 180 Title: Operation LockBit Empire APT Group: LockBit Description: Investigate the most prolific ransomware operation. Analyze the affiliate program, the bug bounty for vulnerabilities, and the brazen public persona. Operation 181 Title: Operation Akira APT Group: Akira Description: Investigate the ransomware group with potential Conti links. Analyze the retro-styled leak site, the Cisco VPN targeting, and the VMware ESXi attacks. Operation 182 Title: Operation NoEscape APT Group: NoEscape (Avaddon reboot) Description: Investigate the ransomware-as-a-service operation. Analyze the evolution from previous ransomware families and the targeting of healthcare. Operation 183 Title: Operation Ragnar Locker APT Group: Ragnar Locker Description: Investigate the ransomware deployed inside virtual machines to evade detection. Analyze the unique VM-based evasion and the gaming industry targeting. Operation 184 Title: Operation Mount Locker APT Group: Mount Locker (AstroLocker) Description: Investigate the ransomware operation with corporate-style negotiations. Analyze the MountLocker Builder and the affiliate program operations. Operation 185 Title: Operation Maze Cartel APT Group: Maze Description: Investigate the ransomware group that pioneered double extortion. Analyze the data leak site innovation and the collaboration with other ransomware groups. Operation 186 Title: Operation Egregor APT Group: Egregor Description: Investigate the short-lived but impactful ransomware operation. Analyze the Maze heritage, the retail targeting, and the law enforcement takedown. Operation 187 Title: Operation NetWalker APT Group: NetWalker (Mailto) Description: Investigate the ransomware-as-a-service targeting healthcare and education. Analyze the PowerShell-based fileless execution and the affiliate model. Operation 188 Title: Operation DoppelPaymer APT Group: DoppelPaymer (Grief) Description: Investigate the ransomware targeting critical infrastructure and municipalities. Analyze the BitPaymer evolution and the NRA attack. Operation 189 Title: Operation RagnarLocker APT Group: Ragnar Locker Description: Investigate the ransomware attack on Capcom exposing unreleased game data. Analyze the 1TB data theft and the $11 million ransom demand. **************** **************** **************** Operation 190 Title: Operation Clop University APT Group: Cl0p Description: Investigate the mass targeting of universities via Accellion FTA. Analyze the zero-day exploitation and the extortion of academic institutions. Operation 191 Title: Operation Cuba Ransomware APT Group: Cuba Description: Investigate the ransomware targeting critical infrastructure in the Americas. Analyze the Hancitor malware distribution and the $60 million in ransoms. Operation 192 Title: Operation Zeppelin APT Group: Zeppelin (VegaLocker) Description: Investigate the targeted ransomware attacks on healthcare and technology. Analyze the decryption key vulnerabilities discovered by researchers. Operation 193 Title: Operation Avos Locker APT Group: AvosLocker Description: Investigate the ransomware operation targeting VMware ESXi environments. Analyze the Linux variant and the affiliate recruitment on forums. Operation 194 Title: Operation Quantum Locker APT Group: Quantum Description: Investigate the record-breaking fast ransomware deployment. Analyze the 4-hour dwell time from phishing to domain-wide encryption. Operation 195 Title: Operation BianLian APT Group: BianLian Description: Investigate the ransomware group that shifted to pure extortion. Analyze the pivot from encryption to data theft only and the healthcare targeting. Operation 196 Title: Operation Rhysida APT Group: Rhysida Description: Investigate the ransomware targeting healthcare and government. Analyze the British Library attack and the auction-based data sales. Operation 197 Title: Operation Medusa APT Group: Medusa Description: Investigate the ransomware operation with a video-based leak strategy. Analyze the school district targeting and the multimedia extortion tactics. Operation 198 Title: Operation Trigona APT Group: Trigona Description: Investigate the ransomware group exploiting Microsoft SQL servers. Analyze the ColdFusion vulnerability exploitation and the cryptocurrency-only ransom demands. Operation 199 Title: Operation Cactus APT Group: Cactus Description: Investigate the ransomware group exploiting VPN vulnerabilities. Analyze the self-encryption technique to evade detection and the Fortinet targeting. Operation 200 Title: Operation INC Ransom APT Group: INC Ransom Description: Investigate the emerging ransomware threat targeting corporations. Analyze the spear-phishing campaigns and the corporate data monetization strategies. ****************** Operation 201 Title: Operation Scattered Spider APT Group: Scattered Spider (UNC3944 / Star Fraud) Description: Investigate the devastating ransomware attacks on Las Vegas casino giants (MGM Resorts, Caesars Entertainment). Analyze the highly effective vishing (voice phishing) targeting IT Help Desks to bypass MFA and the brazen deployment of ALPHV/BlackCat ransomware. Operation 202 Title: Operation Midnight Blizzard APT Group: APT29 (Midnight Blizzard / Cozy Bear) Description: Investigate the Russian state-sponsored compromise of Microsoft's corporate email systems. Analyze the initial access via a legacy non-production test tenant lacking MFA, and the lateral movement to access emails of senior leadership and cybersecurity teams. Operation 203 Title: Operation Snowflake Avalanche APT Group: ShinyHunters (UNC5537) Description: Investigate the massive series of data breaches affecting hundreds of Snowflake cloud database customers (including Ticketmaster, AT&T, and Santander). Analyze the exploitation of accounts lacking MFA via infostealer malware credentials and the massive data extortion campaign. Operation 204 Title: Operation Change Healthcare APT Group: ALPHV (BlackCat) Description: Investigate the catastrophic ransomware attack disrupting the U.S. healthcare billing system. Analyze the initial access through Citrix remote access portals lacking MFA, the $22 million ransom payment, and the subsequent "exit scam" by the ransomware operators. Operation 205 Title: Operation Polyfill Supply Chain APT Group: Unknown (Code Hijacking) Description: Investigate the massive supply chain attack affecting over 100,000 websites. Analyze the acquisition of the popular polyfill.io domain by a Chinese entity and the subsequent injection of malicious JavaScript to redirect mobile users to sports betting and scam sites. Operation 206 Title: Operation AcidRain APT Group: Sandworm (Voodoo Bear) Description: Investigate the cyberattack on the Viasat KA-SAT satellite network at the onset of the 2022 Russian invasion of Ukraine. Analyze the deployment of the AcidRain wiper malware targeting satellite modems, which caused widespread communications outages across Europe. Operation 207 Title: Operation Volt Typhoon APT Group: Volt Typhoon (Vanguard Panda) Description: Investigate the stealthy Chinese state-sponsored campaign targeting U.S. critical infrastructure. Analyze the exclusive use of "Living off the Land" (LotL) techniques to evade detection and the focus on pre-positioning for future disruptive attacks rather than immediate espionage. Operation 208 Title: Operation 3CX Supply Chain APT Group: Labyrinth Chollima (Lazarus Subgroup) Description: Investigate the first known "cascading" supply chain attack. Analyze how North Korean hackers used a previously compromised software (Trading Technologies) to compromise the 3CX desktop app build environment, ultimately pushing malware to 600,000+ companies. Operation 209 Title: Operation AnyDesk Compromise APT Group: Unknown Description: Investigate the breach of the remote desktop software giant AnyDesk. Analyze the theft of source code, code-signing certificates, and internal systems access, leading to mass password resets and widespread concern over supply chain trust. Operation 210 Title: Operation XZ Utils Backdoor APT Group: "Jia Tan" (Suspected State-Sponsored Persona) Description: Investigate the incredibly sophisticated, multi-year social engineering campaign to embed a backdoor into the widely used Linux XZ Utils compression tool. Analyze the complex build-process manipulation targeting OpenSSH authentications and how it was narrowly discovered by a developer noticing a 500ms CPU delay.