Find notable cyber news and cases, enriched with sources, timelines, and signals.

Dragon Breath Campaign Trio and Campaign Chorus brand-impersonation Gh0st RAT campaign

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

Dragon Breath's Campaign Trio and Campaign Chorus are using trojanized NSIS installers to deliver Gh0st RAT to Chinese-speaking users, widening the risk of remote compromise through trusted-brand lures. The operation spans over 2,000 domains and 40+ app lures, showing a broad and evolving delivery footprint. The newer wave adds intermediary redirection domains and public cloud buckets to fetch payload archives, increasing resilience and reach.

Related Happenings

Sniper Dz free PhaaS ecosystem rebranded to scale phishing operations

Threat Actor Meta
H score43 First: 12.06.2026 11:52 Last: 12.06.2026 11:52 Sources 1

About this happening: A long-running **Sniper Dz** ecosystem operated as a **free phishing-as-a-service (PhaaS)** platform that repeatedly rebranded, lowering the barrier for large-scale credential the...

Latest development: 15.06.2026 09:30

Fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations targeted users across the Middle East and North Africa with fake offers for free mobile internet packages, financial compensation, and government subsidy programs, then routed victims through Linkbio and Linktree decoy pages into Sniper Dz phishing and traffic monetization infrastructure that abuses browser notification permissions, back-button hijacking, tab-under redirections, premium SMS subscriptions, premium-rate calls, and investment scams.

Nimbus Manticore multi-wave aviation and software phishing and SEO poisoning campaign

Campaign
H score36 First: 26.05.2026 10:13 Last: 26.05.2026 10:13 Sources 1

About this happening: Nimbus Manticore's **February-April 2026** campaign widened into **multi-wave phishing and SEO poisoning**, increasing risk to organizations in the **U.S., Europe, and the Middle...

Versa Networks launches Secure Enterprise Browser to extend SASE policies into the browser workspace

Security Tool/Service
H score10 First: 22.05.2026 18:43 Last: 22.05.2026 18:43 Sources 1

About this happening: Versa Networks **released** a **Secure Enterprise Browser** that extends **SASE policies** directly into the **browser workspace**, giving the company a browser-level control poin...

Akamai acquires LayerX for secure enterprise browser expansion

Industry Action
H score13 First: 22.05.2026 18:43 Last: 22.05.2026 18:43 Sources 1

About this happening: Akamai Technologies agreed to acquire **LayerX** for **$205 million**, expanding its **secure enterprise browser** and **ZTNA** capabilities. The move gives Akamai a browser-layer...

EvilTokens PhaaS scales device code phishing for low-skilled cybercriminals

Threat Actor Meta
H score32 First: 04.04.2026 17:17 Last: 04.04.2026 17:17 Sources 1

About this happening: **EvilTokens** is turning **device code phishing** into a **phishing-as-a-service** market, expanding access for **low-skilled cybercriminals** and accelerating competition among...

Timeline

  1. 17.11.2025 13:20 2 articles · 7mo ago

    Dragon Breath Campaign Trio and Campaign Chorus brand-impersonation Gh0st RAT campaign

    Initial Disclosure

    **Campaign Trio** in **February-March 2025** used **i4tools, Youdao, and DeepSeek** impersonation across **2,000+ domains** to seed trojanized installers. That initial wave established the brand-lure model later expanded by **Campaign Chorus**.

    Show sources