Shadow-Void-044 and Shadow-Earth-045 PeckBirdy cyber-espionage campaigns
Campaign
Summary
Hide ▲
Show ▼
Two China-aligned PeckBirdy espionage campaigns were identified, widening risk to Chinese gambling websites, Asian government entities, and a Philippine educational institution. The operations have used multiple attack vectors since 2023, with one track emerging in July 2024. They relied on malicious scripts, fake Chrome update pages, and modular backdoors to harvest credentials and maintain access. The shared tooling suggests a sustained operation even though attribution to specific groups remains cautious.
Related Happenings
Earth Lusca Operation FishMedley espionage campaign
Campaign
H score38
First: 16.06.2026 12:44
Last: 16.06.2026 12:44
Sources 1
About this happening:
A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...
Earth Lusca Operation FishMedley espionage campaign
CampaignAbout this happening: A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
Campaign
H score39
First: 29.05.2026 01:24
Last: 29.05.2026 01:24
Sources 1
About this happening:
**GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
CampaignAbout this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
Webworm multi-country targeting campaign against government and enterprise victims
Campaign
H score38
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm multi-country targeting campaign against government and enterprise victims
CampaignAbout this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm expanded European government and South Africa university espionage campaign
Campaign
H score24
First: 20.05.2026 14:30
Last: 20.05.2026 14:30
Sources 1
About this happening:
Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...
Webworm expanded European government and South Africa university espionage campaign
CampaignAbout this happening: Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
H score41
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
CampaignAbout this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Timeline
-
28.01.2026 18:19 2 articles · 5mo ago
Shadow-Void-044 and Shadow-Earth-045 PeckBirdy cyber-espionage campaigns
Initial DisclosureBeginning in **2023**, the **Shadow-Void-044** track used **PeckBirdy** against **Chinese gambling websites**, pushing malicious scripts and fake **Google Chrome** update pages to deliver backdoors.
Show sources
- China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks — www.darkreading.com — 28.01.2026 18:19
- China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks — www.darkreading.com — 28.01.2026 18:19