TGR-STA-1030/UNC6619 Shadow Campaigns espionage operation
Campaign
Summary
Hide ▲
Show ▼
The TGR-STA-1030/UNC6619 operation Shadow Campaigns expanded a state-sponsored espionage effort that compromised at least 70 organizations across 37 countries, increasing risk to government and critical infrastructure networks. The activity also reached government entities connected to 155 countries through broader reconnaissance. Initial access relied on phishing, malicious archives, and exploitation of at least 15 known vulnerabilities.
Related Happenings
First VPN had assets seized in First VPN takedown
Law Enforcement
First: 21.05.2026 18:30
Last: 21.05.2026 18:30
Sources 1
About this happening:
Authorities **took down First VPN**, a **ransomware**-linked service used to hide cybercrime activity, in a coordinated action led by **France and the Netherlands**. The operation...
First VPN had assets seized in First VPN takedown
Law EnforcementAbout this happening: Authorities **took down First VPN**, a **ransomware**-linked service used to hide cybercrime activity, in a coordinated action led by **France and the Netherlands**. The operation...
Interpol Operation Ramz cybercrime crackdown in MENA
Law Enforcement
First: 18.05.2026 17:00
Last: 18.05.2026 17:00
Sources 1
About this happening:
**INTERPOL**'s **Operation Ramz** led to **more than 200 arrests** across the **Middle East and North Africa**, with law enforcement also identifying **382 additional suspects** i...
Interpol Operation Ramz cybercrime crackdown in MENA
Law EnforcementAbout this happening: **INTERPOL**'s **Operation Ramz** led to **more than 200 arrests** across the **Middle East and North Africa**, with law enforcement also identifying **382 additional suspects** i...
FamousSparrow Azerbaijanian oil-and-gas targeting campaign
Campaign
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **China-linked FamousSparrow group** ran a **targeted cyberespionage campaign** against an **Azerbaijanian oil-and-gas company** in the **South Caucasus**, highlighting a new...
FamousSparrow Azerbaijanian oil-and-gas targeting campaign
CampaignAbout this happening: The **China-linked FamousSparrow group** ran a **targeted cyberespionage campaign** against an **Azerbaijanian oil-and-gas company** in the **South Caucasus**, highlighting a new...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
Campaign
First: 01.05.2026 17:02
Last: 01.05.2026 17:02
Sources 1
About this happening:
**SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
CampaignAbout this happening: **SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
Silk Typhoon / Hafnium coordinated intelligence-gathering campaign
Campaign
First: 27.04.2026 22:56
Last: 27.04.2026 22:56
Sources 1
About this happening:
The **Silk Typhoon / Hafnium** operation is tied to a **coordinated intelligence-gathering campaign** spanning **February 2020 to June 2021**, underscoring a sustained espionage e...
Silk Typhoon / Hafnium coordinated intelligence-gathering campaign
CampaignAbout this happening: The **Silk Typhoon / Hafnium** operation is tied to a **coordinated intelligence-gathering campaign** spanning **February 2020 to June 2021**, underscoring a sustained espionage e...
Latest development: 28.04.2026 15:30
US officials described Silk Typhoon/Hafnium activity from February 2020 to June 2021 as a coordinated intelligence-gathering campaign that targeted US universities and COVID-19 researchers, including a Texas university network, and later expanded into Microsoft Exchange Server vulnerability exploitation. The operation reportedly used stolen mailbox access to search for vaccines, treatments, and testing research, and the FBI said the campaign affected more than 12,700 US organizations.
Timeline
-
07.02.2026 17:09 1 articles · 3mo ago
Shadow Campaigns espionage overview
Initial DisclosurePalo Alto Networks Unit 42 describes a state-sponsored espionage campaign tracked as TGR-STA-1030/UNC6619 and dubbed Shadow Campaigns that has been active since at least January 2024, compromised at least 70 government and critical infrastructure organizations across 37 countries, and involved reconnaissance against government entities connected to 155 countries. The operation targeted ministries, law enforcement, border control, finance, trade, energy, mining, immigration, diplomatic agencies, and other government and critical infrastructure organizations, using tailored phishing emails with Mega.nz-hosted malicious archives containing Diaoyu, which could fetch Cobalt Strike and VShell after analysis-evasion checks, while also leveraging at least 15 known vulnerabilities and a custom Linux eBPF rootkit called ShadowGuard.
Show sources
- State actor targets 155 countries in 'Shadow Campaigns' espionage op — www.bleepingcomputer.com — 07.02.2026 17:09