Find notable cyber news and cases, enriched with sources, timelines, and signals.

SloppyLemming spear-phishing campaign targeting Pakistan and Bangladesh

Campaign
First reported
Last updated
Happening score
H score 37
2 unique sources, 2 articles

Summary

Hide ▲

The SloppyLemming campaign is using spear-phishing, PDF lures, and macro-enabled Excel documents to target government entities and critical infrastructure operators in Pakistan and Bangladesh, raising the risk of espionage and credential theft. The operation ran from January 2025 to January 2026 and split into two infection chains that delivered BurrowShell and a Rust-based keylogger. Its infrastructure and tooling show continued evolution, including DLL side-loading, ClickOnce staging, and 112 Cloudflare Workers domains tied to the operation.

Related Happenings

KongTuke ClickFix and Teams access-seeking campaign

Campaign
H score33 First: 25.06.2026 11:54 Last: 25.06.2026 11:54 Sources 1

About this happening: The **KongTuke** operation is using **ClickFix** lures and **Microsoft Teams** messages to widen access-seeking attacks against **multiple organizations**, increasing the risk of...

Operation Dragon Weave cyber-espionage campaign

Campaign
H score37 First: 01.06.2026 14:54 Last: 01.06.2026 14:54 Sources 1

About this happening: The **Operation Dragon Weave** campaign is actively targeting **officials and citizens in the Czech Republic and Taiwan** with **spear-phishing ZIP attachments**. The infection ch...

Webworm EchoCreep and GraphWorm backdoor expansion

Malware Activity
H score28 First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** expanded its malware arsenal in **2025** with the custom backdoors **EchoCreep** and **GraphWorm**, increasing its ability to run stealthy **command-and-control** oper...

FamousSparrow multi-wave intrusion campaign against Azerbaijani oil and gas company

Campaign
H score39 First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: A **China-affiliated** actor tracked as **FamousSparrow (UAT-9244)** ran a **multi-wave intrusion** against an **unnamed Azerbaijani oil and gas company** from **late December 202...

Beagle backdoor distributed via fake Claude site and DLL sideloading

Malware Activity
H score23 First: 07.05.2026 16:15 Last: 07.05.2026 16:15 Sources 1

About this happening: The **Beagle** backdoor is now being distributed through a **fake Claude website**, putting **Windows users** at risk of infection through a **DLL sideloading chain**. The lure de...

Timeline

  1. 03.03.2026 08:53 2 articles · 4mo ago

    SloppyLemming campaign disclosure

    Initial Disclosure

    Arctic Wolf attributed SloppyLemming to a one-year campaign against government entities and critical infrastructure operators in Pakistan and Bangladesh, describing spear-phishing emails that delivered PDF lures and macro-enabled Excel documents, ClickOnce staging that deployed NGenTask.exe and mscorsvc.dll, DLL side-loading of BurrowShell, a Rust-based keylogger, and 112 Cloudflare Workers domains tied to the infrastructure.

    Show sources