Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Y2K Operators Millenium RAT social-engineering distribution campaign

Campaign
First reported
Last updated
Happening score
H score 73
1 unique sources, 1 articles

Summary

Hide ▲

The Y2K Operators are running a social-engineering distribution campaign that spreads Millenium RAT through booby-trapped downloads, exposing users to remote compromise and data theft. The operation has already reached over 60,000 Windows devices in more than 160 countries, with most infections concentrated in the first three months of 2026. Its lure set of game cheats, cracked software, and hacking tools gives the campaign broad reach across user communities. The low-cost malware-as-a-service model makes the operation accessible to less-skilled attackers and increases downstream abuse risk.

Related Happenings

Millenium RAT Windows malware activity and native C++ rewrite

Malware Activity
H score62 First: 29.06.2026 17:30 Last: 29.06.2026 17:30 Sources 1

How related: A cheap, Telegram-controlled remote access trojan (RAT) dubbed Millenium RAT has infected over 60,000 Windows devices across more than 160 countries, most of them in the first three months of 2026.

About this happening: The **Millenium RAT** malware activity is spreading across **Windows** systems, with **60,000+ infections** in **160+ countries** and a newer **native C++** build that helps it ev...

Open Happening

WeedHack YouTube and SEO poisoning campaign targeting Minecraft players

Campaign
H score73 First: 03.06.2026 00:54 Last: 03.06.2026 00:54 Sources 1

About this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service (MaaS)** campaign that uses **YouTube** and **SEO poisoning** to push malicious **mods, clients, cheats, and utilities**...

Open Happening

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
H score41 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...

Open Happening

JINX-0164 cryptocurrency recruitment-lure campaign

Campaign
H score39 First: 28.05.2026 10:54 Last: 28.05.2026 10:54 Sources 1

About this happening: A **JINX-0164** campaign is targeting **cryptocurrency firms** and developers with **LinkedIn recruiter lures**, a fake meeting-and-fix workflow, and **macOS malware** to steal cr...

Open Happening

Calypso telecommunications espionage campaign using Showboat and JFMBackdoor

Campaign
H score36 First: 21.05.2026 17:00 Last: 21.05.2026 17:00 Sources 1

About this happening: A **Calypso / Red Lamassu** espionage campaign is targeting **telecommunications providers** with new **Showboat** and **JFMBackdoor** malware, increasing the risk of long-term co...

Open Happening

Timeline

  1. 29.06.2026 17:30 2 articles · 1h ago

    Group-IB reports Millenium RAT infections across more than 160 countries

    Initial Disclosure

    Group-IB says Y2K Operators are distributing Millenium RAT through booby-trapped downloads disguised as game cheats, cracked software and hacking tools, and telemetry counted 62,289 infections across more than 160 countries, including 39,730 in the first quarter of 2026. The campaign targets Windows devices; Millenium RAT uses the Telegram Bot API for command delivery, and version four was rewritten from .NET to native C++ with libcurl to help evade weaker detection tools.

    Show sources
    Open in new tab