SOCRadar Threat Research Team has released a new report on Operation HookedWing, a persistent 4-year phishing campaign that has not been publicly documented until now.
The campaign has been compromising organizations across multiple sectors and countries. The SOCRadar Threat Research team has identified that the campaign operates a custom phishing kit which, at the time of publication, has not been attributed to any known threat actor.
Key Findings:
- First public documentation of this kit and campaign dates back to 2022, with no prior references found in any consulted open sources.
- More than 4 years of continuous activity, with active infrastructure documented up to the time of publication.
- Over 2,000 victims and more than 500 organizations were identified through analysis of recovered logs.
- Multi-infrastructure and multi-vector approach involving abuse of legitimate hosting platforms, combined with the compromise of real corporate servers.
- Use of github.io along with other platforms for landing pages, combined with dynamically injected PHP to load the form.
- Deliberate targeting of key sectors such as Aviation, Government, Energy, and Critical Infrastructure
More info here: Operation HookedWing: 4-Year Multi-Sector Attack Analysis
Related
This entry was posted on May 7, 2026 at 8:00 am and is filed under Commentary with tags SOC Radar. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
SOCRadar Uncovers Operation HookedWing Phishing Campaign
SOCRadar Threat Research Team has released a new report on Operation HookedWing, a persistent 4-year phishing campaign that has not been publicly documented until now.
The campaign has been compromising organizations across multiple sectors and countries. The SOCRadar Threat Research team has identified that the campaign operates a custom phishing kit which, at the time of publication, has not been attributed to any known threat actor.
Key Findings:
More info here: Operation HookedWing: 4-Year Multi-Sector Attack Analysis
Share this:
Like this:
Related
This entry was posted on May 7, 2026 at 8:00 am and is filed under Commentary with tags SOC Radar. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.