{ "id": "8ea87627-1a68-4fc9-a5a9-f3aa06ca4f3a", "created_at": "2026-04-06T00:16:20.965216Z", "updated_at": "2026-04-10T13:12:42.913448Z", "deleted_at": null, "sha1_hash": "6186efe440e14c7155795df1c75466dd6b714103", "title": "Operation BugDrop - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 46748, "plain_text": "Operation BugDrop - Threat Group Cards: A Threat Actor\nEncyclopedia\nArchived: 2026-04-05 17:50:22 UTC\nHome \u003e List all groups \u003e Operation BugDrop\n APT group: Operation BugDrop\nNames Operation BugDrop (CyberX)\nCountry Russia\nMotivation Information theft and espionage\nFirst seen 2016\nDescription\n(CyberX) CyberX has discovered a new, large-scale cyber-reconnaissance operation targeting\na broad range of targets in the Ukraine. Because it eavesdrops on sensitive conversations by\nremotely controlling PC microphones – in order to surreptitiously “bug” its targets – and uses\nDropbox to store exfiltrated data, CyberX has named it “Operation BugDrop.”\nCyberX has confirmed at least 70 victims successfully targeted by the operation in a range of\nsectors including critical infrastructure, media, and scientific research. The operation seeks to\ncapture a range of sensitive information from its targets including audio recordings of\nconversations, screen shots, documents and passwords. Unlike video recordings, which are\noften blocked by users simply placing tape over the camera lens, it is virtually impossible to\nblock your computer’s microphone without physically accessing and disabling the PC\nhardware.\nObserved\nSectors: Engineering, Oil and gas, Media, Research.\nCountries: Austria, Saudi Arabia, Russia, Ukraine.\nTools used Dropbox.\nInformation\nLast change to this card: 14 April 2020\nDownload this actor card in PDF or JSON format\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=8b35e530-5e59-422e-a002-dda41046f5aa\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=8b35e530-5e59-422e-a002-dda41046f5aa\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=8b35e530-5e59-422e-a002-dda41046f5aa\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/showcard.cgi?u=8b35e530-5e59-422e-a002-dda41046f5aa" ], "report_names": [ "showcard.cgi?u=8b35e530-5e59-422e-a002-dda41046f5aa" ], "threat_actors": [ { "id": "0be8b203-93b1-4d58-bcc1-1a33e15b06c0", "created_at": "2023-01-06T13:46:38.808048Z", "updated_at": "2026-04-10T02:00:03.108155Z", "deleted_at": null, "main_name": "Operation BugDrop", "aliases": [], "source_name": "MISPGALAXY:Operation BugDrop", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "59abc77c-5d6f-4042-b465-95d2f0857f57", "created_at": "2022-10-25T16:07:23.937297Z", "updated_at": "2026-04-10T02:00:04.795893Z", "deleted_at": null, "main_name": "Operation BugDrop", "aliases": [], "source_name": "ETDA:Operation BugDrop", "tools": [ "Dropbox" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434580, "ts_updated_at": 1775826762, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/6186efe440e14c7155795df1c75466dd6b714103.pdf", "text": "https://archive.orkl.eu/6186efe440e14c7155795df1c75466dd6b714103.txt", "img": "https://archive.orkl.eu/6186efe440e14c7155795df1c75466dd6b714103.jpg" } }