Operation Texonto is a disinformation/psychological operations (PSYOP) campaign identified by ESET Research, primarily targeting Ukrainian speakers through spam emails. The operation, detected in two waves in late 2023, spread messages about heating interruptions, drug and food shortages, which are typical themes of Russian propaganda. In addition to disinformation, ESET uncovered a spearphishing campaign against a Ukrainian defense company and an EU agency, aiming to steal credentials for Microsoft Office 365 accounts. This activity showcases an intersection of espionage, information operations, and fake pharmaceutical promotions, reminiscent of tactics used by the Russia-aligned group Callisto. Despite the lack of direct technical overlap, ESET attributes Operation Texonto with high confidence to a Russian-aligned group, given the tactics, techniques, and procedures (TTPs), targeting, and message dissemination strategy observed. Moreover, the campaign's infrastructure was notably repurposed for sending Canadian pharmacy spam, suggesting either an intent to monetize the infrastructure or to fund future operations. This multifaceted operation highlights the complex landscape of contemporary cyber threats and information warfare tactics employed amidst the ongoing conflict involving Ukraine.


ThreatSTOP has been proactive in addressing threats, effectively blocking communication with suspicious domains and IPs since their initial registration in October 2023. Those subscribed to our premium feeds have been automatically shielded from these threats.

Our products, DNS Defense Cloud, DNS Defense, and IP Defense, have been designed to provide comprehensive protection against these threats.

  • DNS Defense Cloud: By using our DNS servers in the cloud, we provide robust DNS protection that shields your network from harmful domains.

  • DNS Defense: For those who prefer to use their DNS servers, we offer ThreatSTOP intelligence on your device. This solution provides the same high level of DNS protection, ensuring your network remains secure and free from harmful content.

  • IP Defense: This product allows you to manage a block list on any IP-based system, such as a router, firewall, IPS, AWS WAF, and more. It ensures that your network is guarded against attacks from identified malicious IPs.

Our system automatically updates to include these enhancements. This means you're always protected with the most current and comprehensive security measures without any additional effort on your part. 

At ThreatSTOP, we're not just about providing top-notch protection; we're also about making cyber security as seamless and straightforward as possible. Enjoy peace of mind knowing that your network is continually defended against the latest threats with ThreatSTOP.

Becoming a Part of the ThreatSTOP Community, or upgrading to our Premium Feeds

For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our product page. Discover how our solutions can make a significant difference in your digital security landscape.  We have pricing for all sizes of customers! Get started with a Demo today!