2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1–50 of 204 in CN · page 1 of 5
| ID | Title | Summary |
|---|---|---|
| 1937CN | 1937CN CN | 1937CN is a Chinese hacking group that has been active since at least 2013. The group is known for targeting Vietnamese organizations, including government age… |
| Amaranth-Dragon | Amaranth-Dragon CN | Amaranth-Dragon is a previously untracked threat actor assessed to be closely linked to the China-affiliated APT 41 ecosystem, exhibiting similar tooling and o… |
| Antlion | Antlion CN | Antlion is a Chinese state-backed advanced persistent threat (APT) group, who has been targeting financial institutions in Taiwan. This persistent campaign has… |
| Aoqin Dragon | Aoqin Dragon CN | SentinelLabs has uncovered a cluster of activity beginning at least as far back as 2013 and continuing to the present day, primarily targeting organizations in… |
| APT.3102 | APT.3102 CN | APT.3102 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: APT.3102 is a Chinese-attributed threat actor cata… |
| APT1 | APT1 CN | PLA Unit 61398 (Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat… |
| APT10 | APT10 CN | menuPass is a threat group that has been active since at least 2006. Individual members of menuPass are known to have acted in association with the Chinese Min… |
| APT12 | APT12 CN | APT12 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as NUMBERED PANDA, TG-2754, BeeBus (and 8 mo… |
| APT14 | APT14 CN | PLA Navy Anchor Panda is an adversary that CrowdStrike has tracked extensively over the last year targeting both civilian and military maritime operations in t… |
| APT15 | APT15 CN | APT15 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as VIXEN PANDA, Ke3Chang, Playful Dragon (an… |
| APT16 | APT16 CN | Between November 26, 2015, and December 1, 2015, known and suspected China-based APT groups launched several spear-phishing attacks targeting Japanese and Taiw… |
| APT17 | APT17 CN | FireEye described APT17 in a 2015 report as: 'APT17, also known as DeputyDog, is a China based threat group that FireEye Intelligence has observed conducting n… |
| APT18 | APT18 CN | Wekby was described by Palo Alto Networks in a 2015 report as: 'Wekby is a group that has been active for a number of years, targeting various industries such … |
| APT19 | APT19 CN | APT19 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as DEEP PANDA, Codoso, WebMasters (and 12 mo… |
| APT2 | APT2 CN | Putter Panda were the subject of an extensive report by CrowdStrike, which stated: 'The CrowdStrike Intelligence team has been tracking this particular unit si… |
| APT20 | APT20 CN | We’ve uncovered some new data and likely attribution regarding a series of APT watering hole attacks this past summer. Watering hole attacks are an increasingl… |
| APT21 | APT21 CN | APT21 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as HAMMER PANDA, TEMP.Zhenbao, NetTraveler. … |
| APT22 | APT22 CN | APT22 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0039, Suckfly, BRONZE OLIVE (and 1 more)… |
| APT23 | APT23 CN | TrendMicro described Tropic Trooper in a 2015 report as: 'Taiwan and the Philippines have become the targets of an ongoing campaign called Operation TropicTroo… |
| APT24 | APT24 CN | APT24 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as PITTY PANDA, G0011, Temp.Pittytiger. Orig… |
| APT26 | APT26 CN | APT26 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as JerseyMikes, TURBINE PANDA, BRONZE EXPRES… |
| APT27 | APT27 CN | APT27 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as GreedyTaotie, TG-3390, EMISSARY PANDA (an… |
| APT3 | APT3 CN | Symantec described UPS in 2016 report as: 'Buckeye (also known as APT3, Gothic Panda, UPS Team, and TG-0110) is a cyberespionage group that is believed to hav… |
| APT30 | APT30 CN | APT30 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0013. Operational targeting focuses on t… |
| APT31 | APT31 CN | FireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competeti… |
| APT4 | APT4 CN | APT4 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as PLA Navy, MAVERICK PANDA, BRONZE EDISON (a… |
| APT40 | APT40 CN | Leviathan is an espionage actor targeting organizations and high-value targets in defense and government. Active since at least 2014, this actor has long-stand… |
| APT41 | APT41 CN | APT41 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0096, TA415, Blackfly (and 17 more). Ope… |
| APT5 | APT5 CN | We have observed one APT group, which we call APT5, particularly focused on telecommunications and technology companies. More than half of the organizations we… |
| APT6 | APT6 CN | The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer systems as far back as 2011 … |
| APT9 | APT9 CN | APT9 engages in cyber operations where the goal is data theft, usually focusing on the data and projects that make a particular organization competitive within… |
| Avivore | Avivore CN | The group’s existence came to light during Context’s investigation of a number of attacks against multinational enterprises that compromise smaller engineering… |
| Beijing Group | Beijing Group CN | Beijing Group is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as SNEAKY PANDA, Elderwood, Elderwoo… |
| BIG PANDA | BIG PANDA CN | BIG PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: BIG PANDA is a Chinese-attributed threat actor ca… |
| Blackgear | Blackgear CN | BLACKGEAR is an espionage campaign which has targeted users in Taiwan for many years. Multiple papers and talks have been released covering this campaign, whic… |
| BlackTech | BlackTech CN | BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes a… |
| Blackwood | Blackwood CN | Blackwood is a China-aligned APT group that has been active since at least 2018. They primarily engage in cyberespionage operations targeting individuals and c… |
| Blue Termite | Blue Termite CN | Blue Termite is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Cloudy Omega, Emdivi. Operational … |
| BrazenBamboo | BrazenBamboo CN | BrazenBamboo is a Chinese state-affiliated threat actor known for developing the LIGHTSPY, DEEPDATA, and DEEPPOST malware families. Their infrastructure includ… |
| BRONZE EDGEWOOD | BRONZE EDGEWOOD CN | In early 2021 CTU researchers observed BRONZE EDGEWOOD exploiting the Microsoft Exchange Server of an organization in Southeast Asia. The threat group deployed… |
| BRONZE HIGHLAND | BRONZE HIGHLAND CN | BRONZE HIGHLAND has been observed using spearphishing as an initial infection vector to deploy the MgBot remote access trojan against targets in Hong Kong. Thi… |
| BRONZE SPIRAL | BRONZE SPIRAL CN | In December 2020, the IT management software provider SolarWinds announced that an unidentified threat actor had exploited a vulnerability in their Orion Platf… |
| BRONZE SPRING | BRONZE SPRING CN | BRONZE SPRING is a threat group that CTU researchers assess with high confidence operates on behalf of China in the theft of intellectual property from defense… |
| BRONZE STARLIGHT | BRONZE STARLIGHT CN | BRONZE STARLIGHT has been active since mid 2021 and targets organizations globally across a range of industry verticals. The group leverages HUI Loader to load… |
| BRONZE VAPOR | BRONZE VAPOR CN | BRONZE VAPOR is a targeted threat group assessed with moderate confidence to be of Chinese origin. Artefacts from tools associated with this group and open sou… |
| Budminer | Budminer CN | Based on the evidence we have presented Symantec attributed the activity involving theDripion malware to the Budminer advanced threat group. While we have not … |
| Camaro Dragon | Camaro Dragon CN | In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tool… |
| CardinalLizard | CardinalLizard CN | CardinalLizard, a cyber threat actor linked to China, has targeted entities in Asia since 2018. Their methods include spear-phishing, custom malware with anti-… |
| CeranaKeeper | CeranaKeeper CN | CeranaKeeper is a China-aligned APT that has been active since at least early 2022, primarily targeting governmental institutions in Asian countries. The group… |
| Chaya_004 | Chaya_004 CN | Chaya_004 is a Chinese threat actor identified through malicious infrastructure, including a network of servers hosting Supershell backdoors and various pen te… |