2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 51–100 of 204 in CN · page 2 of 5
| ID | Title | Summary |
|---|---|---|
| CL-STA-0048 | CL-STA-0048 CN | CL-STA-0048 is a Chinese state-backed APT that targets strategic sectors in South Asia, particularly government and telecommunications entities, with a focus o… |
| CL-STA-1087 | CL-STA-1087 CN | CL-STA-1087 is a suspected state-sponsored espionage campaign operating out of China, targeting military organizations in Southeast Asia. The actor has demonst… |
| Curious Gorge | Curious Gorge CN | Curious Gorge, a group TAG attributes to China's PLA SSF, has conducted campaigns against government and military organizations in Ukraine, Russia, Kazakhstan,… |
| DAGGER PANDA | DAGGER PANDA CN | Operate since at least 2011, from several locations in China, with members in Korea and Japan as well. Possibly linked to Onion Dog. This threat actor targets… |
| Dalbit | Dalbit CN | The group usually targets vulnerable servers to breach information including internal data from companies or encrypts files and demands money. Their targets of… |
| DEV-0147 | DEV-0147 CN | DEV-0147 is a China-based cyber espionage actor was observed compromising diplomatic targets in South America, a notable expansion of the group's data exfiltra… |
| DiceyF | DiceyF CN | DiceyF is an advanced persistent threat group that has been targeting online casinos and other victims in Southeast Asia for an extended period. They have exhi… |
| Dragonbridge | Dragonbridge CN | DRAGONBRIDGE is a Chinese state-sponsored threat actor known for engaging in information operations to promote the political interests of the People's Republic… |
| DragonOK | DragonOK CN | Threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to hav… |
| DragonSpark | DragonSpark CN | DragonSpark is a threat actor that has been conducting attacks primarily targeting organizations in East Asia. They utilize the open-source tool SparkRAT, whic… |
| DriftingCloud | DriftingCloud CN | DriftingCloud is a persistent threat actor known for targeting various industries and locations. They are skilled at developing or acquiring zero-day exploits … |
| Earth Alux | Earth Alux CN | Earth Alux is a China-linked APT group known for conducting cyberespionage attacks across various sectors, including government, technology, and telecommunicat… |
| Earth Baxia | Earth Baxia CN | Earth Baxia is a threat actor opearting out of China, targeting government organizations in Taiwan and potentially across the APAC region, using spear-phishing… |
| Earth Berberoka | Earth Berberoka CN | According to TrendMicro, Earth Berberoka is a threat group originating from China that mainly focuses on targeting gambling websites. This group's campaign use… |
| Earth Freybug | Earth Freybug CN | Earth Freybug, identified as a subset of APT41, is a cyberthreat group active since at least 2012, engaging in espionage and financially motivated activities a… |
| Earth Krahang | Earth Krahang CN | Earth Krahang is an APT group targeting government organizations worldwide. They use spear-phishing emails, weak internet-facing servers, and custom backdoors … |
| Earth Lamia | Earth Lamia CN | Earth Lamia is a China-nexus APT that targets organizations across multiple sectors, including finance, logistics, and government, primarily in Latin America, … |
| Earth Lusca | Earth Lusca CN | Earth Lusca is a threat actor from China that targets organizations of interest to the Chinese government, including academic institutions, telecommunication c… |
| Earth Naga | Earth Naga CN | Earth Naga is an APT group that has persistently targeted high-value organizations, including government agencies, telecommunications, and military-related man… |
| Earth Wendigo | Earth Wendigo CN | Earth Wendigo is a threat actor from China that has been targeting several organizations — including government organizations, research institutions, and unive… |
| ELECTRIC PANDA | ELECTRIC PANDA CN | ELECTRIC PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: ELECTRIC PANDA is a Chinese-attributed threa… |
| ELOQUENT PANDA | ELOQUENT PANDA CN | ELOQUENT PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: ELOQUENT PANDA is a Chinese-attributed threa… |
| Evasive Panda | Evasive Panda CN | Evasive Panda is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as BRONZE HIGHLAND. Operational targ… |
| Flax Typhoon | Flax Typhoon CN | Flax Typhoon is a Chinese state-sponsored threat actor that primarily targets organizations in Taiwan. They conduct espionage campaigns and focus on gaining an… |
| FOXY PANDA | FOXY PANDA CN | FOXY PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: FOXY PANDA is a Chinese-attributed threat actor … |
| GALLIUM | GALLIUM CN | GALLIUM, is a threat actor believed to be targeting telecommunication providers over the world, mostly South-East Asia, Europe and Africa. To compromise target… |
| GhostEmperor | GhostEmperor CN | GhostEmperor is a Chinese-speaking threat actor that targets government entities and telecom companies in Southeast Asia. They employ a Windows kernel-mode roo… |
| GhostRedirector | GhostRedirector CN | GhostRedirector is a China-aligned threat actor that has compromised at least 65 Windows servers across various sectors, primarily in Brazil, Thailand, and Vie… |
| GIBBERISH PANDA | GIBBERISH PANDA CN | GIBBERISH PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: GIBBERISH PANDA is a Chinese-attributed thr… |
| GOBLIN PANDA | GOBLIN PANDA CN | GOBLIN PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Conimes, Cycldek. Operational targ… |
| GoldFactory | GoldFactory CN | GoldFactory is a threat actor group attributed to developing sophisticated mobile banking malware targeting victims primarily in the Asia-Pacific region, speci… |
| GopherWhisper | GopherWhisper CN | GopherWhisper is a China-aligned APT that routes C2 traffic through legitimate enterprise platforms like Slack, Discord, and Microsoft 365 Outlook to evade det… |
| Grayling | Grayling CN | Grayling activity was first observed in early 2023, when a number of victims were identified with distinctive malicious DLL side-loading activity. Grayling app… |
| GREF | GREF CN | GREF is a China-aligned APT group that has been active since at least March 2017. They are known for using custom backdoors, loaders, and ancillary tools in th… |
| GTG-1002 | GTG-1002 CN | GTG-1002 is a Chinese state-sponsored APT that conducted a large-scale autonomous cyber espionage campaign targeting approximately 30 global organizations acro… |
| HAFNIUM | HAFNIUM CN | HAFNIUM primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher educat… |
| Hellsing | Hellsing CN | This threat actor uses spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the United States. It also seems to have target… |
| HenBox | HenBox CN | HenBox is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Civil society sector. Documented… |
| Houken | Houken CN | Houken is a Chinese state-sponsored threat actor that exploits zero-day vulnerabilities in Ivanti Cloud Services Appliance devices to gain initial access to cr… |
| HummingBad | HummingBad CN | This group created a malware that takes over Android devices and generates $300,000 per month in fraudulent ad revenue. The group effectively controls an arse… |
| HURRICANE PANDA | HURRICANE PANDA CN | We have investigated their intrusions since 2013 and have been battling them nonstop over the last year at several large telecommunications and technology comp… |
| IcePeony | IcePeony CN | IcePeony is a China-nexus APT group that has been active since at least 2023, targeting government agencies, academic institutions, and political organizations… |
| IMPERSONATING PANDA | IMPERSONATING PANDA CN | IMPERSONATING PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: IMPERSONATING PANDA is a Chinese-attrib… |
| IndigoZebra | IndigoZebra CN | IndigoZebra is a Chinese state-sponsored actor mentioned for the first time by Kaspersky in its APT Trends report Q2 2017, targeting, at the time of its discov… |
| IronHusky | IronHusky CN | IronHusky is a Chinese-based threat actor first attributed in July 2017 targeting Russian and Mongolian governments, as well as aviation companies and research… |
| Lilac Typhoon | Lilac Typhoon CN | Lilac Typhoon is a threat actor attributed to China. They have been identified as exploiting the Atlassian Confluence RCE vulnerability CVE-2022-26134, which a… |
| LIMINAL PANDA | LIMINAL PANDA CN | LIMINAL PANDA is a China-nexus APT that targets telecommunications entities, employing custom malware and publicly available tools for covert access, C2, and d… |
| LongNosedGoblin | LongNosedGoblin CN | LongNosedGoblin is a China-aligned APT group targeting governmental entities in Southeast Asia and Japan for cyberespionage. The group employs Group Policy for… |
| LOTUS PANDA | LOTUS PANDA CN | LOTUS PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Spring Dragon, ST Group, DRAGONFISH… |
| Mana Team | Mana Team CN | Mana Team is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Mana Team is a Chinese-attributed threat actor ca… |