2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 101–150 of 204 in CN · page 3 of 5
| ID | Title | Summary |
|---|---|---|
| MirrorFace | MirrorFace CN | MirrorFace is a Chinese-speaking advanced persistent threat group that has been targeting high-value organizations in Japan, including media, government, diplo… |
| Mofang | Mofang CN | Mofang is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Superman, BRONZE WALKER. Operational tar… |
| Moshen Dragon | Moshen Dragon CN | Moshen Dragon is a Chinese-aligned cyberespionage threat actor operating in Central Asia. They have been observed deploying multiple malware triads and utilizi… |
| MUSTANG PANDA | MUSTANG PANDA CN | This threat actor targets nongovernmental organizations using Mongolian-themed lures for espionage purposes. In April 2017, CrowdStrike Falcon Intelligence obs… |
| Naikon | Naikon CN | Kaspersky described Naikon in a 2015 report as: 'The Naikon group is mostly active in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam… |
| Night Dragon | Night Dragon CN | Night Dragon is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0014. Original record: Night Drag… |
| Nitro | Nitro CN | These attackers were the subject of an extensive report by Symantec in 2011, which termed the attackers Nitro and stated: 'The goal of the attackers appears to… |
| Operation DRBControl | Operation DRBControl CN | Operation DRBControl is a cyberespionage campaign targeting gambling companies in Southeast Asia, first identified in 2019. The operation involves the use of H… |
| Operation Red Signature | Operation Red Signature CN | The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of inte… |
| Operation Shadow Force | Operation Shadow Force CN | Operation Shadow Force is a group of malware that is representative of Shadow Force and Wgdrop from 2013 to 2020, and is a group activity that attacks Korean c… |
| PALE PANDA | PALE PANDA CN | PALE PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: PALE PANDA is a Chinese-attributed threat actor … |
| PassCV | PassCV CN | The PassCV group continues to be one of the most successful and active threat groups that leverage a wide array of stolen Authenticode-signing certificates. S… |
| PlushDaemon | PlushDaemon CN | PlushDaemon is a China-aligned APT group that has conducted cyberespionage operations against targets in China, Taiwan, Hong Kong, South Korea, the United Stat… |
| POISONUS PANDA | POISONUS PANDA CN | POISONUS PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: POISONUS PANDA is a Chinese-attributed threa… |
| PREDATOR PANDA | PREDATOR PANDA CN | PREDATOR PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: PREDATOR PANDA is a Chinese-attributed threa… |
| PurpleHaze | PurpleHaze CN | PurpleHaze is a China-nexus threat actor tracked by SentinelLABS, linked to APT15, known for targeting critical infrastructure sectors such as telecommunicatio… |
| RADIO PANDA | RADIO PANDA CN | RADIO PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Shrouded Crossbow. Original record:… |
| RANCOR | RANCOR CN | The Rancor group’s attacks use two primary malware families which are naming DDKONG and PLAINTEE. DDKONG is used throughout the campaign and PLAINTEE appears t… |
| Raspberry Typhoon | Raspberry Typhoon CN | Microsoft has tracked Raspberry Typhoon (RADIUM) as the primary threat group targeting nations that ring the South China Sea. Raspberry Typhoon consistently ta… |
| Red Dev 17 | Red Dev 17 CN | In 2021, PwC started tracking a series of intrusions under the moniker of Red Dev 17 that they assess were highly likely conducted by a China-based threat acto… |
| Red Menshen | Red Menshen CN | Since 2021, Red Menshen, a China based threat actor, which has been observed targeting telecommunications providers across the Middle East and Asia, as well as… |
| Red Nue | Red Nue CN | Red Nue, active since at least 2017, is known for its use of the multi-platform LootRAt backdoor, also known as ReverseWindow. LootRAT has variants for Windows… |
| RedGolf | RedGolf CN | Recorded Future’s Insikt Group has identified a large cluster of new operational infrastructure associated with use of the custom Windows and Linux backdoor KE… |
| RedJuliett | RedJuliett CN | RedJuliett is a likely Chinese state-sponsored threat actor targeting government, academic, technology, and diplomatic organizations in Taiwan. They exploit vu… |
| REF2924 | REF2924 CN | A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the resear… |
| REF7707 | REF7707 CN | REF7707 is a cyber campaign targeting government entities, particularly a foreign ministry in South America, utilizing malware families such as FinalDraft, Gui… |
| SABRE PANDA | SABRE PANDA CN | SABRE PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: SABRE PANDA is a Chinese-attributed threat acto… |
| SAMURAI PANDA | SAMURAI PANDA CN | SAMURAI PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as PLA Navy, Wisp Team. Operational … |
| Sandman APT | Sandman APT CN | First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifically STO… |
| Scarab | Scarab CN | Scarab APT was first spotted in 2015, but is believed to have been active since at least 2012, conducting surgical attacks against a small number of individual… |
| Scarlet Mimic | Scarlet Mimic CN | Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group’s mo… |
| Shadow-Earth-053 | Shadow-Earth-053 CN | SHADOW-EARTH-053 is a China-aligned threat group exploiting unpatched Microsoft Exchange Server vulnerabilities, specifically CVE-2021-26855, to conduct cybere… |
| ShaggyPanther | ShaggyPanther CN | ShaggyPanther is a threat actor that primarily targets government entities in Taiwan and Malaysia. They have been active since 2008 and utilize hidden encrypte… |
| SharpPanda | SharpPanda CN | SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phish… |
| SilkSpecter | SilkSpecter CN | SilkSpecter is a Chinese financially motivated threat actor that orchestrates phishing campaigns targeting e-commerce shoppers, particularly during peak shoppi… |
| SLIME29 | SLIME29 CN | SLIME29 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Private Sector sector. Original… |
| Smishing Triad | Smishing Triad CN | The Smishing Triad is a Chinese-speaking threat group known for targeting postal services and their customers globally through smishing campaigns. They leverag… |
| SneakyChef | SneakyChef CN | SneakyChef is a threat actor known for using the SugarGh0st RAT to target government agencies, research institutions, and organizations worldwide. They have be… |
| SPICY PANDA | SPICY PANDA CN | SPICY PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: SPICY PANDA is a Chinese-attributed threat acto… |
| Storm Cloud | Storm Cloud CN | Storm Cloud is a Chinese espionage threat actor known for targeting organizations across Asia, particularly Tibetan organizations and individuals. They use a v… |
| Storm-0062 | Storm-0062 CN | The cyberattack campaign that Microsoft uncovered was launched by a China-linked hacking group called Storm-0062. According to the company, the group is launch… |
| Storm-0558 | Storm-0558 CN | Storm-0558 is a China-based threat actor with espionage objectives. While there are some minimal overlaps with other Chinese groups such as Violet Typhoon (ZIR… |
| Storm-0940 | Storm-0940 CN | Storm-0940 is a Chinese threat actor active since at least 2021, known for gaining initial access through password spray and brute-force attacks, as well as ex… |
| Storm-1175 | Storm-1175 CN | Storm-1175 is a cybercriminal group known for deploying Medusa ransomware and exploiting public-facing applications for initial access. They have been observed… |
| Storm-2077 | Storm-2077 CN | TAG-100 is a cyber-espionage APT that targets government and private sector organizations globally, exploiting vulnerabilities in internet-facing devices such … |
| Storm-2603 | Storm-2603 CN | The group Microsoft tracks as Storm-2603 is assessed with medium confidence to be a China-based threat actor. Microsoft has not identified links between Storm-… |
| TA428 | TA428 CN | Proofpoint researchers have identified a targeted APT campaign that utilized malicious RTF documents to deliver custom malware to unsuspecting victims. We dubb… |
| TA459 | TA459 CN | TA459 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0062. Original record: TA459 is a Chines… |
| TA530 | TA530 CN | TA530 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: TA530 is a Chinese-attributed threat actor catalogued… |
| TAG-112 | TAG-112 CN | TAG-112 is a Chinese state-sponsored APT that compromised Tibetan websites, including Tibet Post and Gyudmed Tantric University, to deliver Cobalt Strike malwa… |