2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 151–200 of 204 in CN · page 4 of 5
| ID | Title | Summary |
|---|---|---|
| TAG-28 | TAG-28 CN | TAG-28 is a Chinese state-sponsored threat actor that has been targeting Indian organizations, including media conglomerates and government agencies. They have… |
| TaskMasters | TaskMasters CN | TaskMasters is a state-sponsored Chinese APT that has been active since at least 2010, primarily targeting industrial, energy, and government sectors in Russia… |
| Teleboyi | Teleboyi CN | Teleboyi is a threat actor reportedly based in China, associated with the PlugX RAT. TeamT5 identified a custom PlugX loader used by Teleboyi that employs a si… |
| TEMP_Heretic | TEMP_Heretic CN | TEMP_Heretic is a threat actor that has been observed engaging in targeted spear-phishing campaigns. They exploit vulnerabilities in email platforms, such as Z… |
| TEMPER PANDA | TEMPER PANDA CN | China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in finan… |
| TempTick | TempTick CN | This threat actor targets organizations in the finance, defense, aerospace, technology, health-care, and automotive sectors and media organizations in East Asi… |
| TEST PANDA | TEST PANDA CN | TEST PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: TEST PANDA is a Chinese-attributed threat actor … |
| TianWu | TianWu CN | TianWu is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Private Sector, Gambling compani… |
| Tick | Tick CN | Tick is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group appears to have close ties to the Chinese Natio… |
| TIDRONE | TIDRONE CN | TIDRONE is an unidentified threat actor linked to Chinese-speaking groups, with a focus on military-related industry chains, particularly drone manufacturers i… |
| TiltedTemple | TiltedTemple CN | One of their notable tools is a custom backdoor called SockDetour, which operates filelessly and socketlessly on compromised Windows servers. The group's activ… |
| Tonto Team | Tonto Team CN | Tonto Team is a Chinese-speaking APT group that has been active since at least 2013. They primarily target military, diplomatic, and infrastructure organizatio… |
| TOXIC PANDA | TOXIC PANDA CN | TOXIC PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: TOXIC PANDA is a Chinese-attributed threat acto… |
| Tstark | Tstark CN | TStark is a threat actor identified by X-Ops, associated with a cluster of devices that executed the bookmark buffer overflow exploit targeting CVE-2020-15069 … |
| TunnelSnake | TunnelSnake CN | The TunnelSnake campaign demonstrates the activity of a sophisticated actor that invests significant resources in designing an evasive toolset and infiltrating… |
| UAT-6382 | UAT-6382 CN | UAT-6382 is a Chinese-speaking threat actor that exploits CVE-2025-0944 to gain access to enterprise networks, particularly targeting local governing bodies in… |
| UAT-7237 | UAT-7237 CN | UAT-7237 is a Chinese-speaking APT group that has been active since at least 2022, primarily targeting web infrastructure entities in Taiwan. They utilize a cu… |
| UAT-8099 | UAT-8099 CN | UAT-8099 is a Chinese-speaking cybercrime group primarily engaged in SEO fraud and the theft of high-value credentials, configuration files, and certificate da… |
| UAT-8302 | UAT-8302 CN | UAT-8302 is a sophisticated China-nexus APT group targeting government entities in South America and southeastern Europe, deploying custom-made malware such as… |
| UAT-8837 | UAT-8837 CN | UAT-8837 is a sophisticated China-linked APT group exploiting critical zero-day vulnerabilities, such as CVE-2025-53690 in the Sitecore platform, to achieve re… |
| UAT-9244 | UAT-9244 CN | UAT-9244 is a China-nexus APT actor, disclosed by Cisco Talos on March 5, 2026, assessed with high confidence as closely associated with Famous Sparrow and ove… |
| UAT-9686 | UAT-9686 CN | UAT-9686 is a Chinese state-sponsored APT known for targeting networking infrastructure and edge appliances through a sophisticated espionage campaign. They ex… |
| UAT-9921 | UAT-9921 CN | UAT-9921 is a China-nexus threat actor active since 2019, tracked by Cisco Talos. In 2026, they were observed deploying 'VoidLink', a sophisticated modular fra… |
| UNC215 | UNC215 CN | UNC215 is a Chinese nation-state threat actor that has been active since at least 2014. They have targeted organizations in various sectors, including governme… |
| UNC2630 | UNC2630 CN | UNC2630 is a threat actor believed to be affiliated with the Chinese government. They engage in cyber espionage activities, targeting organizations aligned wit… |
| UNC2717 | UNC2717 CN | UNC2717 is a threat actor that engages in espionage activities aligned with Chinese government priorities. They demonstrate advanced tradecraft and take measur… |
| UNC2814 | UNC2814 CN | UNC2814 is a suspected PRC-nexus cyber espionage group that has targeted telecommunications providers and government entities globally since at least 2017. The… |
| UNC3569 | UNC3569 CN | China-nexus espionage actor that has been observed exploiting vulnerabilities in Aspera Faspex, Microsoft Exchange, and Oracle Web Applications Desktop Integra… |
| UNC3886 | UNC3886 CN | UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns. UNC3… |
| UNC4191 | UNC4191 CN | UNC4191 is a China-linked threat actor that has been involved in cyber espionage campaigns targeting public and private sectors primarily in Southeast Asia. Th… |
| UNC4540 | UNC4540 CN | UNC4540 is a suspected Chinese threat actor targeting unpatched SonicWall Secure Mobile Access appliances to deploy custom malware that establishes long-term p… |
| UNC4841 | UNC4841 CN | UNC4841 is a well-resourced threat actor that has utilized a wide range of malware and purpose-built tooling to enable their global espionage operations. They … |
| UNC5325 | UNC5325 CN | UNC5325 is a suspected Chinese cyber espionage operator that exploited CVE-2024-21893 to compromise Ivanti Connect Secure appliances. UNC5325 leveraged code fr… |
| UNC5330 | UNC5330 CN | UNC5330 is a suspected China-nexus espionage actor. UNC5330 has been observed chaining CVE-2024-21893 and CVE-2024-21887 to compromise Ivanti Connect Secure VP… |
| UNC5337 | UNC5337 CN | UNC5337 is a suspected China-nexus espionage actor that compromised Ivanti Connect Secure VPN appliances as early as Jan. 2024. UNC5337 is suspected to exploit… |
| UNC6201 | UNC6201 CN | UNC6201 is a sophisticated Chinese state-sponsored hacking group that exploited CVE-2026–22769, a critical vulnerability in Dell RecoverPoint for Virtual Machi… |
| UNC6384 | UNC6384 CN | UNC6384 (also tracked as Vertigo Panda) is a Chinese-affiliated APT that conducts targeted espionage campaigns primarily against diplomatic entities in Southea… |
| Unfading Sea Haze | Unfading Sea Haze CN | Unfading Sea Haze is a threat actor focused on espionage, targeting government and military organizations in the South China Sea region since 2018. They employ… |
| UNION PANDA | UNION PANDA CN | UNION PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: UNION PANDA is a Chinese-attributed threat acto… |
| Unnamed Actor | Unnamed Actor CN | This threat actor compromises civil society groups the Chinese Communist Party views as hostile to its interests, such as Tibetan, Uyghur, Hong Kong, and Taiwa… |
| UnsolicitedBooker | UnsolicitedBooker CN | UnsolicitedBooker is a China-aligned APT group known for its persistent targeting of an unnamed international organization in Saudi Arabia, employing a backdoo… |
| UTA0178 | UTA0178 CN | While Volexity largely observed the attacker essentially living off the land, they still deployed a handful of malware files and tools during the course of the… |
| UTA0388 | UTA0388 CN | UTA0388 is a China-aligned APT known for spear-phishing campaigns targeting organizations in North America, Asia, and Europe, primarily to deliver a Go-based i… |
| Vicious Panda | Vicious Panda CN | Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver… |
| Volt Typhoon | Volt Typhoon CN | [Microsoft] Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderat… |
| WARP PANDA | WARP PANDA CN | WARP PANDA is a China-nexus APT that targets VMware vCenter environments and Microsoft Azure infrastructures, primarily focusing on legal, technology, and manu… |
| Water Sigbin | Water Sigbin CN | The 8220 Gang, also known as Water Sigbin, is a threat actor group that focuses on deploying cryptocurrency-mining malware. They exploit vulnerabilities in Ora… |
| Webworm | Webworm CN | Space Pirates is a cybercrime group that has been active since at least 2017. They primarily target Russian companies and have been observed using various malw… |
| WET PANDA | WET PANDA CN | WET PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Red Chimera. Original record: WET PAN… |
| WIP19 | WIP19 CN | WIP19 is a Chinese-speaking threat group involved in espionage targeting the Middle East and Asia. They utilize a stolen certificate to sign their malware, inc… |