2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1–50 of 59 in IR · page 1 of 2
| ID | Title | Summary |
|---|---|---|
| Ababil of Minab | Ababil of Minab IR | Ababil of Minab is an emerging pro-Iranian hacktivist group with a limited public profile and little verifiable prior activity in threat intelligence reporting… |
| AppMilad | AppMilad IR | AppMilad is an Iranian hacking group that has been identified as the source of a spyware campaign called RatMilad. This spyware is designed to silently infiltr… |
| APT33 | APT33 IR | APT33 is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as APT 33, Elfin, MAGNALLIUM (and 7 more). O… |
| APT35 | APT35 IR | FireEye has identified APT35 operations dating back to 2014. APT35, also known as the Newscaster Team, is a threat group sponsored by the Iranian government th… |
| APT39 | APT39 IR | APT39 was created to bring together previous activities and methods used by this actor, and its activities largely align with a group publicly referred to as "… |
| APT42 | APT42 IR | Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations o… |
| APTIran | APTIran IR | APTIran has claimed responsibility for a large-scale campaign targeting Israeli critical infrastructure, asserting infiltration of government ministries, hospi… |
| BANISHED KITTEN | BANISHED KITTEN IR | BANISHED KITTEN is an Iranian state-nexus adversary active since at least 2008. While the adversary’s most prominent activity is the July and September 2022 di… |
| BladedFeline | BladedFeline IR | BladedFeline is an Iran-aligned APT group that has been active since at least 2017, targeting Iraqi and Kurdish government officials for cyberespionage. The gr… |
| Bohrium | Bohrium IR | Bohrium is an Iranian threat actor that has been involved in spear-phishing operations targeting organizations in the US, Middle East, and India. They often cr… |
| Cadelle | Cadelle IR | Symantec telemetry identified Cadelle and Chafer activity dating from as far back as July 2014, however, it’s likely that activity began well before this date.… |
| Charming Kitten | Charming Kitten IR | Charming Kitten is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Newscaster, Parastoo, iKittens … |
| Cleaver | Cleaver IR | A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. or… |
| Clever Kitten | Clever Kitten IR | Clever Kitten is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Group 41. Original record: Clever… |
| CopyKittens | CopyKittens IR | CopyKittens is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Slayer Kitten, G0052. Operational t… |
| Cotton Sandstorm | Cotton Sandstorm IR | Cotton Sandstorm is an Iranian threat actor involved in hack-and-leak operations. They have targeted various organizations, including the French satirical maga… |
| Cuboid Sandstorm | Cuboid Sandstorm IR | Cuboid Sandstorm is an Iranian threat actor that targeted an Israel-based IT company in July 2021. They gained access to the company's network and used it to c… |
| Cutting Kitten | Cutting Kitten IR | One of the threat actors responsible for the denial of service attacks against U.S in 2012–2013. Three individuals associated with the group—believed to be hav… |
| Cyber Av3ngers | Cyber Av3ngers IR | The hacktivist group ‘Cyber Av3ngers’ has historically claimed attacks on Israel’s critical infrastructures. It has been launching DDoS attacks and claiming br… |
| Cyber fighters of Izz Ad-Din Al Qassam | Cyber fighters of Izz Ad-Din Al Qassam IR | Cyber fighters of Izz Ad-Din Al Qassam is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Fraterna… |
| Cyber Islamic Resistance | Cyber Islamic Resistance IR | Cyber Islamic Resistance is a hacktivist collective ideologically aligned with Iran, engaging in operations such as website defacements, DDoS attacks, and data… |
| Cyber Toufan | Cyber Toufan IR | Cyber Toufan is a threat actor group that has gained prominence for its cyberattacks targeting Israeli organizations. The group's tactics suggest potential nat… |
| DEV-0270 | DEV-0270 IR | Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a s… |
| Domestic Kitten | Domestic Kitten IR | An extensive surveillance operation targets specific groups of individuals with malicious mobile apps that collect sensitive information on the device along wi… |
| Edalat-e Ali | Edalat-e Ali IR | Edalat-e Ali is a hacktivist group known for disrupting Iranian state-run TV and radio transmissions during significant events, such as the Revolution Day cere… |
| Educated Manticore | Educated Manticore IR | Educated Manticore is an Iranian APT group aligned with the Islamic Revolutionary Guard Corps, primarily engaged in espionage targeting government, military, a… |
| Ferocious Kitten | Ferocious Kitten IR | Ferocious Kitten is an APT group that has been active against Persian-speaking individuals since 2015 and appears to be based in Iran. Although it has been act… |
| Flying Kitten | Flying Kitten IR | Flying Kitten is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as SaffronRose, Saffron Rose, AjaxSe… |
| Fox Kitten | Fox Kitten IR | PIONEER KITTEN is an Iran-based adversary that has been active since at least 2017 and has a suspected nexus to the Iranian government. This adversary appears … |
| Gray Sandstorm | Gray Sandstorm IR | Gray Sandstorm is an Iran-linked threat actor that has been active since at least 2012. They have targeted defense technology companies, maritime transportatio… |
| Greenbug | Greenbug IR | Greenbug is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Greenbug was discovered targeting a range of organ… |
| HomeLand Justice | HomeLand Justice IR | HomeLand Justice is an Iranian state-sponsored cyber threat group that has been active since at least May 2021. They have targeted various organizations, inclu… |
| Infy | Infy IR | Infy is a group of suspected Iranian origin. Since early 2013, we have observed activity from a unique threat actor group, which we began to investigate based … |
| IRIDIUM | IRIDIUM IR | Resecurity’s research indicates that the attack on Parliament is a part of a multi-year cyberespionage campaign orchestrated by a nation-state actor whom we ar… |
| LYCEUM | LYCEUM IR | Lyceum is an Iranian APT group that has been active since at least 2014. They primarily target Middle Eastern governments and organizations in the energy and t… |
| Madi | Madi IR | Kaspersky Lab and Seculert worked together to sinkhole the Madi Command & Control (C&C) servers to monitor the campaign. Kaspersky Lab and Seculert identified … |
| Magic Kitten | Magic Kitten IR | Earliest activity back to November 2008. An established group of cyber attackers based in Iran, who carried on several campaigns in 2013, including a series of… |
| MalKamak | MalKamak IR | MalKamak is an Iranian threat actor that has been operating since at least 2018. They have been involved in highly targeted cyber espionage campaigns against g… |
| MosesStaff | MosesStaff IR | MosesStaff is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Moses Staff, Marigold Sandstorm, DEV… |
| MuddyWater | MuddyWater IR | The MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including t… |
| OilRig | OilRig IR | OilRig is an Iranian threat group operating primarily in the Middle East by targeting organizations in this region that are in a variety of different industrie… |
| Pink Sandstorm | Pink Sandstorm IR | Agonizing Serpens is an Iranian-linked APT group that has been active since 2020. They are known for their destructive wiper and fake-ransomware attacks, prima… |
| Rocket Kitten | Rocket Kitten IR | Targets Saudi Arabia, Israel, US, Iran, high ranking defense officials, embassies of various target countries, notable Iran researchers, human rights activists… |
| Sands Casino | Sands Casino IR | Sands Casino is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Sands Casino is a Iranian-attributed threat ac… |
| Scarred Manticore | Scarred Manticore IR | Scarred Manticore has been pursuing high-value targets for years, utilizing a variety of IIS-based backdoors to attack Windows servers. These include a variety… |
| Shahid Hemmat | Shahid Hemmat IR | Shahid Hemmat is an IRGC-CEC affiliated hacking group linked to cyberattacks targeting U.S. critical infrastructure, including the defense industry and interna… |
| Shamoon Group | Shamoon Group IR | Shamoon Group is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Cutting Sword of Justice. Origina… |
| Silent Librarian | Silent Librarian IR | Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. Accordi… |
| Sima | Sima IR | Sima is a group of suspected Iranian origin targeting Iranians in diaspora. In February 2016, Iran-focused individuals received messages purporting to be from … |
| Storm-1084 | Storm-1084 IR | Storm-1084 is a threat actor that has been observed collaborating with the MuddyWater group. They have used the DarkBit persona to mask their involvement in ta… |