2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
25 in KP · 2,004 total
| ID | Title | Summary |
|---|---|---|
| APT37 | APT37 KP | APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its … |
| APT45 | APT45 KP | APT45 is a North Korean cyber threat actor that has been active since at least 2009. They have conducted espionage campaigns targeting government agencies and … |
| ELUSIVE COMET | ELUSIVE COMET KP | ELUSIVE COMET is a threat actor responsible for significant cryptocurrency theft through sophisticated social engineering attacks, particularly leveraging Zoom… |
| Kimsuky | Kimsuky KP | Kimsuky is a North Korean-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Velvet Chollima, Black Banshee, Th… |
| Larva-24005 | Larva-24005 KP | Larva-24005 is a threat actor that breaches servers in Korea to establish a web server and PHP environment for phishing attacks, primarily targeting individual… |
| Lazarus Group | Lazarus Group KP | Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltratio… |
| Nickel Alley | Nickel Alley KP | NICKEL ALLEY is a North Korean threat group that targets technology professionals through fake job opportunities, employing social engineering tactics such as … |
| OnionDog | OnionDog KP | OnionDog is a North Korean-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Government and Private se… |
| Opal Sleet | Opal Sleet KP | Konni is a threat actor associated with APT37, a North Korean cyber crime group. They have been active since 2012 and are known for their cyber-espionage activ… |
| Pearl Sleet | Pearl Sleet KP | Pearl Sleet is a nation state activity group based in North Korea that has been active since at least 2012. They primarily target defectors from North Korea, m… |
| puNK-003 | puNK-003 KP | puNK-003 is a North Korean APT group known for deploying the Lilith RAT, a sophisticated C++ remote access trojan, and its AutoIt variant, CURKON, which functi… |
| Ruby Sleet | Ruby Sleet KP | Ruby Sleet is a threat actor linked to North Korea's Ministry of State Security. Cerium has been involved in spear-phishing campaigns, compromising devices, an… |
| Silent Chollima | Silent Chollima KP | Andariel is a threat actor that primarily targets South Korean corporations and institutions. They are believed to collaborate with or operate as a subsidiary … |
| Storm-0530 | Storm-0530 KP | H0lyGh0st is a North Korean threat actor that has been active since June 2021. They are responsible for developing and deploying the H0lyGh0st ransomware, whic… |
| TA406 | TA406 KP | TA406 is a North Korean-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Government, Journalists, and… |
| TA444 | TA444 KP | TA444 is a North Korea state-sponsored threat actor that primarily focuses on financially motivated operations. They have been active since at least 2017 and h… |
| TEMP.Hermit | TEMP.Hermit KP | TEMP.Hermit is a North Korean-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: TEMP.Hermit is a North Korean-attributed t… |
| TraderTraitor | TraderTraitor KP | TraderTraitor targets blockchain companies through spear-phishing messages. The group sends these messages to employees, particularly those in system administr… |
| UAT-5394 | UAT-5394 KP | UAT-5394 is a state-sponsored North Korean threat actor known for developing the MoonPeak RAT, which is based on XenoRAT. They have transitioned from using Qua… |
| UNC1069 | UNC1069 KP | CryptoCore is a North Korean APT known for targeting cryptocurrency exchanges and financial institutions, employing spear-phishing techniques that lead to LONE… |
| UNC2970 | UNC2970 KP | UNC2970 is a North Korean threat actor that primarily targets organizations through spear-phishing emails with job recruitment themes, often utilizing fake Lin… |
| UNC4736 | UNC4736 KP | UNC4736 is a North Korean threat actor that has been involved in supply chain attacks targeting software chains of 3CX and X_TRADER. They have used malware str… |
| UNC5342 | UNC5342 KP | UNC5342 is a North Korea-linked APT that employs the EtherHiding technique to deliver malware and facilitate cryptocurrency theft. The actor has been observed … |
| WageMole | WageMole KP | WageMole is a North Korean state-sponsored APT that employs social engineering and technology to secure remote job opportunities in Western countries, leveragi… |
| Wassonite | Wassonite KP | WASSONITE is a North Korea-linked APT that has targeted industrial sectors, including electric generation, nuclear energy, manufacturing, and research entities… |