2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 551–600 of 1,546 in Other · page 12 of 31
| ID | Title | Summary |
|---|---|---|
| HELLSING | Hellsing | This threat actor uses spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the United States. It also seems to have target… |
| HENBOX | HenBox | This threat actor targets Uighurs—a minority ethnic group located primarily in northwestern China—and devices from Chinese mobile phone manufacturer Xiaomi, fo… |
| HexagonalRodent | HexagonalRodent | HexagonalRodent targets Web3 developers to steal crypto assets, employing social engineering tactics such as fake job offers. They utilize malware like BeaverT… |
| HEXAGONALRODENT | HexagonalRodent | HexagonalRodent targets Web3 developers to steal crypto assets, employing social engineering tactics such as fake job offers. They utilize malware like BeaverT… |
| Hezb | Hezb | Hezb is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Mimo. Original record: Hezb is a group deploying cryptominers… |
| HEZB | Hezb | Hezb is a group deploying cryptominers when new exploit are available for public facing vulnerabilities. The name is after the miner process they deploy. |
| HIDDENART | HiddenArt | It was observed that a mobile network threat actor designated as ‘HiddenArt’ actively sustains a capacity to remotely access the personal devices of targeted i… |
| HIGAISA | Higaisa | The organization often uses important North Korean time nodes such as holidays and North Korea to conduct fishing activities. The bait includes New Year blessi… |
| HikkI-Chan | HikkI-Chan | Hikki-Chan has claimed responsibility for multiple significant data breaches, including the theft of data from 390.4 million users of VKontakte, which included… |
| HIKKI-CHAN | HikkI-Chan | Hikki-Chan has claimed responsibility for multiple significant data breaches, including the theft of data from 390.4 million users of VKontakte, which included… |
| HIVE-0145 | HIVE-0145 | Hive0145 is a financially motivated initial access broker that has been active since late 2022, primarily utilizing Strela Stealer malware to target email cred… |
| HIVE-0145 | HIVE-0145 | Hive0145 is a financially motivated initial access broker that has been active since late 2022, primarily utilizing Strela Stealer malware to target email cred… |
| Hive0117 | Hive0117 | Hive0117 is a financially motivated cybercriminal group that conducts phishing campaigns to deliver the fileless malware DarkWatchman, which is capable of keyl… |
| HIVE0117 | Hive0117 | Hive0117 is a financially motivated cybercriminal group that conducts phishing campaigns to deliver the fileless malware DarkWatchman, which is capable of keyl… |
| Hive0137 | Hive0137 | Being one of the most active malware distributors, Hive0137 demonstrates a willingness to explore new payloads and technologies such as GenAI. They have quickl… |
| HIVE0137 | Hive0137 | Being one of the most active malware distributors, Hive0137 demonstrates a willingness to explore new payloads and technologies such as GenAI. They have quickl… |
| Hive0163 | Hive0163 | Hive0163 is a financially motivated ransomware group responsible for deploying Interlock ransomware, utilizing ClickFix social engineering for initial access. … |
| HIVE0163 | Hive0163 | Hive0163 is a financially motivated ransomware group responsible for deploying Interlock ransomware, utilizing ClickFix social engineering for initial access. … |
| HollowQuill | HollowQuill | SEQRITE Labs APT-Team has been tracking and has uncovered a campaign targeting the Baltic State Technical University, a well-known institution for various defe… |
| HOLLOWQUILL | HollowQuill | SEQRITE Labs APT-Team has been tracking and has uncovered a campaign targeting the Baltic State Technical University, a well-known institution for various defe… |
| HOMELAND-JUSTICE | HomeLand Justice | HomeLand Justice is an Iranian state-sponsored cyber threat group that has been active since at least May 2021. They have targeted various organizations, inclu… |
| Honeybee | Honeybee | McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as ba… |
| HONEYBEE | Honeybee | McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as ba… |
| HookAds | HookAds | HookAds is a malvertising campaign that purchases cheap ad space on low quality ad networks commonly used by adult web sites, online games, or blackhat seo sit… |
| HOOKADS | HookAds | HookAds is a malvertising campaign that purchases cheap ad space on low quality ad networks commonly used by adult web sites, online games, or blackhat seo sit… |
| HOUKEN | Houken | Houken is a Chinese state-sponsored threat actor that exploits zero-day vulnerabilities in Ivanti Cloud Services Appliance devices to gain initial access to cr… |
| HOUND SPIDER | HOUND SPIDER | HOUND SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: HOUND SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Ga… |
| HOUND-SPIDER | HOUND SPIDER | According to Crowdstrike, HOUND SPIDER affiliates arrested in Romania on December,2017 |
| HUMMINGBAD | HummingBad | This group created a malware that takes over Android devices and generates $300,000 per month in fraudulent ad revenue. The group effectively controls an arse… |
| HUNT3R-KILL3RS | Hunt3r Kill3rs | Hunt3r Kill3rs is a newly emerged threat group claiming expertise in cyber operations, including ICS breaches and web application vulnerabilities exploitation.… |
| HURRICANE-PANDA | HURRICANE PANDA | We have investigated their intrusions since 2013 and have been battling them nonstop over the last year at several large telecommunications and technology comp… |
| ICEPEONY | IcePeony | IcePeony is a China-nexus APT group that has been active since at least 2023, targeting government agencies, academic institutions, and political organizations… |
| IMPERSONATING-PANDA | IMPERSONATING PANDA | |
| INCEPTION-FRAMEWORK | Inception Framework | This threat actor uses spear-phishing techniques to target private-sector energy, defense, aerospace, research, and media organizations and embassies in Africa… |
| INDIGOZEBRA | IndigoZebra | IndigoZebra is a Chinese state-sponsored actor mentioned for the first time by Kaspersky in its APT Trends report Q2 2017, targeting, at the time of its discov… |
| INDOHAXSEC-TEAM | INDOHAXSEC TEAM | INDOHAXSEC TEAM is an Indonesian group that claims to have developed a web-based version of WannaCry, asserting the ability to encrypt websites and demand Bitc… |
| INDRIK-SPIDER | INDRIK SPIDER | INDRIK SPIDER is a sophisticated eCrime group that has been operating Dridex since June 2014. In 2015 and 2016, Dridex was one of the most prolific eCrime bank… |
| INFRASTRUCTURE-DESTRUCTION-SQUAD | Infrastructure Destruction Squad | Dark Engine has emerged as a significant threat actor targeting industrial control systems and SCADA systems in sectors such as metallurgy and food processing.… |
| INFY | Infy | Infy is a group of suspected Iranian origin. Since early 2013, we have observed activity from a unique threat actor group, which we began to investigate based … |
| INJ3CTOR3 | INJ3CTOR3 | INJ3CTOR3 is a threat actor first identified in 2020, known for targeting vulnerabilities in VoIP systems, specifically CVE-2019-19006 and CVE-2021-45461. Thei… |
| INJ3CTOR3 | INJ3CTOR3 | INJ3CTOR3 is a threat actor first identified in 2020, known for targeting vulnerabilities in VoIP systems, specifically CVE-2019-19006 and CVE-2021-45461. Thei… |
| INTEID | Inteid | Inteid is a member of the Russian Legion alliance, which includes groups like Cardinal and The White Pulse, and has been involved in DDoS attacks targeting Den… |
| IntelBroker | IntelBroker | IntelBroker is a threat actor known for orchestrating high-profile data breaches targeting companies like Apple, Zscaler, and Facebook Marketplace. They have a… |
| INTELBROKER | IntelBroker | IntelBroker is a threat actor known for orchestrating high-profile data breaches targeting companies like Apple, Zscaler, and Facebook Marketplace. They have a… |
| InvisiMole | InvisiMole | InvisiMole is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Government sector. Documented victim organisati… |
| INVISIMOLE | InvisiMole | Adversary group targeting diplomatic missions, governmental and military organisations, mainly in Ukraine. |
| IRIDIUM | IRIDIUM | Resecurity’s research indicates that the attack on Parliament is a part of a multi-year cyberespionage campaign orchestrated by a nation-state actor whom we ar… |
| IRLeaks | IRLeaks | IRLeaks is a threat actor known for significant cyberattacks targeting Iranian organizations, including a major breach of SnappFood, where they exfiltrated 3TB… |
| IRLEAKS | IRLeaks | IRLeaks is a threat actor known for significant cyberattacks targeting Iranian organizations, including a major breach of SnappFood, where they exfiltrated 3TB… |
| Iron Group | Iron Group | Iron group has developed multiple types of malware (backdoors, crypto-miners, and ransomware) for Windows, Linux and Android platforms. They have used their ma… |