2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 601–650 of 1,546 in Other · page 13 of 31
| ID | Title | Summary |
|---|---|---|
| IRON-GROUP | Iron Group | Iron group has developed multiple types of malware (backdoors, crypto-miners, and ransomware) for Windows, Linux and Android platforms. They have used their ma… |
| IronErn440 | IronErn440 | IronErn440 is a threat actor tracked by Oligo Security for orchestrating the ShadowRay 2.0 campaign, an evolution of attacks since September 2023 exploiting CV… |
| IRONERN440 | IronErn440 | IronErn440 is a threat actor tracked by Oligo Security for orchestrating the ShadowRay 2.0 campaign, an evolution of attacks since September 2023 exploiting CV… |
| IRONHUSKY | IronHusky | IronHusky is a Chinese-based threat actor first attributed in July 2017 targeting Russian and Mongolian governments, as well as aviation companies and research… |
| ItaDuke | ItaDuke | ItaDuke is an actor known since 2013. It used PDF exploits for dropping malware and Twitter accounts to store C2 server urls. On 2018, an actor named DarkUnive… |
| ITADUKE | ItaDuke | ItaDuke is an actor known since 2013. It used PDF exploits for dropping malware and Twitter accounts to store C2 server urls. On 2018, an actor named DarkUnive… |
| JABAROOT | Jabaroot | JabaRoot is an Algerian hacker group that has targeted Moroccan government systems, successfully exfiltrating sensitive data from the Ministry of Economic Incl… |
| JavaGhost | JavaGhost | JavaGhost is a threat actor group that has targeted cloud environments, particularly AWS, for phishing campaigns without engaging in data theft for extortion. … |
| JAVAGHOST | JavaGhost | JavaGhost is a threat actor group that has targeted cloud environments, particularly AWS, for phishing campaigns without engaging in data theft for extortion. … |
| JINX-0126 | JINX-0126 | Wiz Threat Research identified a new variant of an ongoing malicious campaign targeting misconfigured and publicly exposed PostgreSQL servers. In the observed … |
| JINX-0126 | JINX-0126 | Wiz Threat Research identified a new variant of an ongoing malicious campaign targeting misconfigured and publicly exposed PostgreSQL servers. In the observed … |
| JINX-0164 | JINX-0164 | JINX-0164 is a financially motivated threat actor active since mid-2025, primarily targeting software developers through recruitment-themed social engineering … |
| JuiceLedger | JuiceLedger | JuiceLedger is a threat actor known for infostealing through their JuiceStealer .NET assembly. They have evolved from spreading fraudulent applications to cond… |
| JUICELEDGER | JuiceLedger | JuiceLedger is a threat actor known for infostealing through their JuiceStealer .NET assembly. They have evolved from spreading fraudulent applications to cond… |
| Kairos | Kairos | Kairos is an extortion group that emerged with a data-leak site on 13 November 2024, claiming attacks against six organizations, primarily in the US healthcare… |
| KAIROS | Kairos | Kairos is an extortion group that emerged with a data-leak site on 13 November 2024, claiming attacks against six organizations, primarily in the US healthcare… |
| Karakurt | Karakurt | Karakurt actors have employed a variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. Karakurt vic… |
| KARAKURT | Karakurt | Karakurt actors have employed a variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. Karakurt vic… |
| Karkadann | Karkadann | Karkadann is a threat actor that has been active since at least October 2020, targeting government bodies and news outlets in the Middle East. They have been i… |
| KARKADANN | Karkadann | Karkadann is a threat actor that has been active since at least October 2020, targeting government bodies and news outlets in the Middle East. They have been i… |
| KASABLANKA | Kasablanka | The Kasablanka group is a cyber-criminal organization that has specifically targeted Russia between September and December 2022, using various payloads deliver… |
| KAX17 | KAX17 | KAX17 is a sophisticated threat actor that has been active since at least 2017. They have operated hundreds of malicious servers within the Tor network, primar… |
| KAX17 | KAX17 | KAX17 is a sophisticated threat actor that has been active since at least 2017. They have operated hundreds of malicious servers within the Tor network, primar… |
| Kazu | Kazu | Kazu is a financially motivated ransomware group known for employing a double extortion model, targeting sectors such as healthcare and government. The group h… |
| KAZU | Kazu | Kazu is a financially motivated ransomware group known for employing a double extortion model, targeting sectors such as healthcare and government. The group h… |
| Keksec | Keksec | Keksec is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: The threat group behind EnemyBot, Keksec, is well-resourced and has the… |
| KEKSEC | Keksec | The threat group behind EnemyBot, Keksec, is well-resourced and has the ability to update and add new capabilities to its arsenal of malware on a daily basis (… |
| KELVINSECURITY | KelvinSecurity | KelvinSecurity is a hacker group that has been active since at least 2015. They are known for their hacktivist and black hat activities, targeting public and p… |
| Keymous+ | Keymous+ | Keymous is a threat actor known for executing extensive DDoS attacks across multiple Arab countries, targeting government ministries and critical infrastructur… |
| KEYMOUS | Keymous+ | Keymous is a threat actor known for executing extensive DDoS attacks across multiple Arab countries, targeting government ministries and critical infrastructur… |
| Killnet | Killnet | Killnet is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Government sector. Documented victim organisations… |
| KILLNET | Killnet | A group targeting various countries using Denial of Services attacked. |
| KIMSUKY | Kimsuky | This threat actor targets South Korean think tanks, industry, nuclear power operators, and the Ministry of Unification for espionage purposes. |
| Kinsing | Kinsing | This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear… |
| KINSING | Kinsing | This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear… |
| Kiss-a-Dog | Kiss-a-Dog | CrowdStrike identified a cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure. Called “Kiss-a-dog,” the campaign targets Docker and… |
| KISS-A-DOG | Kiss-a-Dog | CrowdStrike identified a cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure. Called “Kiss-a-dog,” the campaign targets Docker and… |
| KromSec | KromSec | KromSec is a hacktivist group that claims to be composed of hackers, activists, writers, and journalists. The group has been involved in a number of high-profi… |
| KROMSEC | KromSec | KromSec is a hacktivist group that claims to be composed of hackers, activists, writers, and journalists. The group has been involved in a number of high-profi… |
| Krybit | Krybit | Krybit is a ransomware group that operates as a ransomware-as-a-service provider, offering affiliates 80% of ransom proceeds in exchange for technical support … |
| KRYBIT | Krybit | Krybit is a ransomware group that operates as a ransomware-as-a-service provider, offering affiliates 80% of ransom proceeds in exchange for technical support … |
| LabHost | LabHost | LabHost is a threat actor group targeting Canadian Banks with Phishing-as-a-Service attacks. They have been observed using tools like LabRat and LabSend for re… |
| LABHOST | LabHost | LabHost is a threat actor group targeting Canadian Banks with Phishing-as-a-Service attacks. They have been observed using tools like LabRat and LabSend for re… |
| Lamashtu | Lamashtu | Lamashtu is a financially motivated data-theft and extortion group that emerged in mid-April 2026, operating a Tor-hosted leak site (Lamashtu[.]Blog) with coun… |
| LAMASHTU | Lamashtu | Lamashtu is a financially motivated data-theft and extortion group that emerged in mid-April 2026, operating a Tor-hosted leak site (Lamashtu[.]Blog) with coun… |
| Lancefly | Lancefly | Lancefly targets government, aviation, and telecom organizations in South and Southeast Asia. They use a custom backdoor named Merdoor, developed since 2018, a… |
| LANCEFLY | Lancefly | Lancefly targets government, aviation, and telecom organizations in South and Southeast Asia. They use a custom backdoor named Merdoor, developed since 2018, a… |
| LAPSUS | LAPSUS | LAPSUS is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as LAPSUS$, DEV-0537, SLIPPY SPIDER (and 3 more). Original rec… |
| LAPSUS | LAPSUS | An actor group conducting large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive element… |
| Larva-208 | Larva-208 | LARVA-208 is a financially motivated threat actor employing sophisticated phishing campaigns to harvest credentials and deploy ransomware. The actor uses multi… |