2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 751–800 of 1,546 in Other · page 16 of 31
| ID | Title | Summary |
|---|---|---|
| NARWHAL SPIDER | NARWHAL SPIDER | NARWHAL SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as GOLD ESSEX, TA544, Storm-0302. Original record: NAR… |
| NARWHAL-SPIDER | NARWHAL SPIDER | NARWHAL SPIDER’s operation of Cutwail v2 was limited to country-specific spam campaigns, although late in 2019 there appeared to be an effort to expand by brin… |
| Natohub | Natohub | Natohub is a hacker who claimed to have stolen 42,000 documents from the UN’s International Civil Aviation Organization and is offering the data for sale on un… |
| NATOHUB | Natohub | Natohub is a hacker who claimed to have stolen 42,000 documents from the UN’s International Civil Aviation Organization and is offering the data for sale on un… |
| Nazar | Nazar | This actor was identified by Juan Andres Guerrero-Saade from the SIG37 cluster as published in the ShadowBrokers' 'Lost in Translation' leak. Earliest known si… |
| NAZAR | Nazar | This actor was identified by Juan Andres Guerrero-Saade from the SIG37 cluster as published in the ShadowBrokers' 'Lost in Translation' leak. Earliest known si… |
| NB65 | NB65 | NB65 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Network Battalion 65. Original record: Network Battalion 65 i… |
| NB65 | NB65 | Network Battalion 65 is an hactivist group with ties to Anonymous, known for attacking Russian companies and performing hack-and-leak operations. |
| NEODYMIUM | NEODYMIUM | NEODYMIUM is an activity group that is known to use a backdoor malware detected by Microsoft as Wingbird. This backdoor’s characteristics closely match FinFish… |
| NEODYMIUM | NEODYMIUM | NEODYMIUM is an activity group that is known to use a backdoor malware detected by Microsoft as Wingbird. This backdoor’s characteristics closely match FinFish… |
| NetRunnerPR | NetRunnerPR | NetRunnerPR has claimed to breach the networks of Shiraume Hospital and Nippon Medical School Musashi Kosugi Hospital in Japan, exfiltrating patient PII and me… |
| NETRUNNERPR | NetRunnerPR | NetRunnerPR has claimed to breach the networks of Shiraume Hospital and Nippon Medical School Musashi Kosugi Hospital in Japan, exfiltrating patient PII and me… |
| NewsPenguin | NewsPenguin | NewsPenguin is threat actor that has been targeting organizations in Pakistan. They use a complex payload delivery mechanism and exploit the upcoming Pakistan … |
| NEWSPENGUIN | NewsPenguin | NewsPenguin is threat actor that has been targeting organizations in Pakistan. They use a complex payload delivery mechanism and exploit the upcoming Pakistan … |
| Nexus Zeta | Nexus Zeta | Nexus Zeta is no stranger when it comes to implementing SOAP related exploits. The threat actor has already been observed in implementing two other known SOAP … |
| NEXUS-ZETA | Nexus Zeta | Nexus Zeta is no stranger when it comes to implementing SOAP related exploits. The threat actor has already been observed in implementing two other known SOAP … |
| NICKEL-ALLEY | Nickel Alley | NICKEL ALLEY is a North Korean threat group that targets technology professionals through fake job opportunities, employing social engineering tactics such as … |
| NIGHT-DRAGON | Night Dragon | |
| NIGHTEAGLE | NightEagle | NightEagle is an advanced Threat Actor that targeted China's High-Tech Industry and Military Organisation, leveraging sophisticated techniques, 0 days, and spe… |
| NITRO | Nitro | These attackers were the subject of an extensive report by Symantec in 2011, which termed the attackers Nitro and stated: 'The goal of the attackers appears to… |
| NOCTURNAL SPIDER | NOCTURNAL SPIDER | NOCTURNAL SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: NOCTURNAL SPIDER is a threat actor catalogued by MISP-Galaxy … |
| NOCTURNAL-SPIDER | NOCTURNAL SPIDER | Mentioned as MaaS operator in CrowdStrike's 2020 Report. |
| NOMAD PANDA | NOMAD PANDA | NOMAD PANDA is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: In the first quarter of 2018, CrowdStrike Intelligence identified … |
| NOMAD-PANDA | NOMAD PANDA | In the first quarter of 2018, CrowdStrike Intelligence identified NOMAD PANDA activity targeting Central Asian nations with exploit documents built with the 8.… |
| NoName057(16) | NoName057(16) | NoName057(16) is performing DDoS attacks on websites belonging to governments, news agencies, armies, suppliers, telecommunications companies, transportation a… |
| NONAME057-16 | NoName057(16) | NoName057(16) is performing DDoS attacks on websites belonging to governments, news agencies, armies, suppliers, telecommunications companies, transportation a… |
| NOTROBIN | NOTROBIN | Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effe… |
| NOTROBIN | NOTROBIN | Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effe… |
| Nullbulge | Nullbulge | NullBulge is a cybercriminal threat group targeting AI and gaming focused entities. They weaponize code in publicly available repositories to distribute malwar… |
| NULLBULGE | Nullbulge | NullBulge is a cybercriminal threat group targeting AI and gaming focused entities. They weaponize code in publicly available repositories to distribute malwar… |
| NyxarGroup | NyxarGroup | NyxarGroup is a threat actor involved in a coordinated data brokerage ecosystem across Latin America, primarily targeting government infrastructure. They have … |
| NYXARGROUP | NyxarGroup | NyxarGroup is a threat actor involved in a coordinated data brokerage ecosystem across Latin America, primarily targeting government infrastructure. They have … |
| OilAlpha | OilAlpha | OilAlpha has almost exclusively relied on infrastructure associated with the Public Telecommunication Corporation (PTC), a Yemeni government-owned enterprise r… |
| OILALPHA | OilAlpha | OilAlpha has almost exclusively relied on infrastructure associated with the Public Telecommunication Corporation (PTC), a Yemeni government-owned enterprise r… |
| OILRIG | OilRig | OilRig is an Iranian threat group operating primarily in the Middle East by targeting organizations in this region that are in a variety of different industrie… |
| OLDGREMLIN | OldGremlin | OldGremlin is a Russian-speaking ransomware group that has been active for several years. They primarily target organizations in Russia, including banks, logis… |
| ONIONDOG | OnionDog | This threat actor targets the South Korean government, transportation, and energy sectors. |
| OPAL-SLEET | Opal Sleet | Konni is a threat actor associated with APT37, a North Korean cyber crime group. They have been active since 2012 and are known for their cyber-espionage activ… |
| OPERATION-BUGDROP | Operation BugDrop | This threat actor targets critical infrastructure entities in the oil and gas sector, primarily in Ukraine. The threat actors deploy the BugDrop malware to rem… |
| OPERATION-C-MAJOR | Operation C-Major | Group targeting Indian Army or related assets in India, as well as activists and civil society in Pakistan. Attribution to a Pakistani connection has been made… |
| Operation Cobalt Whisper | Operation Cobalt Whisper | |
| OPERATION-COBALT-WHISPER | Operation Cobalt Whisper | |
| Operation Comando | Operation Comando | Operation Comando is a pure cybercrime campaign, possibly with Brazilian origin, with a concrete and persistent focus on the hospitality sector, which proves h… |
| OPERATION-COMANDO | Operation Comando | Operation Comando is a pure cybercrime campaign, possibly with Brazilian origin, with a concrete and persistent focus on the hospitality sector, which proves h… |
| OPERATION-DRBCONTROL | Operation DRBControl | Operation DRBControl is a cyberespionage campaign targeting gambling companies in Southeast Asia, first identified in 2019. The operation involves the use of H… |
| OPERATION-EMMENTAL | Operation Emmental | Operation Emmental, also known as the Retefe gang, is a threat actor group that has been active since at least 2012. They primarily target customers of banks i… |
| Operation ForumTroll | Operation ForumTroll | Operation ForumTroll is a sophisticated cyber espionage campaign discovered by Kaspersky in mid-March 2025. The attack exploited a zero-day vulnerability in Go… |
| OPERATION-FORUMTROLL | Operation ForumTroll | Operation ForumTroll is a sophisticated cyber espionage campaign discovered by Kaspersky in mid-March 2025. The attack exploited a zero-day vulnerability in Go… |
| Operation Ghoul | Operation Ghoul | Operation Ghoul is a profit-driven threat actor that targeted over 130 organizations in 30 countries, primarily in the industrial and engineering sectors. They… |
| OPERATION-GHOUL | Operation Ghoul | Operation Ghoul is a profit-driven threat actor that targeted over 130 organizations in 30 countries, primarily in the industrial and engineering sectors. They… |