2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 801–850 of 1,546 in Other · page 17 of 31
| ID | Title | Summary |
|---|---|---|
| Operation Kabar Cobra | Operation Kabar Cobra | |
| OPERATION-KABAR-COBRA | Operation Kabar Cobra | |
| Operation Parliament | Operation Parliament | This threat actor uses spear-phishing techniques to target parliaments, government ministries, academics, and media organizations, primarily in the Middle East… |
| OPERATION-PARLIAMENT | Operation Parliament | This threat actor uses spear-phishing techniques to target parliaments, government ministries, academics, and media organizations, primarily in the Middle East… |
| Operation Poison Needles | Operation Poison Needles | What’s noteworthy is that according to the introduction on the compromised website of the polyclinic (http://www.p2f.ru), the institution was established in 19… |
| OPERATION-POISON-NEEDLES | Operation Poison Needles | What’s noteworthy is that according to the introduction on the compromised website of the polyclinic (http://www.p2f.ru), the institution was established in 19… |
| OPERATION-RED-SIGNATURE | Operation Red Signature | The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of inte… |
| OPERATION-SHADOW-FORCE | Operation Shadow Force | Operation Shadow Force is a group of malware that is representative of Shadow Force and Wgdrop from 2013 to 2020, and is a group activity that attacks Korean c… |
| Operation ShadowHammer | Operation ShadowHammer | Newly discovered supply chain attack that leveraged ASUS Live Update software. The goal of the attack was to surgically target an unknown pool of users, which … |
| OPERATION-SHADOWHAMMER | Operation ShadowHammer | Newly discovered supply chain attack that leveraged ASUS Live Update software. The goal of the attack was to surgically target an unknown pool of users, which … |
| Operation Sharpshooter | Operation Sharpshooter | The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and… |
| OPERATION-SHARPSHOOTER | Operation Sharpshooter | The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and… |
| Operation Soft Cell | Operation Soft Cell | In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor us… |
| OPERATION-SOFT-CELL | Operation Soft Cell | In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor us… |
| Operation Triangulation | Operation Triangulation | Operation Triangulation is an ongoing APT campaign targeting iOS devices with zero-click iMessage exploits. The threat actor behind the campaign has been activ… |
| OPERATION-TRIANGULATION | Operation Triangulation | Operation Triangulation is an ongoing APT campaign targeting iOS devices with zero-click iMessage exploits. The threat actor behind the campaign has been activ… |
| Operation WizardOpium | Operation WizardOpium | We are calling these attacks Operation WizardOpium. So far, we have been unable to establish a definitive link with any known threat actors. There are certain … |
| OPERATION-WIZARDOPIUM | Operation WizardOpium | We are calling these attacks Operation WizardOpium. So far, we have been unable to establish a definitive link with any known threat actors. There are certain … |
| Operation Wocao | Operation Wocao | Operation Wocao (我操, “Wǒ cāo”, used as “shit” or “damn”) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group. This… |
| OPERATION-WOCAO | Operation Wocao | Operation Wocao (我操, “Wǒ cāo”, used as “shit” or “damn”) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group. This… |
| Orangeworm | Orangeworm | Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large in… |
| ORANGEWORM | Orangeworm | Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large in… |
| OurMine | OurMine | OurMine is known for celebrity internet accounts, often causing cyber vandalism, to advertise their commercial services. (Trend Micro) In light of the recent r… |
| OURMINE | OurMine | OurMine is known for celebrity internet accounts, often causing cyber vandalism, to advertise their commercial services. (Trend Micro) In light of the recent r… |
| OUTLAW SPIDER | OUTLAW SPIDER | On May 7, 2019, Mayor Bernard “Jack” Young confirmed that the network for the U.S. City of Baltimore (CoB) was infected with ransomware, which was announced vi… |
| OUTLAW-SPIDER | OUTLAW SPIDER | On May 7, 2019, Mayor Bernard “Jack” Young confirmed that the network for the U.S. City of Baltimore (CoB) was infected with ransomware, which was announced vi… |
| OverFlame | OverFlame | OverFlame is a hacktivist group known for executing DDoS attacks and website defacements, primarily targeting government institutions and corporations in Europ… |
| OVERFLAME | OverFlame | OverFlame is a hacktivist group known for executing DDoS attacks and website defacements, primarily targeting government institutions and corporations in Europ… |
| OVERLORD SPIDER | OVERLORD SPIDER | OVERLORD SPIDER, aka The Dark Overlord. Similar to ransomware operators today, OVERLORD SPIDER likely purchased RDP access to compromised servers on undergroun… |
| OVERLORD-SPIDER | OVERLORD SPIDER | OVERLORD SPIDER, aka The Dark Overlord. Similar to ransomware operators today, OVERLORD SPIDER likely purchased RDP access to compromised servers on undergroun… |
| Pacha Group | Pacha Group | Antd is a miner found in the wild on September 18, 2018. Recently we discovered that the authors from Antd are actively delivering newer campaigns deploying a … |
| PACHA-GROUP | Pacha Group | Antd is a miner found in the wild on September 18, 2018. Recently we discovered that the authors from Antd are actively delivering newer campaigns deploying a … |
| Packrat | Packrat | A threat group that has been active for at least seven years has used malware, phishing and disinformation tactics to target activists, journalists, politician… |
| PACKRAT | Packrat | A threat group that has been active for at least seven years has used malware, phishing and disinformation tactics to target activists, journalists, politician… |
| PALE-PANDA | PALE PANDA | |
| PARINACOTA | PARINACOTA | One actor that has emerged in this trend of human-operated attacks is an active, highly adaptive group that frequently drops Wadhrama as payload. PARINACOTA i… |
| PARINACOTA | PARINACOTA | One actor that has emerged in this trend of human-operated attacks is an active, highly adaptive group that frequently drops Wadhrama as payload. PARINACOTA i… |
| PASSCV | PassCV | The PassCV group continues to be one of the most successful and active threat groups that leverage a wide array of stolen Authenticode-signing certificates. S… |
| Patched Lightning | Patched Lightning | Patched Lightning is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Storm-0113. Original record: Patched Lightning i… |
| PATCHED-LIGHTNING | Patched Lightning | |
| PayTool | PayTool | PayTool is a threat actor that operates a phishing ecosystem focused on traffic violation and fine payment scams targeting Canadians through SMS-based social e… |
| PAYTOOL | PayTool | PayTool is a threat actor that operates a phishing ecosystem focused on traffic violation and fine payment scams targeting Canadians through SMS-based social e… |
| PEARL-SLEET | Pearl Sleet | Pearl Sleet is a nation state activity group based in North Korea that has been active since at least 2012. They primarily target defectors from North Korea, m… |
| People's Cyber Army of Russia | People's Cyber Army of Russia | |
| PEOPLE-S-CYBER-ARMY-OF-RUSSIA | People's Cyber Army of Russia | |
| PERSWAYSION | PerSwaysion | PerSwaysion is a threat actor known for conducting phishing campaigns targeting high-level executives. They have been active since at least August 2019 and are… |
| PhantomControl | PhantomControl | PhantomControl is a sophisticated threat actor that emerged in November 2023. They utilize phishing emails as their initial infection vector and employ a Scree… |
| PHANTOMCONTROL | PhantomControl | PhantomControl is a sophisticated threat actor that emerged in November 2023. They utilize phishing emails as their initial infection vector and employ a Scree… |
| Phlox Tempest | Phlox Tempest | Phlox Tempest is a threat actor responsible for a large-scale click fraud campaign targeting users through YouTube comments and malicious ads. They use ChromeL… |
| PHLOX-TEMPEST | Phlox Tempest | Phlox Tempest is a threat actor responsible for a large-scale click fraud campaign targeting users through YouTube comments and malicious ads. They use ChromeL… |