2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 901–950 of 1,546 in Other · page 19 of 31
| ID | Title | Summary |
|---|---|---|
| RECKLESS-RABBIT | Reckless Rabbit | Reckless Rabbit lures victims into investment scams through malicious Facebook advertisements that lead to fake news articles with embedded web forms for perso… |
| Red Charon | Red Charon | Throughout 2019, multiple companies in the Taiwan high-tech ecosystem were victims of an advanced persistent threat (APT) attack. Due to these APT attacks havi… |
| RED-CHARON | Red Charon | Throughout 2019, multiple companies in the Taiwan high-tech ecosystem were victims of an advanced persistent threat (APT) attack. Due to these APT attacks havi… |
| RED-DEV-17 | Red Dev 17 | In 2021, PwC started tracking a series of intrusions under the moniker of Red Dev 17 that they assess were highly likely conducted by a China-based threat acto… |
| RED-MENSHEN | Red Menshen | Since 2021, Red Menshen, a China based threat actor, which has been observed targeting telecommunications providers across the Middle East and Asia, as well as… |
| RED-NUE | Red Nue | Red Nue, active since at least 2017, is known for its use of the multi-platform LootRAt backdoor, also known as ReverseWindow. LootRAT has variants for Windows… |
| Red-Lili | Red-Lili | RED-LILI is an active threat actor that has been identified by Checkmarx SCS research team. They have been publishing malicious packages on NPM and PyPi platfo… |
| RED-LILI | Red-Lili | RED-LILI is an active threat actor that has been identified by Checkmarx SCS research team. They have been publishing malicious packages on NPM and PyPi platfo… |
| RedAlpha | RedAlpha | Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. The campaigns, which we… |
| REDALPHA | RedAlpha | Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. The campaigns, which we… |
| RedDelta | RedDelta | Likely Chinese state-sponsored threat activity group RedDelta targeting organizations within Europe and Southeast Asia using a customized variant of the PlugX … |
| REDDELTA | RedDelta | Likely Chinese state-sponsored threat activity group RedDelta targeting organizations within Europe and Southeast Asia using a customized variant of the PlugX … |
| RedEcho | RedEcho | RedEcho is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: RedEcho: The group made heavy use of AXIOMATICASYMPTOTE — a term we us… |
| REDECHO | RedEcho | RedEcho: The group made heavy use of AXIOMATICASYMPTOTE — a term we use to track infrastructure that comprises ShadowPad C2s, which is shared between several C… |
| Redfly | Redfly | Redfly hacked a national electricity grid organization in Asia and maintained persistent access to the network for about six months. Researchers discovered evi… |
| REDFLY | Redfly | Redfly hacked a national electricity grid organization in Asia and maintained persistent access to the network for about six months. Researchers discovered evi… |
| REDGOLF | RedGolf | Recorded Future’s Insikt Group has identified a large cluster of new operational infrastructure associated with use of the custom Windows and Linux backdoor KE… |
| REDJULIETT | RedJuliett | RedJuliett is a likely Chinese state-sponsored threat actor targeting government, academic, technology, and diplomatic organizations in Taiwan. They exploit vu… |
| RedKitten | RedKitten | RedKitten is a campaign targeting Iranian interests, particularly NGOs and individuals documenting human rights abuses, first observed in January 2026. The mal… |
| REDKITTEN | RedKitten | RedKitten is a campaign targeting Iranian interests, particularly NGOs and individuals documenting human rights abuses, first observed in January 2026. The mal… |
| RedStinger | RedStinger | In October 2022, Kaspersky identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crim… |
| REDSTINGER | RedStinger | In October 2022, Kaspersky identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crim… |
| REF2924 | REF2924 | A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the resear… |
| REF5961 | REF5961 | Elastic's security team has published a report on REF5961, a cyber-espionage group they found on the network of a Foreign Affairs Ministry from a member of the… |
| REF5961 | REF5961 | Elastic's security team has published a report on REF5961, a cyber-espionage group they found on the network of a Foreign Affairs Ministry from a member of the… |
| REF7707 | REF7707 | REF7707 is a cyber campaign targeting government entities, particularly a foreign ministry in South America, utilizing malware families such as FinalDraft, Gui… |
| ResumeLooters | ResumeLooters | Since the beginning of 2023, ResumeLooters have been able to compromise at least 65 websites. The group employs a variety of simple techniques, including SQL i… |
| RESUMELOOTERS | ResumeLooters | Since the beginning of 2023, ResumeLooters have been able to compromise at least 65 websites. The group employs a variety of simple techniques, including SQL i… |
| Returned Libra | Returned Libra | Returned Libra, also known as 8220 Mining Group, is a cloud threat actor group that has been active since at least 2017. Tools commonly employed during their o… |
| RETURNED-LIBRA | Returned Libra | Returned Libra, also known as 8220 Mining Group, is a cloud threat actor group that has been active since at least 2017. Tools commonly employed during their o… |
| RevengeHotels | RevengeHotels | RevengeHotels is a targeted cybercrime campaign that has been active since 2015, primarily targeting hotels, hostels, and tourism companies. The threat actor u… |
| REVENGEHOTELS | RevengeHotels | RevengeHotels is a targeted cybercrime campaign that has been active since 2015, primarily targeting hotels, hostels, and tourism companies. The threat actor u… |
| RGB-TEAM | RGB-TEAM | RGB-TEAM is a previously unknown Russian-speaking threat actor. They describe themselves as “a community of anonymous hacktivists fighting for freedom.” The gr… |
| RGB-TEAM | RGB-TEAM | RGB-TEAM is a previously unknown Russian-speaking threat actor. They describe themselves as “a community of anonymous hacktivists fighting for freedom.” The gr… |
| RIDDLE SPIDER | RIDDLE SPIDER | RIDDLE SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: RIDDLE SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-… |
| RIDDLE-SPIDER | RIDDLE SPIDER | According to Crowdstrike, RIDDLE SPIDER is the operator behind the avaddon ransomware |
| RIPPERSEC | RipperSec | RipperSec is a pro-Palestinian, likely Malaysian hacktivist group created in June 2023, known for conducting DDoS attacks, data breaches, and defacements prima… |
| Roaming Mantis | Roaming Mantis | According to new research by Kaspersky's GReAT team, the online criminal activities of the Roaming Mantis Group have continued to evolve since they were first … |
| ROAMING-MANTIS | Roaming Mantis | According to new research by Kaspersky's GReAT team, the online criminal activities of the Roaming Mantis Group have continued to evolve since they were first … |
| Roaming Tiger | Roaming Tiger | Roaming Tiger is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as BRONZE WOODLAND, Rotten Tomato. Original record: Roa… |
| ROAMING-TIGER | Roaming Tiger | |
| Rocke | Rocke | This threat actor initially came to our attention in April 2018, leveraging both Western and Chinese Git repositories to deliver malware to honeypot systems vu… |
| ROCKE | Rocke | This threat actor initially came to our attention in April 2018, leveraging both Western and Chinese Git repositories to deliver malware to honeypot systems vu… |
| ROCKET-KITTEN | Rocket Kitten | Targets Saudi Arabia, Israel, US, Iran, high ranking defense officials, embassies of various target countries, notable Iran researchers, human rights activists… |
| ROMCOM | RomCom | ROMCOM is an evolving and sophisticated threat actor group that has been using the malware tool ROMCOM for espionage and financially motivated attacks. They ha… |
| RTM | RTM | There are several groups actively and profitably targeting businesses in Russia. A trend that we have seen unfold before our eyes lately is these cybercriminal… |
| RTM | RTM | There are several groups actively and profitably targeting businesses in Russia. A trend that we have seen unfold before our eyes lately is these cybercriminal… |
| RUBY-SLEET | Ruby Sleet | Ruby Sleet is a threat actor linked to North Korea's Ministry of State Security. Cerium has been involved in spear-phishing campaigns, compromising devices, an… |
| RUBYCARP | RUBYCARP | RUBYCARP is a financially-motivated threat actor group likely based in Romania, with a history of at least 10 years of activity. They operate a botnet using pu… |
| RUSKINET | RuskiNet | RuskiNet is a pro-Russian hacktivist collective associated with disruptive operations including DDoS attacks, website defacements, phishing, and data leaks aga… |