2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 951–1,000 of 1,546 in Other · page 20 of 31
| ID | Title | Summary |
|---|---|---|
| RUTHLESS-RABBIT | Ruthless Rabbit | Ruthless Rabbit has been running investment scam campaigns since November 2022, primarily targeting users in Russia, Poland, Romania, and Kazakhstan. The actor… |
| Saad Tycoon | Saad Tycoon | Saad Tycoon is the operator and alleged developer of the Tycoon 2FA PhaaS, a phishing service that targets users for financial gain. The actor utilizes Bitcoin… |
| SAAD-TYCOON | Saad Tycoon | Saad Tycoon is the operator and alleged developer of the Tycoon 2FA PhaaS, a phishing service that targets users for financial gain. The actor utilizes Bitcoin… |
| SABRE-PANDA | SABRE PANDA | |
| SAINTBEAR | SaintBear | A group targeting UA state organizations using the GraphSteel and GrimPlant malware. |
| SALTY SPIDER | SALTY SPIDER | Beginning in January 2018 and persisting through the first half of the year, CrowdStrike Intelligence observed SALTY SPIDER, developer and operator of the long… |
| SALTY-SPIDER | SALTY SPIDER | Beginning in January 2018 and persisting through the first half of the year, CrowdStrike Intelligence observed SALTY SPIDER, developer and operator of the long… |
| SAMBASPIDER | SAMBASPIDER | SAMBASPIDER is a threat actor associated to the Mispadu malware. On July 24, USDoD allegedly scraped and leaked a 100,000-line Indicator of Compromise list fro… |
| SAMBASPIDER | SAMBASPIDER | SAMBASPIDER is a threat actor associated to the Mispadu malware. On July 24, USDoD allegedly scraped and leaked a 100,000-line Indicator of Compromise list fro… |
| SAMURAI-PANDA | SAMURAI PANDA | |
| SandCat | SandCat | SandCat, on the other hand, is a group that was discovered more recently by Kaspersky. One of the Windows vulnerabilities patched by Microsoft in December had … |
| SANDCAT | SandCat | SandCat, on the other hand, is a group that was discovered more recently by Kaspersky. One of the Windows vulnerabilities patched by Microsoft in December had … |
| SANDMAN-APT | Sandman APT | First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifically STO… |
| SANDS-CASINO | Sands Casino | |
| SANDWORM | Sandworm | This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial … |
| SATH-M-DAFAA | Sath-ı Müdafaa | A Turkish hacking group, Sath-ı Müdafaa, is encouraging individuals to join its DDoS-for-Points platform that features points and prizes for carrying out distr… |
| ScamClub | ScamClub | ScamClub is a threat actor involved in malvertising activities since 2018. They target the Mobile Web market segment, particularly on iOS devices, where securi… |
| SCAMCLUB | ScamClub | ScamClub is a threat actor involved in malvertising activities since 2018. They target the Mobile Web market segment, particularly on iOS devices, where securi… |
| SCARAB | Scarab | Scarab APT was first spotted in 2015, but is believed to have been active since at least 2012, conducting surgical attacks against a small number of individual… |
| SCARLET-MIMIC | Scarlet Mimic | Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group’s mo… |
| SCARLETEEL | SCARLETEEL | SCARLETEEL is a threat actor that primarily targets cloud environments, specifically AWS and Kubernetes. They have been observed stealing proprietary data and … |
| SCARLETEEL | SCARLETEEL | SCARLETEEL is a threat actor that primarily targets cloud environments, specifically AWS and Kubernetes. They have been observed stealing proprietary data and … |
| SCARRED-MANTICORE | Scarred Manticore | Scarred Manticore has been pursuing high-value targets for years, utilizing a variety of IIS-based backdoors to attack Windows servers. These include a variety… |
| SCATTERED-CANARY | Scattered Canary | When the first member of Scattered Canary, who, for the purposes of this report, we call Alpha, began his operations, he was a lone wolf—working mostly Craigsl… |
| Scattered Spider | Scattered Spider | Scattered Spider is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as UNC3944, Muddled Libra, Oktapus (and 7 more). Ori… |
| SCATTERED-SPIDER | Scattered Spider | Scattered Spider, a highly active hacking group, has made headlines by targeting more than 130 organizations, with the number of victims steadily increasing. |
| ScreamedJungle | ScreamedJungle | ScreamedJungle is a threat actor that exploits vulnerabilities in outdated Magento e-commerce platforms to inject malicious JavaScript code, specifically Bablo… |
| SCREAMEDJUNGLE | ScreamedJungle | ScreamedJungle is a threat actor that exploits vulnerabilities in outdated Magento e-commerce platforms to inject malicious JavaScript code, specifically Bablo… |
| Scripted Sparrow | Scripted Sparrow | Scripted Sparrow is a prolific Business Email Compromise (BEC) collective that conducts highly targeted phishing campaigns, impersonating professional services… |
| SCRIPTED-SPARROW | Scripted Sparrow | Scripted Sparrow is a prolific Business Email Compromise (BEC) collective that conducts highly targeted phishing campaigns, impersonating professional services… |
| SCULLY SPIDER | SCULLY SPIDER | SCULLY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: SCULLY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-… |
| SCULLY-SPIDER | SCULLY SPIDER | Mentioned as operator of DanaBot in CrowdStrike's 2020 Report. |
| SEA-TURTLE | Sea Turtle | This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily nati… |
| SEXi | SEXi | SEXi is a ransomware group that targets VMware ESXi servers, encrypting data and demanding ransom payments. They have been observed encrypting virtual machines… |
| SEXI | SEXi | SEXi is a ransomware group that targets VMware ESXi servers, encrypting data and demanding ransom payments. They have been observed encrypting virtual machines… |
| Shadow Network | Shadow Network | Shadows in the Cloud documents a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer networ… |
| SHADOW-NETWORK | Shadow Network | Shadows in the Cloud documents a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer networ… |
| SHADOW-AETHER-015 | SHADOW-AETHER-015 | SHADOW-AETHER-015 is a highly adaptable cybercriminal group known for identity abuse and cloud compromise, primarily targeting identity and access management s… |
| SHADOW-AETHER-015 | SHADOW-AETHER-015 | SHADOW-AETHER-015 is a highly adaptable cybercriminal group known for identity abuse and cloud compromise, primarily targeting identity and access management s… |
| SHADOW-EARTH-053 | Shadow-Earth-053 | SHADOW-EARTH-053 is a China-aligned threat group exploiting unpatched Microsoft Exchange Server vulnerabilities, specifically CVE-2021-26855, to conduct cybere… |
| SHADOW-VOID-042 | SHADOW-VOID-042 | SHADOW-VOID-042 is a provisional intrusion set tracked by Trend Micro, active in October-November 2025, conducting spear-phishing campaigns against energy, def… |
| SHADOW-VOID-042 | SHADOW-VOID-042 | SHADOW-VOID-042 is a provisional intrusion set tracked by Trend Micro, active in October-November 2025, conducting spear-phishing campaigns against energy, def… |
| SHADOW-WATER-063 | SHADOW-WATER-063 | SHADOW-WATER-063 is a financially motivated threat actor attributed to the Banana RAT banking trojan, primarily targeting Brazilian financial accounts. Analysi… |
| ShadowSyndicate | ShadowSyndicate | ShadowSyndicate is a threat actor associated with various ransomware groups, using a consistent Secure Shell fingerprint across multiple servers. They have bee… |
| SHADOWSYNDICATE | ShadowSyndicate | ShadowSyndicate is a threat actor associated with various ransomware groups, using a consistent Secure Shell fingerprint across multiple servers. They have bee… |
| ShadyPanda | ShadyPanda | ShadyPanda is a threat actor behind a 7-year campaign that has infected 4.3 million users through extensions masquerading as productivity tools while functioni… |
| SHADYPANDA | ShadyPanda | ShadyPanda is a threat actor behind a 7-year campaign that has infected 4.3 million users through extensions masquerading as productivity tools while functioni… |
| SHAGGYPANTHER | ShaggyPanther | ShaggyPanther is a threat actor that primarily targets government entities in Taiwan and Malaysia. They have been active since 2008 and utilize hidden encrypte… |
| SHAHID-HEMMAT | Shahid Hemmat | Shahid Hemmat is an IRGC-CEC affiliated hacking group linked to cyberattacks targeting U.S. critical infrastructure, including the defense industry and interna… |
| SHAMOON-GROUP | Shamoon Group | Shamoon Group is an Iran-linked threat actor associated with destructive Shamoon wiper operations targeting organizations in the Middle East, especially in the… |