2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,001–1,050 of 1,546 in Other · page 21 of 31
| ID | Title | Summary |
|---|---|---|
| SHARK-SPIDER | SHARK SPIDER | This group's activity was first observed in November 2013. It leverages a banking Trojan more commonly known as Shylock which aims to compromise online banking… |
| SHARPPANDA | SharpPanda | SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phish… |
| ShinyHunters | ShinyHunters | ShinyHunters is a cybercriminal group of unknown origin that is motivated by financial gain. The group is known for its sophisticated attacks against a wide ra… |
| SHINYHUNTERS | ShinyHunters | ShinyHunters is a cybercriminal group of unknown origin that is motivated by financial gain. The group is known for its sophisticated attacks against a wide ra… |
| ShroudedSnooper | ShroudedSnooper | In September 2023, Cisco Talos identified a new malware family that it calls ‘HTTPSnoop’ being deployed against telecommunications providers in the Middle East… |
| SHROUDEDSNOOPER | ShroudedSnooper | In September 2023, Cisco Talos identified a new malware family that it calls ‘HTTPSnoop’ being deployed against telecommunications providers in the Middle East… |
| SIDECOPY | SideCopy | The SideCopy APT is a Pakistani threat actor that has been operating since at least 2019, mainly targeting South Asian countries and more specifically India an… |
| SiegedSec | SiegedSec | SiegedSec, a hacktivist collective, emerged coincidentally just days before Russia’s invasion of Ukraine. Under the leadership of the hacktivist known as “Your… |
| SIEGEDSEC | SiegedSec | SiegedSec, a hacktivist collective, emerged coincidentally just days before Russia’s invasion of Ukraine. Under the leadership of the hacktivist known as “Your… |
| Siesta | Siesta | FireEye recently looked deeper into the activity discussed in TrendMicro’s blog and dubbed the “Siesta” campaign. The tools, modus operandi, and infrastructure… |
| SIESTA | Siesta | FireEye recently looked deeper into the activity discussed in TrendMicro’s blog and dubbed the “Siesta” campaign. The tools, modus operandi, and infrastructure… |
| Silence group | Silence group | a relatively new threat actor that’s been operating since mid-2016 Group-IB has exposed the attacks committed by Silence cybercriminal group. While the gang ha… |
| SILENCE-GROUP | Silence group | a relatively new threat actor that’s been operating since mid-2016 Group-IB has exposed the attacks committed by Silence cybercriminal group. While the gang ha… |
| SILENT-CHOLLIMA | Silent Chollima | Andariel is a threat actor that primarily targets South Korean corporations and institutions. They are believed to collaborate with or operate as a subsidiary … |
| SILENT-LIBRARIAN | Silent Librarian | Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. Accordi… |
| SilitNetwork | SilitNetwork | SilitNetwork is a hacking group known for targeting high-profile entities, such as airlines, for various motives. They utilize sophisticated tactics to breach … |
| SILITNETWORK | SilitNetwork | SilitNetwork is a hacking group known for targeting high-profile entities, such as airlines, for various motives. They utilize sophisticated tactics to breach … |
| SILKFIN AGENCY | SILKFIN AGENCY | SILKFIN AGENCY has claimed responsibility for multiple significant data breaches, including the compromise of DimeCuba.com, which exposed over 1 million SMS re… |
| SILKFIN-AGENCY | SILKFIN AGENCY | SILKFIN AGENCY has claimed responsibility for multiple significant data breaches, including the compromise of DimeCuba.com, which exposed over 1 million SMS re… |
| SILKSPECTER | SilkSpecter | SilkSpecter is a Chinese financially motivated threat actor that orchestrates phishing campaigns targeting e-commerce shoppers, particularly during peak shoppi… |
| SilverFish | SilverFish | SilverFish is believed to be a Russian cyberespionage group that has been involved in various cyberattacks, including the use of the SolarWinds breach as an at… |
| SILVERFISH | SilverFish | SilverFish is believed to be a Russian cyberespionage group that has been involved in various cyberattacks, including the use of the SolarWinds breach as an at… |
| SILVERTERRIER | SilverTerrier | As these tools rise and fall in popularity (and more importantly, as detection rates by antivirus vendors improve), SilverTerrier actors have consistently adop… |
| SIMA | Sima | Sima is a group of suspected Iranian origin targeting Iranians in diaspora. In February 2016, Iran-focused individuals received messages purporting to be from … |
| SINGING SPIDER | SINGING SPIDER | |
| SINGING-SPIDER | SINGING SPIDER | |
| SingularityMD | SingularityMD | SingularityMD is a threat actor group that has targeted educational institutions in the US. They gained unauthorized access to their networks by exploiting wea… |
| SINGULARITYMD | SingularityMD | SingularityMD is a threat actor group that has targeted educational institutions in the US. They gained unauthorized access to their networks by exploiting wea… |
| Sinobi | Sinobi | Sinobi is a financially motivated ransomware group that employs data theft and extortion as primary tactics, operating a public-facing leak portal to pressure … |
| SINOBI | Sinobi | Sinobi is a financially motivated ransomware group that employs data theft and extortion as primary tactics, operating a public-facing leak portal to pressure … |
| SkidSec | SkidSec | SkidSec is a threat group that has engaged in operations targeting exposed printers in South Korea to disseminate North Korean propaganda, utilizing techniques… |
| SKIDSEC | SkidSec | SkidSec is a threat group that has engaged in operations targeting exposed printers in South Korea to disseminate North Korean propaganda, utilizing techniques… |
| SLIME29 | SLIME29 | |
| SLIME88 | SLIME88 | SLIME88 is a China-nexus APT that has exploited the critical vulnerability CVE-2026-34197 in Apache ActiveMQ to deploy SoxAgent RAT, compromising Linux devices… |
| Slingshot | Slingshot | While analysing an incident which involved a suspected keylogger, we identified a malicious library able to interact with a virtual file system, which is usual… |
| SLINGSHOT | Slingshot | While analysing an incident which involved a suspected keylogger, we identified a malicious library able to interact with a virtual file system, which is usual… |
| SlopAds | SlopAds | SlopAds is a sophisticated ad fraud and click fraud operation involving a collection of 224 apps, downloaded over 38 million times globally. The threat actors … |
| SLOPADS | SlopAds | SlopAds is a sophisticated ad fraud and click fraud operation involving a collection of 224 apps, downloaded over 38 million times globally. The threat actors … |
| SloppyLemming | SloppyLemming | SloppyLemming is an advanced actor that uses multiple cloud service providers to facilitate different aspects of their activities, such as credential harvestin… |
| SLOPPYLEMMING | SloppyLemming | SloppyLemming is an advanced actor that uses multiple cloud service providers to facilitate different aspects of their activities, such as credential harvestin… |
| SMISHING-TRIAD | Smishing Triad | The Smishing Triad is a Chinese-speaking threat group known for targeting postal services and their customers globally through smishing campaigns. They leverag… |
| SMOKY SPIDER | SMOKY SPIDER | SMOKY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: SMOKY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Ga… |
| SMOKY-SPIDER | SMOKY SPIDER | Mentioned as operator of SmokeLoader in CrowdStrike's 2020 Report. |
| SmugX | SmugX | The campaign, called SmugX, overlaps with previously reported activity by Chinese APT actors RedDelta and Mustang Panda. Although those two correlate to some e… |
| SMUGX | SmugX | The campaign, called SmugX, overlaps with previously reported activity by Chinese APT actors RedDelta and Mustang Panda. Although those two correlate to some e… |
| Snake Wine | Snake Wine | While investigating some of the smaller name servers that APT28/Sofacy routinely use to host their infrastructure, Cylance discovered another prolonged campaig… |
| SNAKE-WINE | Snake Wine | While investigating some of the smaller name servers that APT28/Sofacy routinely use to host their infrastructure, Cylance discovered another prolonged campaig… |
| SNEAKYCHEF | SneakyChef | SneakyChef is a threat actor known for using the SugarGh0st RAT to target government agencies, research institutions, and organizations worldwide. They have be… |
| SNOWGLOBE | SNOWGLOBE | In 2014, researchers at Kaspersky Lab discovered and reported on three zero-days that were being used in cyberattacks in the wild. Two of these zero-day vulner… |
| SNOWSOUL | SnowSoul | SnowSoul is a financially motivated threat actor active since at least early 2026, operating a low-ransom extortion scheme primarily targeting Chinese organiza… |