2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,051–1,100 of 1,546 in Other · page 22 of 31
| ID | Title | Summary |
|---|---|---|
| SOLAR SPIDER | SOLAR SPIDER | SOLAR SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: SOLAR SPIDER’s phishing campaigns deliver the JSOutProx RAT to fi… |
| SOLAR-SPIDER | SOLAR SPIDER | SOLAR SPIDER’s phishing campaigns deliver the JSOutProx RAT to financial institutions across Africa, the Middle East, South Asia and Southeast Asia. |
| SOLNTSEPEK | Solntsepek | Solntsepek is a threat actor group with ties to the Russian military unit GRU. They have claimed responsibility for a cyberattack on Kyivstar, a Ukrainian mobi… |
| SongXY | SongXY | SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2… |
| SONGXY | SongXY | SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2… |
| Sowbug | Sowbug | Sowbug has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign… |
| SOWBUG | Sowbug | Sowbug has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign… |
| Sp1d3r | Sp1d3r | Sp1d3r, a threat actor, has been involved in multiple data breaches targeting companies like Truist Bank, Cylance, and Advance Auto Parts. They have stolen and… |
| SP1D3R | Sp1d3r | Sp1d3r, a threat actor, has been involved in multiple data breaches targeting companies like Truist Bank, Cylance, and Advance Auto Parts. They have stolen and… |
| SPACEBEARS | SpaceBears | SpaceBears is a ransomware group believed to be based in Moscow, Russia, that has taken credit for several high-profile cyberattacks while primarily operating … |
| SparklingGoblin | SparklingGoblin | ESET researchers have discovered a new undocumented modular backdoor, SideWalk, being used by an APT group they’ve named SparklingGoblin; this backdoor was use… |
| SPARKLINGGOBLIN | SparklingGoblin | ESET researchers have discovered a new undocumented modular backdoor, SideWalk, being used by an APT group they’ve named SparklingGoblin; this backdoor was use… |
| SPICY-PANDA | SPICY PANDA | |
| SPIKEDWINE | SPIKEDWINE | SPIKEDWINE is a threat actor targeting European officials with a new backdoor called WINELOADER. They use a bait PDF document posing as an invitation letter fr… |
| SPIKEDWINE | SPIKEDWINE | SPIKEDWINE is a threat actor targeting European officials with a new backdoor called WINELOADER. They use a bait PDF document posing as an invitation letter fr… |
| STAC5143 | STAC5143 | STAC5143 is a threat actor group tracked by Sophos, notable for its sophisticated use of Microsoft Office 365's legitimate services to conduct ransomware and d… |
| STAC5143 | STAC5143 | STAC5143 is a threat actor group tracked by Sophos, notable for its sophisticated use of Microsoft Office 365's legitimate services to conduct ransomware and d… |
| STARDUST CHOLLIMA | STARDUST CHOLLIMA | Open-source reporting has claimed that the Hermes ransomware was developed by the North Korean group STARDUST CHOLLIMA (activities of which have been public re… |
| STARDUST-CHOLLIMA | STARDUST CHOLLIMA | Open-source reporting has claimed that the Hermes ransomware was developed by the North Korean group STARDUST CHOLLIMA (activities of which have been public re… |
| Stargazer Goblin | Stargazer Goblin | Stargazer Goblin is a threat actor group that operates the Stargazers Ghost Network on GitHub, distributing malware and malicious links through multiple accoun… |
| STARGAZER-GOBLIN | Stargazer Goblin | Stargazer Goblin is a threat actor group that operates the Stargazers Ghost Network on GitHub, distributing malware and malicious links through multiple accoun… |
| Starry Addax | Starry Addax | Starry Addax is a threat actor targeting human rights activists associated with the Sahrawi Arab Democratic Republic using a novel mobile malware called FlexSt… |
| STARRY-ADDAX | Starry Addax | Starry Addax is a threat actor targeting human rights activists associated with the Sahrawi Arab Democratic Republic using a novel mobile malware called FlexSt… |
| STEALTH-FALCON | Stealth Falcon | This threat actor targets civil society groups and Emirati journalists, activists, and dissidents. |
| STORM-CLOUD | Storm Cloud | Storm Cloud is a Chinese espionage threat actor known for targeting organizations across Asia, particularly Tibetan organizations and individuals. They use a v… |
| STORM-0062 | Storm-0062 | The cyberattack campaign that Microsoft uncovered was launched by a China-linked hacking group called Storm-0062. According to the company, the group is launch… |
| Storm-0249 | Storm-0249 | Storm-0249 is an access broker active since 2021, known for distributing BazaLoader, IcedID, Bumblebee, and Emotet malware. The actor primarily employs phishin… |
| STORM-0249 | Storm-0249 | Storm-0249 is an access broker active since 2021, known for distributing BazaLoader, IcedID, Bumblebee, and Emotet malware. The actor primarily employs phishin… |
| Storm-0324 | Storm-0324 | The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors … |
| STORM-0324 | Storm-0324 | The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors … |
| STORM-0381 | Storm-0381 | Storm-0381 is a threat actor identified by Microsoft as a Russian cybercrime group. They are known for their use of malvertising to deploy Magniber, a type of … |
| STORM-0473 | Storm-0473 | Storm-0473 (Tomiris) is a threat actor that has been active since at least 2019. They primarily target government and diplomatic entities in the Commonwealth o… |
| Storm-0494 | Storm-0494 | Storm-0494 is a threat actor that facilitates Gootloader infections, which are then exploited by groups like Vice Society to deploy tools such as the Supper ba… |
| STORM-0494 | Storm-0494 | Storm-0494 is a threat actor that facilitates Gootloader infections, which are then exploited by groups like Vice Society to deploy tools such as the Supper ba… |
| Storm-0501 | Storm-0501 | Storm-0501 is a financially motivated cybercriminal group that has been active since 2021, initially targeting US school districts with the Sabbath ransomware … |
| STORM-0501 | Storm-0501 | Storm-0501 is a financially motivated cybercriminal group that has been active since 2021, initially targeting US school districts with the Sabbath ransomware … |
| Storm-0506 | Storm-0506 | Storm-0506 (DEV-0506) is a financially motivated cybercriminal group operating as a core affiliate within the Black Basta ransomware-as-a-service (RaaS) ecosys… |
| STORM-0506 | Storm-0506 | Storm-0506 (DEV-0506) is a financially motivated cybercriminal group operating as a core affiliate within the Black Basta ransomware-as-a-service (RaaS) ecosys… |
| STORM-0530 | Storm-0530 | H0lyGh0st is a North Korean threat actor that has been active since June 2021. They are responsible for developing and deploying the H0lyGh0st ransomware, whic… |
| Storm-0539 | Storm-0539 | Storm-0539 is a financially motivated threat actor that has been active since at least 2021. They primarily target retail organizations for gift card fraud and… |
| STORM-0539 | Storm-0539 | Storm-0539 is a financially motivated threat actor that has been active since at least 2021. They primarily target retail organizations for gift card fraud and… |
| STORM-0558 | Storm-0558 | Storm-0558 is a China-based threat actor with espionage objectives. While there are some minimal overlaps with other Chinese groups such as Violet Typhoon (ZIR… |
| Storm-0826 | Storm-0826 | Storm-0826 is a financially motivated cybercriminal group operating as an affiliate within the Black Basta ransomware-as-a-service (RaaS) ecosystem. This actor… |
| STORM-0826 | Storm-0826 | Storm-0826 is a financially motivated cybercriminal group operating as an affiliate within the Black Basta ransomware-as-a-service (RaaS) ecosystem. This actor… |
| Storm-0829 | Storm-0829 | Nwgen is a group that focuses on data exfiltration and ransomware activities. They have been found to share techniques with other threat groups such as Karakur… |
| STORM-0829 | Storm-0829 | Nwgen is a group that focuses on data exfiltration and ransomware activities. They have been found to share techniques with other threat groups such as Karakur… |
| Storm-0835 | Storm-0835 | Cybercriminals have launched a phishing campaign targeting senior executives in U.S. firms, using the EvilProxy phishing toolkit for credential harvesting and … |
| STORM-0835 | Storm-0835 | Cybercriminals have launched a phishing campaign targeting senior executives in U.S. firms, using the EvilProxy phishing toolkit for credential harvesting and … |
| STORM-0867 | Storm-0867 | Storm-0867 is a threat actor that has been active since 2012 and has targeted various industries and regions. They employ sophisticated phishing campaigns, uti… |
| STORM-0940 | Storm-0940 | Storm-0940 is a Chinese threat actor active since at least 2021, known for gaining initial access through password spray and brute-force attacks, as well as ex… |