2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,251–1,300 of 1,546 in Other · page 26 of 31
| ID | Title | Summary |
|---|---|---|
| THE-SHADOW-BROKERS | The Shadow Brokers | The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Se… |
| TheDarkOverlord | TheDarkOverlord | TheDarkOverlord is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: The Dark Overlord is a financially motivated ransomware group … |
| THEDARKOVERLORD | TheDarkOverlord | The Dark Overlord is a financially motivated ransomware group that has been active since 2016. The group is known for targeting large organizations, including … |
| TheWizards | TheWizards | TheWizards is a China-aligned APT group that employs the Spellbinder tool for adversary-in-the-middle attacks, utilizing IPv6 SLAAC spoofing to redirect legiti… |
| THEWIZARDS | TheWizards | TheWizards is a China-aligned APT group that employs the Spellbinder tool for adversary-in-the-middle attacks, utilizing IPv6 SLAAC spoofing to redirect legiti… |
| Threat Actor 888 | Threat Actor 888 | Threat Actor 888 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Threat actor 888 is a hacker active in 2024, targeting compan… |
| THREAT-ACTOR-888 | Threat Actor 888 | Threat actor 888 is a hacker active in 2024, targeting companies for data breaches. They've hit Microsoft, BMW (Hong Kong), and others in tech, freight, and oi… |
| Threatsec | Threatsec | ThreatSec is a hacktivist group that has targeted various organizations, including internet service providers in Gaza. They claim to fight for the rights and f… |
| THREATSEC | Threatsec | ThreatSec is a hacktivist group that has targeted various organizations, including internet service providers in Gaza. They claim to fight for the rights and f… |
| Thrip | Thrip | Thrip is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0076, ATK78. Operational targeting focuses on the Private s… |
| THRIP | Thrip | This threat actor targets organizations in the satellite communications, telecommunications, geospatial-imaging, and defense sectors in the United States and S… |
| TIANWU | TianWu | |
| TICK | Tick | Tick is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group appears to have close ties to the Chinese Natio… |
| TIDRONE | TIDRONE | TIDRONE is an unidentified threat actor linked to Chinese-speaking groups, with a focus on military-related industry chains, particularly drone manufacturers i… |
| TILTEDTEMPLE | TiltedTemple | One of their notable tools is a custom backdoor called SockDetour, which operates filelessly and socketlessly on compromised Windows servers. The group's activ… |
| TINY SPIDER | TINY SPIDER | TINY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: According to CrowdStrike, this actor is using TinyLoader and TinyP… |
| TINY-SPIDER | TINY SPIDER | According to CrowdStrike, this actor is using TinyLoader and TinyPOS, potentially buying access through Dridex infections. |
| ToddyCat | ToddyCat | ToddyCat is responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. There is still little infor… |
| TODDYCAT | ToddyCat | ToddyCat is responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. There is still little infor… |
| TONTO-TEAM | Tonto Team | Tonto Team is a Chinese-speaking APT group that has been active since at least 2013. They primarily target military, diplomatic, and infrastructure organizatio… |
| TORTOISESHELL | Tortoiseshell | A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain … |
| TOXCAR CYBER TEAM | TOXCAR CYBER TEAM | The Toxcar Cyber Team has claimed responsibility for a data leak involving Mastercard, asserting that the attack targeted the U.S. site and providing screensho… |
| TOXCAR-CYBER-TEAM | TOXCAR CYBER TEAM | The Toxcar Cyber Team has claimed responsibility for a data leak involving Mastercard, asserting that the attack targeted the U.S. site and providing screensho… |
| TOXIC-PANDA | TOXIC PANDA | A group targeting dissident groups in China and at the boundaries. |
| TRACER-KITTEN | TRACER KITTEN | In April 2020, Crowstrike Falcon OverWatch discovered Iran-based adversary TRACER KITTEN conducting malicious interactive activity against multiple hosts at a … |
| TRADERTRAITOR | TraderTraitor | TraderTraitor targets blockchain companies through spear-phishing messages. The group sends these messages to employees, particularly those in system administr… |
| TRAVELING SPIDER | TRAVELING SPIDER | Crowdstrike Tracks the criminal developer of Nemty ransomware as TRAVELING SPIDER. The actor has been observed to take advantage of single-factor authenticatio… |
| TRAVELING-SPIDER | TRAVELING SPIDER | Crowdstrike Tracks the criminal developer of Nemty ransomware as TRAVELING SPIDER. The actor has been observed to take advantage of single-factor authenticatio… |
| TridentLocker | TridentLocker | TridentLocker is a ransomware group known for targeting organizations that manage high volumes of regulated or third-party data, including government services … |
| TRIDENTLOCKER | TridentLocker | TridentLocker is a ransomware group known for targeting organizations that manage high volumes of regulated or third-party data, including government services … |
| TRIPLESTRENGTH | TRIPLESTRENGTH | TRIPLESTRENGTH is a financially motivated threat actor targeting cloud environments and on-premises infrastructures for cryptojacking, ransomware, and extortio… |
| TRIPLESTRENGTH | TRIPLESTRENGTH | TRIPLESTRENGTH is a financially motivated threat actor targeting cloud environments and on-premises infrastructures for cryptojacking, ransomware, and extortio… |
| TSTARK | Tstark | TStark is a threat actor identified by X-Ops, associated with a cluster of devices that executed the bookmark buffer overflow exploit targeting CVE-2020-15069 … |
| TUNNELSNAKE | TunnelSnake | The TunnelSnake campaign demonstrates the activity of a sophisticated actor that invests significant resources in designing an evasive toolset and infiltrating… |
| TURKHACKTEAM | TurkHackTeam | Founded in 2004, Turkhackteam is one of Turkey’s oldest and most high-profile hacking collectives. According to a list compiled on Turkhackteam’s forum, the gr… |
| TURLA | Turla | A 2014 Guardian article described Turla as: 'Dubbed the Turla hackers, initial intelligence had indicated western powers were key targets, but it was later det… |
| TwoSail Junk | TwoSail Junk | TwoSail Junk directs visitors to its exploit site by posting links within the threads of forum discussions, or creating new topic threads of their own. To date… |
| TWOSAIL-JUNK | TwoSail Junk | TwoSail Junk directs visitors to its exploit site by posting links within the threads of forum discussions, or creating new topic threads of their own. To date… |
| UAC-0006 | UAC-0006 | UAC-0006 is a financially motivated threat actor that has been active since at least 2013. They primarily target Ukrainian organizations, particularly accounta… |
| UAC-0006 | UAC-0006 | UAC-0006 is a financially motivated threat actor that has been active since at least 2013. They primarily target Ukrainian organizations, particularly accounta… |
| UAC-0020 | UAC-0020 | Vermin is a threat actor group linked to the Luhansk People’s Republic and believed to be acting on behalf of the Kremlin. They have targeted Ukrainian governm… |
| UAC-0050 | UAC-0050 | UAC-0050 is a threat actor that has been active since 2020, targeting government agencies in Ukraine. They have been distributing the Remcos RAT malware throug… |
| UAC-0050 | UAC-0050 | UAC-0050 is a threat actor that has been active since 2020, targeting government agencies in Ukraine. They have been distributing the Remcos RAT malware throug… |
| UAC-0063 | UAC-0063 | UAC-0063 is a threat actor linked to Russian APT28, known for targeting government entities in Ukraine and Central Asia for cyber espionage operations. They ut… |
| UAC-0063 | UAC-0063 | UAC-0063 is a threat actor linked to Russian APT28, known for targeting government entities in Ukraine and Central Asia for cyber espionage operations. They ut… |
| UAC-0094 | UAC-0094 | State Service of Special Communication and Information Protection of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram acc… |
| UAC-0099 | UAC-0099 | UAC-0099 is a threat actor that has been active since at least May 2023, targeting Ukrainian entities. They have been observed using a known WinRAR vulnerabili… |
| UAC-0099 | UAC-0099 | UAC-0099 is a threat actor that has been active since at least May 2023, targeting Ukrainian entities. They have been observed using a known WinRAR vulnerabili… |
| UAC-0102 | UAC-0102 | UAC-0102 is a threat actor group targeting UKR.NET users through phishing attacks. They distribute emails with HTML file attachments that redirect users to a f… |
| UAC-0102 | UAC-0102 | UAC-0102 is a threat actor group targeting UKR.NET users through phishing attacks. They distribute emails with HTML file attachments that redirect users to a f… |