2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,301–1,350 of 1,546 in Other · page 27 of 31
| ID | Title | Summary |
|---|---|---|
| UAC-0118 | UAC-0118 | From Russia with Love, is a threat actor group that emerged during the Russia-Ukraine war in 2022. They primarily engage in DDoS attacks and have targeted crit… |
| UAC-0118 | UAC-0118 | From Russia with Love, is a threat actor group that emerged during the Russia-Ukraine war in 2022. They primarily engage in DDoS attacks and have targeted crit… |
| UAC-0149 | UAC-0149 | UAC-0149 is a threat actor targeting the Armed Forces of Ukraine with COOKBOX malware. They use obfuscation techniques like character encoding and base64 encod… |
| UAC-0149 | UAC-0149 | UAC-0149 is a threat actor targeting the Armed Forces of Ukraine with COOKBOX malware. They use obfuscation techniques like character encoding and base64 encod… |
| UAC-0154 | UAC-0154 | UAC-0154 is a threat actor orchestrating the STARK#VORTEX phishing campaign, specifically targeting Ukraine’s military. They employ a Microsoft Help file conta… |
| UAC-0154 | UAC-0154 | UAC-0154 is a threat actor orchestrating the STARK#VORTEX phishing campaign, specifically targeting Ukraine’s military. They employ a Microsoft Help file conta… |
| UAC-0184 | UAC-0184 | UAC-0184 is a threat actor targeting Ukrainian organizations in Finland, using the Remcos Remote Access Trojan in their attacks. They have been observed utiliz… |
| UAC-0184 | UAC-0184 | UAC-0184 is a threat actor targeting Ukrainian organizations in Finland, using the Remcos Remote Access Trojan in their attacks. They have been observed utiliz… |
| UAC-0185 | UAC-0185 | UAC-0185 has been active since at least 2022, primarily targeting Ukrainian defense organizations through credential theft via messaging apps like Signal, Tele… |
| UAC-0185 | UAC-0185 | UAC-0185 has been active since at least 2022, primarily targeting Ukrainian defense organizations through credential theft via messaging apps like Signal, Tele… |
| UAC-0194 | UAC-0194 | UAC-0194 is a Russian threat actor linked to the exploitation of the Windows zero-day CVE-2024-43451, which was used in attacks against Ukrainian organizations… |
| UAC-0215 | UAC-0215 | UAC-0215 is an APT group that has orchestrated a phishing campaign targeting public institutions, major industries, and military units in Ukraine, utilizing ro… |
| UAC-0215 | UAC-0215 | UAC-0215 is an APT group that has orchestrated a phishing campaign targeting public institutions, major industries, and military units in Ukraine, utilizing ro… |
| UAC-0219 | UAC-0219 | UAC-0219 is a hacking group observed conducting cyber-espionage operations targeting Ukrainian critical sectors, primarily utilising WRECKSTEEL malware for fil… |
| UAC-0219 | UAC-0219 | UAC-0219 is a hacking group observed conducting cyber-espionage operations targeting Ukrainian critical sectors, primarily utilising WRECKSTEEL malware for fil… |
| UAC-0226 | UAC-0226 | UAC-0226 is a cyber-espionage group targeting Ukrainian military, law enforcement, and local government entities—particularly near the eastern border—since Feb… |
| UAC-0226 | UAC-0226 | UAC-0226 is a cyber-espionage group targeting Ukrainian military, law enforcement, and local government entities—particularly near the eastern border—since Feb… |
| UAC-0227 | UAC-0227 | UAC-0227 is an APT group that has been active since at least March 2025, targeting local governments, critical infrastructure, and various organizations in the… |
| UAC-0227 | UAC-0227 | UAC-0227 is an APT group that has been active since at least March 2025, targeting local governments, critical infrastructure, and various organizations in the… |
| UAC-0239 | UAC-0239 | UAC-0239 has been observed conducting spearphishing attacks targeting the Defence Forces and local state agencies of Ukraine, impersonating the Security Servic… |
| UAC-0239 | UAC-0239 | UAC-0239 has been observed conducting spearphishing attacks targeting the Defence Forces and local state agencies of Ukraine, impersonating the Security Servic… |
| UAC-0241 | UAC-0241 | UAC-0241 is a threat actor tracked by CERT-UA, active from May to November 2025, targeting educational institutions and government bodies in eastern Ukraine vi… |
| UAC-0241 | UAC-0241 | UAC-0241 is a threat actor tracked by CERT-UA, active from May to November 2025, targeting educational institutions and government bodies in eastern Ukraine vi… |
| UAC-0245 | UAC-0245 | Threat actors, tracked under the identifier UAC-0245 and targeting Ukraine, employ malicious XLL files disguised as critical documents. |
| UAT-10362 | UAT-10362 | UAT-10362 is a threat actor identified by Cisco Talos, conducting spear-phishing campaigns targeting Taiwanese NGOs and suspected universities to deploy the ma… |
| UAT-10362 | UAT-10362 | UAT-10362 is a threat actor identified by Cisco Talos, conducting spear-phishing campaigns targeting Taiwanese NGOs and suspected universities to deploy the ma… |
| UAT-10608 | UAT-10608 | UAT-10608 is a threat cluster observed by Cisco Talos conducting a large-scale, automated credential-harvesting campaign against public-facing web applications… |
| UAT-10608 | UAT-10608 | UAT-10608 is a threat cluster observed by Cisco Talos conducting a large-scale, automated credential-harvesting campaign against public-facing web applications… |
| UAT-5394 | UAT-5394 | UAT-5394 is a state-sponsored North Korean threat actor known for developing the MoonPeak RAT, which is based on XenoRAT. They have transitioned from using Qua… |
| UAT-5918 | UAT-5918 | UAT-5918 is an APT group that targets entities in Taiwan, primarily in telecommunications, healthcare, and IT sectors, to establish long-term access for inform… |
| UAT-5918 | UAT-5918 | UAT-5918 is an APT group that targets entities in Taiwan, primarily in telecommunications, healthcare, and IT sectors, to establish long-term access for inform… |
| UAT-6382 | UAT-6382 | UAT-6382 is a Chinese-speaking threat actor that exploits CVE-2025-0944 to gain access to enterprise networks, particularly targeting local governing bodies in… |
| UAT-7237 | UAT-7237 | UAT-7237 is a Chinese-speaking APT group that has been active since at least 2022, primarily targeting web infrastructure entities in Taiwan. They utilize a cu… |
| UAT-8099 | UAT-8099 | UAT-8099 is a Chinese-speaking cybercrime group primarily engaged in SEO fraud and the theft of high-value credentials, configuration files, and certificate da… |
| UAT-8302 | UAT-8302 | UAT-8302 is a sophisticated China-nexus APT group targeting government entities in South America and southeastern Europe, deploying custom-made malware such as… |
| UAT-8616 | UAT-8616 | UAT-8616 is a highly sophisticated cyber threat actor attributed by Cisco Talos, with evidence of activity dating back to at least 2023. They have been observe… |
| UAT-8616 | UAT-8616 | UAT-8616 is a highly sophisticated cyber threat actor attributed by Cisco Talos, with evidence of activity dating back to at least 2023. They have been observe… |
| UAT-8837 | UAT-8837 | UAT-8837 is a sophisticated China-linked APT group exploiting critical zero-day vulnerabilities, such as CVE-2025-53690 in the Sitecore platform, to achieve re… |
| UAT-9244 | UAT-9244 | UAT-9244 is a China-nexus APT actor, disclosed by Cisco Talos on March 5, 2026, assessed with high confidence as closely associated with Famous Sparrow and ove… |
| UAT-9686 | UAT-9686 | UAT-9686 is a Chinese state-sponsored APT known for targeting networking infrastructure and edge appliances through a sophisticated espionage campaign. They ex… |
| UAT-9921 | UAT-9921 | UAT-9921 is a China-nexus threat actor active since 2019, tracked by Cisco Talos. In 2026, they were observed deploying 'VoidLink', a sophisticated modular fra… |
| UKRAINIAN-CYBER-ALLIANCE | Ukrainian Cyber Alliance | Cyber Alliance is a hacktivist group that has demonstrated capabilities in exploiting vulnerabilities, such as CVE-2023-22515 in Confluence, to escalate privil… |
| UNC1069 | UNC1069 | CryptoCore is a North Korean APT known for targeting cryptocurrency exchanges and financial institutions, employing spear-phishing techniques that lead to LONE… |
| UNC1549 | UNC1549 | UNC1549 is an Iranian threat actor linked to Tortoiseshell and potentially the IRGC. They have been active since at least June 2022, targeting entities worldwi… |
| UNC1860 | UNC1860 | UNC1860 is a persistent and opportunistic Iranian state-sponsored threat actor that is likely affiliated with Iran’s Ministry of Intelligence and Security (MOI… |
| UNC1878 | UNC1878 | UNC1878 is a financially motivated threat actor that monetizes network access via the deployment of RYUK ransomware. Earlier this year, Mandiant published a bl… |
| UNC1878 | UNC1878 | UNC1878 is a financially motivated threat actor that monetizes network access via the deployment of RYUK ransomware. Earlier this year, Mandiant published a bl… |
| UNC215 | UNC215 | UNC215 is a Chinese nation-state threat actor that has been active since at least 2014. They have targeted organizations in various sectors, including governme… |
| UNC2447 | UNC2447 | UNC2447 is a financially motivated threat actor with ties to multiple hacker groups. They have been observed deploying ransomware, including FiveHands and Hell… |
| UNC2447 | UNC2447 | UNC2447 is a financially motivated threat actor with ties to multiple hacker groups. They have been observed deploying ransomware, including FiveHands and Hell… |