2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,351–1,400 of 1,546 in Other · page 28 of 31
| ID | Title | Summary |
|---|---|---|
| UNC2452 | UNC2452 | Reporting regarding activity related to the SolarWinds supply chain injection has grown quickly since initial disclosure on 13 December 2020. A significant amo… |
| UNC2465 | UNC2465 | UNC2465 is a threat actor known for deploying the SMOKEDHAM .NET backdoor and DARKSIDE ransomware, utilizing TTPs such as phishing, Trojanized software install… |
| UNC2465 | UNC2465 | UNC2465 is a threat actor known for deploying the SMOKEDHAM .NET backdoor and DARKSIDE ransomware, utilizing TTPs such as phishing, Trojanized software install… |
| UNC2565 | UNC2565 | UNC2565 is a threat group that has used the GOOTLOADER downloader to deliver Cobalt Strike BEACON. These intrusions have stemmed from victims accessing malicio… |
| UNC2565 | UNC2565 | UNC2565 is a threat group that has used the GOOTLOADER downloader to deliver Cobalt Strike BEACON. These intrusions have stemmed from victims accessing malicio… |
| UNC2630 | UNC2630 | UNC2630 is a threat actor believed to be affiliated with the Chinese government. They engage in cyber espionage activities, targeting organizations aligned wit… |
| UNC2659 | UNC2659 | UNC2659 has been active since at least January 2021. We have observed the threat actor move through the whole attack lifecycle in under 10 days. UNC2659 is not… |
| UNC2659 | UNC2659 | UNC2659 has been active since at least January 2021. We have observed the threat actor move through the whole attack lifecycle in under 10 days. UNC2659 is not… |
| UNC2717 | UNC2717 | UNC2717 is a threat actor that engages in espionage activities aligned with Chinese government priorities. They demonstrate advanced tradecraft and take measur… |
| UNC2814 | UNC2814 | UNC2814 is a suspected PRC-nexus cyber espionage group that has targeted telecommunications providers and government entities globally since at least 2017. The… |
| UNC2970 | UNC2970 | UNC2970 is a North Korean threat actor that primarily targets organizations through spear-phishing emails with job recruitment themes, often utilizing fake Lin… |
| UNC3524 | UNC3524 | Mandiant observed this group operating since December 2019. Its techniques partially overlap with multiple Russian-based espionage actors (APT28 and APT29). Th… |
| UNC3524 | UNC3524 | Mandiant observed this group operating since December 2019. Its techniques partially overlap with multiple Russian-based espionage actors (APT28 and APT29). Th… |
| UNC3569 | UNC3569 | China-nexus espionage actor that has been observed exploiting vulnerabilities in Aspera Faspex, Microsoft Exchange, and Oracle Web Applications Desktop Integra… |
| UNC3886 | UNC3886 | UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns. UNC3… |
| UNC3890 | UNC3890 | A suspected Iranian threat activity cluster has been linked to attacks aimed at Israeli shipping, government, energy, and healthcare organizations, in a campai… |
| UNC3973 | UNC3973 | UNC3973 is a financially motivated threat actor tracked by Mandiant, distinguished from the broader BASTA ransomware ecosystem (primarily tracked as UNC4393) d… |
| UNC3973 | UNC3973 | UNC3973 is a financially motivated threat actor tracked by Mandiant, distinguished from the broader BASTA ransomware ecosystem (primarily tracked as UNC4393) d… |
| UNC4191 | UNC4191 | UNC4191 is a China-linked threat actor that has been involved in cyber espionage campaigns targeting public and private sectors primarily in Southeast Asia. Th… |
| UNC4393 | UNC4393 | UNC4393 is a financially motivated threat actor primarily using BASTA ransomware. They have been active since early 2022 and have targeted over 40 organization… |
| UNC4393 | UNC4393 | UNC4393 is a financially motivated threat actor primarily using BASTA ransomware. They have been active since early 2022 and have targeted over 40 organization… |
| UNC4487 | UNC4487 | UNC4487 is a threat actor that targeted Ukrainian government officials by compromising a Ukrainian auto insurance website essential for official travel. This a… |
| UNC4487 | UNC4487 | UNC4487 is a threat actor that targeted Ukrainian government officials by compromising a Ukrainian auto insurance website essential for official travel. This a… |
| UNC4536 | UNC4536 | UNC4536 is a threat actor that distributes malware, including ICEDID, REDLINESTEALER, and CARBANAK, primarily through malvertising and trojanized MSIX installe… |
| UNC4536 | UNC4536 | UNC4536 is a threat actor that distributes malware, including ICEDID, REDLINESTEALER, and CARBANAK, primarily through malvertising and trojanized MSIX installe… |
| UNC4540 | UNC4540 | UNC4540 is a suspected Chinese threat actor targeting unpatched SonicWall Secure Mobile Access appliances to deploy custom malware that establishes long-term p… |
| UNC4736 | UNC4736 | UNC4736 is a North Korean threat actor that has been involved in supply chain attacks targeting software chains of 3CX and X_TRADER. They have used malware str… |
| UNC4841 | UNC4841 | UNC4841 is a well-resourced threat actor that has utilized a wide range of malware and purpose-built tooling to enable their global espionage operations. They … |
| UNC4990 | UNC4990 | UNC4990 is a financially motivated threat actor that has been active since at least 2020. They primarily target users in Italy and rely on USB devices for init… |
| UNC5174 | UNC5174 | UNC5174, a Chinese state-sponsored threat actor, has been identified by Mandiant for exploiting critical vulnerabilities in F5 BIG-IP and ScreenConnect. They h… |
| UNC5174 | UNC5174 | UNC5174, a Chinese state-sponsored threat actor, has been identified by Mandiant for exploiting critical vulnerabilities in F5 BIG-IP and ScreenConnect. They h… |
| UNC5266 | UNC5266 | Mandiant created UNC5266 to track post-disclosure exploitation leading to deployment of Bishop Fox's SLIVER implant framework, a WARPWIRE variant, and a new ma… |
| UNC5266 | UNC5266 | Mandiant created UNC5266 to track post-disclosure exploitation leading to deployment of Bishop Fox's SLIVER implant framework, a WARPWIRE variant, and a new ma… |
| UNC5291 | UNC5291 | UNC5291 is a cluster of targeted probing activity that we assess with moderate confidence is associated with UNC3236, also known publicly as Volt Typhoon. Acti… |
| UNC5291 | UNC5291 | UNC5291 is a cluster of targeted probing activity that we assess with moderate confidence is associated with UNC3236, also known publicly as Volt Typhoon. Acti… |
| UNC5325 | UNC5325 | UNC5325 is a suspected Chinese cyber espionage operator that exploited CVE-2024-21893 to compromise Ivanti Connect Secure appliances. UNC5325 leveraged code fr… |
| UNC5330 | UNC5330 | UNC5330 is a suspected China-nexus espionage actor. UNC5330 has been observed chaining CVE-2024-21893 and CVE-2024-21887 to compromise Ivanti Connect Secure VP… |
| UNC5337 | UNC5337 | UNC5337 is a suspected China-nexus espionage actor that compromised Ivanti Connect Secure VPN appliances as early as Jan. 2024. UNC5337 is suspected to exploit… |
| UNC5342 | UNC5342 | UNC5342 is a North Korea-linked APT that employs the EtherHiding technique to deliver malware and facilitate cryptocurrency theft. The actor has been observed … |
| UNC5537 | UNC5537 | UNC5537 is a financially motivated threat actor targeting Snowflake customer databases. They use stolen credentials obtained from infostealer malware to access… |
| UNC5537 | UNC5537 | UNC5537 is a financially motivated threat actor targeting Snowflake customer databases. They use stolen credentials obtained from infostealer malware to access… |
| UNC5820 | UNC5820 | UNC5820 is a threat actor exploiting the CVE-2024-47575 vulnerability in Fortinet's FortiManager, allowing them to bypass authentication and execute arbitrary … |
| UNC5820 | UNC5820 | UNC5820 is a threat actor exploiting the CVE-2024-47575 vulnerability in Fortinet's FortiManager, allowing them to bypass authentication and execute arbitrary … |
| UNC6032 | UNC6032 | UNC6032 is a threat actor that weaponizes interest in AI tools, specifically targeting users with fake "AI video generator" websites to distribute malware, inc… |
| UNC6040 | UNC6040 | UNC6040 is a financially motivated threat cluster that employs vishing to gain access to organizations' Salesforce environments, facilitating large-scale data … |
| UNC6040 | UNC6040 | UNC6040 is a financially motivated threat cluster that employs vishing to gain access to organizations' Salesforce environments, facilitating large-scale data … |
| UNC6148 | UNC6148 | UNC6148 is a financially motivated threat actor that targets SonicWall Secure Mobile Access 100 series appliances, leveraging stolen credentials and possibly z… |
| UNC6148 | UNC6148 | UNC6148 is a financially motivated threat actor that targets SonicWall Secure Mobile Access 100 series appliances, leveraging stolen credentials and possibly z… |
| UNC6201 | UNC6201 | UNC6201 is a sophisticated Chinese state-sponsored hacking group that exploited CVE-2026–22769, a critical vulnerability in Dell RecoverPoint for Virtual Machi… |
| UNC6293 | UNC6293 | UNC6293 is a Russian state-sponsored threat actor identified by Google's Threat Intelligence Group (GTIG), which associates them with APT29 with low confidence… |