2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,401–1,450 of 1,546 in Other · page 29 of 31
| ID | Title | Summary |
|---|---|---|
| UNC6353 | UNC6353 | UNC6353 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: UNC6353 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341)… |
| UNC6353 | UNC6353 | suspected Russian espionage group. |
| UNC6384 | UNC6384 | UNC6384 (also tracked as Vertigo Panda) is a Chinese-affiliated APT that conducts targeted espionage campaigns primarily against diplomatic entities in Southea… |
| UNC6395 | UNC6395 | The actor systematically exported large volumes of data from numerous corporate Salesforce instances. GTIG assesses the primary intent of the threat actor is t… |
| UNC6395 | UNC6395 | The actor systematically exported large volumes of data from numerous corporate Salesforce instances. GTIG assesses the primary intent of the threat actor is t… |
| UNC6426 | UNC6426 | UNC6426 exploited a supply chain compromise of the nx npm package to steal a developer's GitHub Personal Access Token and gain access to a victim's cloud envir… |
| UNC6426 | UNC6426 | UNC6426 exploited a supply chain compromise of the nx npm package to steal a developer's GitHub Personal Access Token and gain access to a victim's cloud envir… |
| UNC6485 | UNC6485 | UNC6485 is a cyber-espionage group exploiting CVE-2025-12480 in Gladinet’s Triofox file-sharing platform to gain initial network access and establish long-term… |
| UNC6485 | UNC6485 | UNC6485 is a cyber-espionage group exploiting CVE-2025-12480 in Gladinet’s Triofox file-sharing platform to gain initial network access and establish long-term… |
| UNC6619 | UNC6619 | TGR-STA-1030 is a state-aligned cyberespionage group operating out of Asia, known for compromising government and critical infrastructure organizations across … |
| UNC6619 | UNC6619 | TGR-STA-1030 is a state-aligned cyberespionage group operating out of Asia, known for compromising government and critical infrastructure organizations across … |
| UNC6671 | UNC6671 | UNC6671 is involved in credential harvesting operations, utilizing vishing tactics to impersonate IT staff and directing victims to enter credentials on a vict… |
| UNC6671 | UNC6671 | UNC6671 is involved in credential harvesting operations, utilizing vishing tactics to impersonate IT staff and directing victims to enter credentials on a vict… |
| UNC6691 | UNC6691 | UNC6691 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: UNC6691 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341)… |
| UNC6691 | UNC6691 | financially motivated threat actor operating from China |
| UNC6692 | UNC6692 | UNC6692 is a threat actor that employs social engineering tactics, such as impersonating IT helpdesk personnel, to gain initial access to victim environments. … |
| UNC6692 | UNC6692 | UNC6692 is a threat actor that employs social engineering tactics, such as impersonating IT helpdesk personnel, to gain initial access to victim environments. … |
| UNC6748 | UNC6748 | UNC6748 targets users in Saudi Arabia through a fake Snapchat website, employing a backdoor known as GHOSTKNIFE for data exfiltration. Their exploitation proce… |
| UNFADING-SEA-HAZE | Unfading Sea Haze | Unfading Sea Haze is a threat actor focused on espionage, targeting government and military organizations in the South China Sea region since 2018. They employ… |
| UNG0002 | UNG0002 | UNG0002 is a technically adept APT conducting large-scale cyber espionage campaigns targeting strategic sectors in China, Hong Kong, and Pakistan, including de… |
| UNG0002 | UNG0002 | UNG0002 is a technically adept APT conducting large-scale cyber espionage campaigns targeting strategic sectors in China, Hong Kong, and Pakistan, including de… |
| UNG0901 | UNG0901 | UNG0901 is a cyber-espionage threat actor targeting Russian entities, particularly in the aerospace and defense sectors, utilizing spear-phishing tactics. They… |
| UNG0901 | UNG0901 | UNG0901 is a cyber-espionage threat actor targeting Russian entities, particularly in the aerospace and defense sectors, utilizing spear-phishing tactics. They… |
| UNION-PANDA | UNION PANDA | |
| UNION-SPIDER | UNION SPIDER | Adversary targeting manufacturing and industrial organizations. |
| UNIT-8200 | Unit 8200 | |
| UNK-ACADEMICFLARE | UNK_AcademicFlare | UNK_AcademicFlare is a suspected Russia-aligned threat actor that conducts device code phishing campaigns by leveraging compromised email addresses from govern… |
| UNK_DropPitch | UNK_DropPitch | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| UNK-DROPPITCH | UNK_DropPitch | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| UNK_FistBump | UNK_FistBump | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| UNK-FISTBUMP | UNK_FistBump | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| UNK-REMOTEROGUE | UNK_RemoteRogue | UNK_RemoteRogue is a suspected Russian threat actor that has been observed utilizing ClickFix in its infection chains, although this technique is not revolutio… |
| UNK_SparkyCarp | UNK_SparkyCarp | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| UNK-SPARKYCARP | UNK_SparkyCarp | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| UNNAMED-ACTOR | Unnamed Actor | This threat actor compromises civil society groups the Chinese Communist Party views as hostile to its interests, such as Tibetan, Uyghur, Hong Kong, and Taiwa… |
| UNSOLICITEDBOOKER | UnsolicitedBooker | UnsolicitedBooker is a China-aligned APT group known for its persistent targeting of an unnamed international organization in Saudi Arabia, employing a backdoo… |
| Urpage | Urpage | What sets Urpage attacks apart is its targeting of InPage, a word processor for Urdu and Arabic languages. However, its Delphi backdoor component, which it has… |
| URPAGE | Urpage | What sets Urpage attacks apart is its targeting of InPage, a word processor for Urdu and Arabic languages. However, its Delphi backdoor component, which it has… |
| USDoD | USDoD | USDoD is a threat actor known for leaking large databases of personal information, including from companies like Airbus and the U.S. Environmental Protection A… |
| USDOD | USDoD | USDoD is a threat actor known for leaking large databases of personal information, including from companies like Airbus and the U.S. Environmental Protection A… |
| USERSEC | UserSec | UserSec is a pro-Russian hacking group that has been active since at least 2022. The group is known for its DDoS attacks and has collaborated with other pro-Ru… |
| UTA0178 | UTA0178 | While Volexity largely observed the attacker essentially living off the land, they still deployed a handful of malware files and tools during the course of the… |
| UTA0218 | UTA0218 | UTA0218 is a threat actor with advanced capabilities, targeting organizations to establish a reverse shell, acquire tools, and extract data. They exploit vulne… |
| UTA0218 | UTA0218 | UTA0218 is a threat actor with advanced capabilities, targeting organizations to establish a reverse shell, acquire tools, and extract data. They exploit vulne… |
| UTA0352 | UTA0352 | UTA0352 is a Russian threat actor attributed to phishing campaigns that exploit Microsoft OAuth 2.0 authentication workflows, often impersonating government of… |
| UTA0355 | UTA0355 | UTA0355 is a Russian threat actor that conducts phishing campaigns targeting individuals and organizations associated with Ukraine. The actor initiates contact… |
| UTA0388 | UTA0388 | UTA0388 is a China-aligned APT known for spear-phishing campaigns targeting organizations in North America, Asia, and Europe, primarily to deliver a Go-based i… |
| UTG-Q-008 | UTG-Q-008 | UTG-Q-008 is a threat actor targeting Linux platforms, primarily focusing on government and enterprise entities in China. They utilize a massive botnet network… |
| UTG-Q-008 | UTG-Q-008 | UTG-Q-008 is a threat actor targeting Linux platforms, primarily focusing on government and enterprise entities in China. They utilize a massive botnet network… |
| UTG-Q-010 | UTG-Q-010 | UTG-Q-010 is a financially motivated APT group from East Asia that has been active since late 2022, primarily targeting the pharmaceutical industry and cryptoc… |