2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 101–150 of 1,546 in Other · page 3 of 31
| ID | Title | Summary |
|---|---|---|
| Awaken Likho | Awaken Likho | Awaken Likho is an APT group that has targeted Russian government agencies and industrial enterprises, employing techniques such as information gathering via s… |
| AWAKEN-LIKHO | Awaken Likho | Awaken Likho is an APT group that has targeted Russian government agencies and industrial enterprises, employing techniques such as information gathering via s… |
| AYY-LD-Z-TIM | Ayyıldız Tim | Ayyıldız (Crescent and Star) Tim is a nationalist hacking group founded in 2002. It performs defacements and DDoS attacks against the websites of governments t… |
| AZZASEC | AzzaSec | AzzaSec is a hacktivist group that originated in Italy. Known for their pro-Palestine stance, they have been involved in various cyberattacks targeting Israel … |
| BackdoorDiplomacy | BackdoorDiplomacy | An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunica… |
| BACKDOORDIPLOMACY | BackdoorDiplomacy | An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunica… |
| BadRory | BadRory | Kaspersky researchers have identified a new APT group named BadRory that has mounted two waves of spear-phishing attacks against Russian organizations. The cam… |
| BADRORY | BadRory | Kaspersky researchers have identified a new APT group named BadRory that has mounted two waves of spear-phishing attacks against Russian organizations. The cam… |
| Bahamut | Bahamut | Bahamut is a threat actor primarily operating in Middle East and Central Asia, suspected to be a private contractor to several state sponsored actors. They wer… |
| BAHAMUT | Bahamut | Bahamut is a threat actor primarily operating in Middle East and Central Asia, suspected to be a private contractor to several state sponsored actors. They wer… |
| BAMBOO SPIDER | BAMBOO SPIDER | BAMBOO SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: BAMBOO SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-… |
| BAMBOO-SPIDER | BAMBOO SPIDER | Crowdstrike tracks the developer of Panda Zeus as BAMBOO SPIDER |
| BANISHED-KITTEN | BANISHED KITTEN | BANISHED KITTEN is an Iranian state-nexus adversary active since at least 2008. While the adversary’s most prominent activity is the July and September 2022 di… |
| BATSHADOW | BatShadow | BatShadow is a Vietnamese threat actor that targets job seekers and digital marketing professionals through social engineering campaigns, deploying the Go-base… |
| BazarCall | BazarCall | BazarCall campaigns forgo malicious links or attachments in email messages in favor of phone numbers that recipients are misled into calling. It’s a technique … |
| BAZARCALL | BazarCall | BazarCall campaigns forgo malicious links or attachments in email messages in favor of phone numbers that recipients are misled into calling. It’s a technique … |
| BEARLYFY | Bearlyfy | Bearlyfy has been attributed to over 70 cyber attacks targeting Russian companies since its emergence in January 2025, employing a custom Windows ransomware st… |
| BEIJING-GROUP | Beijing Group | |
| BelialDemon | BelialDemon | BelialDemon is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Matanbuchus. Original record: BelialDemon is a threat … |
| BELIALDEMON | BelialDemon | Mentioned as operator of TriumphLoader and Matanbuchus |
| Belsen Group | Belsen Group | The Belsen Group has exploited the CVE-2022-40684 vulnerability in Fortinet devices to compromise over 15,000 FortiGate firewalls, releasing detailed configura… |
| BELSEN-GROUP | Belsen Group | The Belsen Group has exploited the CVE-2022-40684 vulnerability in Fortinet devices to compromise over 15,000 FortiGate firewalls, releasing detailed configura… |
| BIBIGUN | BiBiGun | A pro-Hamas hacktivist group developed a wiper called BiBi-Linux to target and destroy data on Israeli systems. The malware impersonates ransomware but operate… |
| BIG-PANDA | BIG PANDA | |
| BIGNOSA | Bignosa | Bignosa is a threat actor known for launching malware campaigns targeting Australian and US organizations using phishing emails with disguised Agent Tesla atta… |
| BITWISE SPIDER | BITWISE SPIDER | BITWISE SPIDER has recently and quickly become a significant player in the big game hunting (BGH) landscape. Their dedicated leak site (DLS) has received the h… |
| BITWISE-SPIDER | BITWISE SPIDER | BITWISE SPIDER has recently and quickly become a significant player in the big game hunting (BGH) landscape. Their dedicated leak site (DLS) has received the h… |
| BLACKATOM | Blackatom | Recent campaigns suggest Hamas-linked actors may be advancing their TTPs to include intricate social engineering lures specially crafted to appeal to a niche g… |
| BLACKGEAR | Blackgear | BLACKGEAR is an espionage campaign which has targeted users in Taiwan for many years. Multiple papers and talks have been released covering this campaign, whic… |
| BLACKJACK | BlackJack | Blackjack, a threat actor linked to Ukraine's security apparatus, has targeted critical Russian entities such as ISPs, utilities, and military infrastructure. … |
| BLACKMASKERS | BlackMaskers | BlackMaskers Team has emerged as a significant threat actor, particularly targeting Jordan amid the Israel-Iran conflict. They have claimed responsibility for … |
| BLACKMETA | Blackmeta | BLACKMETA is a pro-Palestinian hacktivist group that has claimed responsibility for a series of DDoS attacks and data breaches targeting organizations perceive… |
| BlackOasis | BlackOasis | BlackOasis is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United N… |
| BLACKOASIS | BlackOasis | BlackOasis is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United N… |
| Blacktail | Blacktail | Blacktail is a cybercrime group that has gained attention for its ransomware campaigns, particularly the Buhti ransomware. They are known for using custom-buil… |
| BLACKTAIL | Blacktail | Blacktail is a cybercrime group that has gained attention for its ransomware campaigns, particularly the Buhti ransomware. They are known for using custom-buil… |
| BLACKTECH | BlackTech | BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes a… |
| BLACKWOOD | Blackwood | Blackwood is a China-aligned APT group that has been active since at least 2018. They primarily engage in cyberespionage operations targeting individuals and c… |
| BLADEDFELINE | BladedFeline | BladedFeline is an Iran-aligned APT group that has been active since at least 2017, targeting Iraqi and Kurdish government officials for cyberespionage. The gr… |
| BladeHawk | BladeHawk | BladeHawk is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Government sector. Documented victim organisatio… |
| BLADEHAWK | BladeHawk | |
| BLUE-TERMITE | Blue Termite | Blue Termite is a group of suspected Chinese origin active in Japan. |
| BLUE-TSUNAMI | Blue Tsunami | Blue Tsunami, also known as Black Cube, is a cyber mercenary group associated with the private intelligence firm Black Cube. They target individuals in various… |
| BlueBottle | BlueBottle | Bluebottle, a cyber-crime group that specializes in targeted attacks against the financial sector, is continuing to mount attacks on banks in Francophone count… |
| BLUEBOTTLE | BlueBottle | Bluebottle, a cyber-crime group that specializes in targeted attacks against the financial sector, is continuing to mount attacks on banks in Francophone count… |
| BlueHornet | BlueHornet | BlueHornet is an advanced persistent threat group targeting government organizations in China, North Korea, Iran, and Russia. They have compromised and leaked … |
| BLUEHORNET | BlueHornet | BlueHornet is an advanced persistent threat group targeting government organizations in China, North Korea, Iran, and Russia. They have compromised and leaked … |
| BOHRIUM | Bohrium | Bohrium is an Iranian threat actor that has been involved in spear-phishing operations targeting organizations in the US, Middle East, and India. They often cr… |
| Bondnet | Bondnet | Bondnet is a threat actor that deploys backdoors and cryptocurrency miners. They use high-performance bots as C2 servers and configure reverse RDP environments… |
| BONDNET | Bondnet | Bondnet is a threat actor that deploys backdoors and cryptocurrency miners. They use high-performance bots as C2 servers and configure reverse RDP environments… |