2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,501–1,546 of 1,546 in Other · page 31 of 31
| ID | Title | Summary |
|---|---|---|
| WATER-SACI | Water Saci | Water Saci is a sophisticated cyber threat actor operating in Brazil, utilizing a multi-format attack chain that includes HTA files, ZIP archives, and PDFs to … |
| WATER-SIGBIN | Water Sigbin | The 8220 Gang, also known as Water Sigbin, is a threat actor group that focuses on deploying cryptocurrency-mining malware. They exploit vulnerabilities in Ora… |
| WEBWORM | Webworm | Space Pirates is a cybercrime group that has been active since at least 2017. They primarily target Russian companies and have been observed using various malw… |
| WeedSec | WeedSec | WeedSec is a threat actor group that recently targeted the online learning and course management platform Moodle. They posted sample databases of Moodle on the… |
| WEEDSEC | WeedSec | WeedSec is a threat actor group that recently targeted the online learning and course management platform Moodle. They posted sample databases of Moodle on the… |
| WEREDEVILS | WeRedEvils | WeRedEvils is a hacking group that has claimed responsibility for multiple cyber attacks. They targeted the Iranian Electric Grid and the Tasnimnews website, c… |
| WET-PANDA | WET PANDA | |
| WHITE-BEAR | White Bear | As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we … |
| WhiteCobra | WhiteCobra | WhiteCobra is a threat actor that has infiltrated the Visual Studio Code marketplace and Open VSX registry, deploying 24 malicious extensions targeting cryptoc… |
| WHITECOBRA | WhiteCobra | WhiteCobra is a threat actor that has infiltrated the Visual Studio Code marketplace and Open VSX registry, deploying 24 malicious extensions targeting cryptoc… |
| Whitefly | Whitefly | In July 2018, an attack on Singapore’s largest public health organization, SingHealth, resulted in a reported 1.5 million patient records being stolen. Until n… |
| WHITEFLY | Whitefly | In July 2018, an attack on Singapore’s largest public health organization, SingHealth, resulted in a reported 1.5 million patient records being stolen. Until n… |
| WildCard | WildCard | Wildcard is a threat actor that initially targeted Israel's educational sector with the SysJoker malware. They have since expanded their operations and develop… |
| WILDCARD | WildCard | Wildcard is a threat actor that initially targeted Israel's educational sector with the SysJoker malware. They have since expanded their operations and develop… |
| WildNeutron | WildNeutron | A corporate espionage group has compromised a string of major corporations over the past three years in order to steal confidential information and intellectua… |
| WILDNEUTRON | WildNeutron | A corporate espionage group has compromised a string of major corporations over the past three years in order to steal confidential information and intellectua… |
| WildPressure | WildPressure | WildPressure is a threat actor that targets industrial-related entities in the Middle East. They use a variety of programming languages, including C++, VBScrip… |
| WILDPRESSURE | WildPressure | WildPressure is a threat actor that targets industrial-related entities in the Middle East. They use a variety of programming languages, including C++, VBScrip… |
| WindShift | WindShift | In August of 2018, DarkMatter released a report entitled “In the Trails of WINDSHIFT APT”, which unveiled a threat actor with TTPs very similar to those of Bah… |
| WINDSHIFT | WindShift | In August of 2018, DarkMatter released a report entitled “In the Trails of WINDSHIFT APT”, which unveiled a threat actor with TTPs very similar to those of Bah… |
| WINTER-VIVERN | Winter Vivern | Winter Vivern is a cyberespionage group first revealed by DomainTools in 2021. It is thought to have been active since at least 2020 and it targets governments… |
| WIP19 | WIP19 | WIP19 is a Chinese-speaking threat group involved in espionage targeting the Middle East and Asia. They utilize a stolen certificate to sign their malware, inc… |
| WIRTE | WIRTE | WIRTE is a threat actor group that was first discovered in 2018. They are suspected to be part of the Gaza Cybergang, an Arabic politically motivated cyber cri… |
| WITCHETTY | Witchetty | Witchetty was first documented by ESET in April 2022, who concluded that it was one of three sub-groups of TA410, a broad cyber-espionage operation with some l… |
| WIZARD-SPIDER | WIZARD SPIDER | Wizard Spider is reportedly associated with Grim Spider and Lunar Spider. The WIZARD SPIDER threat group is the Russia-based operator of the TrickBot banking m… |
| WOLF-SPIDER | WOLF SPIDER | FIN4 is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthca… |
| WOROK | Worok | Worok is a cyber espionage group, mostly targeting Central Asia. The group toolset includes a C++ loader named CLRLoad, a PowerShell backdoor named PowHeartBea… |
| XAKNET | XakNet | XakNet is a self-proclaimed hacktivist group that has targeted Ukraine. They claim to be comprised of Russian patriotic volunteers and have conducted various t… |
| Xcatze | Xcatze | Cloud security company Lacework says it discovered a threat actor group named Xcatze that uses a Python named AndroxGh0st to take over AWS servers and send out… |
| XCATZE | Xcatze | Cloud security company Lacework says it discovered a threat actor group named Xcatze that uses a Python named AndroxGh0st to take over AWS servers and send out… |
| XDSpy | XDSpy | Rare is the APT group that goes largely undetected for nine years, but XDSpy is just that; a previously undocumented espionage group that has been active since… |
| XDSPY | XDSpy | Rare is the APT group that goes largely undetected for nine years, but XDSpy is just that; a previously undocumented espionage group that has been active since… |
| XIAOQIYING | Xiaoqiying | Xiaoqiying is a primarily Chinese-speaking threat group that is most well known for conducting website defacement and data exfiltration attacks on more than a … |
| XINXIN | XinXin | XinXin is a Chinese-speaking threat actor known for its phishing-as-a-service platform, Lucid, which targets global organizations to steal credit card details … |
| Yanbian Gang | Yanbian Gang | RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting … |
| YANBIAN-GANG | Yanbian Gang | RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting … |
| YOROTROOPER | YoroTrooper | YoroTrooper’s main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States, based on … |
| Z-PENTEST-ALLIANCE | Z-Pentest Alliance | Z-Pentest Alliance is a pro-Russian hacktivist group known for targeting industrial control systems and operational technology systems, particularly in Italy a… |
| ZARYA | Zarya | Zarya is a pro-Russian hacktivist group that emerged in March 2022. Initially operating as a special forces unit under the command of Killnet, Zarya has since … |
| ZEFFSEC | ZeffSec | ZeffSec is a hacktivist collective focused on infrastructure-level disruption and exposing vulnerabilities in centralized digital networks. In March 2026, the … |
| ZeroSevenGroup | ZeroSevenGroup | ZeroSevenGroup is a threat actor that claims to have breached a U.S. branch of Toyota, stealing 240GB of sensitive data, including employee and customer inform… |
| ZEROSEVENGROUP | ZeroSevenGroup | ZeroSevenGroup is a threat actor that claims to have breached a U.S. branch of Toyota, stealing 240GB of sensitive data, including employee and customer inform… |
| ZOMBIE SPIDER | ZOMBIE SPIDER | On April 7, 2017, Pytor Levashov — who predominantly used the alias Severa or Peter Severa and whom Falcon Intelligence tracks as ZOMBIE SPIDER — was arrested … |
| ZOMBIE-SPIDER | ZOMBIE SPIDER | On April 7, 2017, Pytor Levashov — who predominantly used the alias Severa or Peter Severa and whom Falcon Intelligence tracks as ZOMBIE SPIDER — was arrested … |
| ZooPark | ZooPark | ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind ZooPark infect Androi… |
| ZOOPARK | ZooPark | ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind ZooPark infect Androi… |