2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 151–200 of 1,546 in Other · page 4 of 31
| ID | Title | Summary |
|---|---|---|
| Boolka | Boolka | Boolka is a threat actor known for infecting websites with malicious JavaScript scripts for data exfiltration. They have been carrying out opportunistic SQL in… |
| BOOLKA | Boolka | Boolka is a threat actor known for infecting websites with malicious JavaScript scripts for data exfiltration. They have been carrying out opportunistic SQL in… |
| BOSON SPIDER | BOSON SPIDER | BOSON SPIDER is a cyber criminal group, which was first identified in 2015, recently and inexplicably went dark in the spring of 2016, appears to be a tightly … |
| BOSON-SPIDER | BOSON SPIDER | BOSON SPIDER is a cyber criminal group, which was first identified in 2015, recently and inexplicably went dark in the spring of 2016, appears to be a tightly … |
| BOSS SPIDER | BOSS SPIDER | Throughout 2018, CrowdStrike Intelligence tracked BOSS SPIDER as it regularly updated Samas ransomware and received payments to known Bitcoin (BTC) addresses. … |
| BOSS-SPIDER | BOSS SPIDER | Throughout 2018, CrowdStrike Intelligence tracked BOSS SPIDER as it regularly updated Samas ransomware and received payments to known Bitcoin (BTC) addresses. … |
| BOULDER-BEAR | Boulder Bear | First observed activity in December 2013. |
| BRAZENBAMBOO | BrazenBamboo | BrazenBamboo is a Chinese state-affiliated threat actor known for developing the LIGHTSPY, DEEPDATA, and DEEPPOST malware families. Their infrastructure includ… |
| BreachLaboratory | BreachLaboratory | BreachLaboratory is a cybercrime actor that specializes in the extraction and sale of sensitive financial and identity datasets from various organizations. The… |
| BREACHLABORATORY | BreachLaboratory | BreachLaboratory is a cybercrime actor that specializes in the extraction and sale of sensitive financial and identity datasets from various organizations. The… |
| BRONZE-EDGEWOOD | BRONZE EDGEWOOD | In early 2021 CTU researchers observed BRONZE EDGEWOOD exploiting the Microsoft Exchange Server of an organization in Southeast Asia. The threat group deployed… |
| BRONZE-HIGHLAND | BRONZE HIGHLAND | BRONZE HIGHLAND has been observed using spearphishing as an initial infection vector to deploy the MgBot remote access trojan against targets in Hong Kong. Thi… |
| BRONZE-SPIRAL | BRONZE SPIRAL | In December 2020, the IT management software provider SolarWinds announced that an unidentified threat actor had exploited a vulnerability in their Orion Platf… |
| BRONZE-SPRING | BRONZE SPRING | BRONZE SPRING is a threat group that CTU researchers assess with high confidence operates on behalf of China in the theft of intellectual property from defense… |
| BRONZE-STARLIGHT | BRONZE STARLIGHT | BRONZE STARLIGHT has been active since mid 2021 and targets organizations globally across a range of industry verticals. The group leverages HUI Loader to load… |
| BRONZE-VAPOR | BRONZE VAPOR | BRONZE VAPOR is a targeted threat group assessed with moderate confidence to be of Chinese origin. Artefacts from tools associated with this group and open sou… |
| BUDMINER | Budminer | Based on the evidence we have presented Symantec attributed the activity involving theDripion malware to the Budminer advanced threat group. While we have not … |
| BUHTRAP | BuhTrap | Buhtrap has been active since 2014, however their first attacks against financial institutions were only detected in August 2015. Earlier, the group had only f… |
| ByteToBreach | ByteToBreach | ByteToBreach is a prolific cybercriminal who operates across multiple platforms, including DarkForums and Telegram, and has been active since at least June 202… |
| BYTETOBREACH | ByteToBreach | ByteToBreach is a prolific cybercriminal who operates across multiple platforms, including DarkForums and Telegram, and has been active since at least June 202… |
| CADELLE | Cadelle | Symantec telemetry identified Cadelle and Chafer activity dating from as far back as July 2014, however, it’s likely that activity began well before this date.… |
| Caliente Bandits | Caliente Bandits | Caliente Bandits is a highly active threat group that targets multiple industries, including finance and entertainment. They distribute the Bandook remote acce… |
| CALIENTE-BANDITS | Caliente Bandits | Caliente Bandits is a highly active threat group that targets multiple industries, including finance and entertainment. They distribute the Bandook remote acce… |
| CALLISTO | Callisto | The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and… |
| Calypso | Calypso | For the first time, the activity of the Calypso group was detected by specialists of PT Expert Security Center in March 2019, during the work to detect cyber t… |
| CALYPSO | Calypso | For the first time, the activity of the Calypso group was detected by specialists of PT Expert Security Center in March 2019, during the work to detect cyber t… |
| CAMARO-DRAGON | Camaro Dragon | In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tool… |
| Caracal Kitten | Caracal Kitten | Caracal Kitten is an APT group that has been targeting activists associated with the Kurdistan Democratic Party. They employ a mobile remote access Trojan to g… |
| CARACAL-KITTEN | Caracal Kitten | Caracal Kitten is an APT group that has been targeting activists associated with the Kurdistan Democratic Party. They employ a mobile remote access Trojan to g… |
| Caramel Tsunami | Caramel Tsunami | Caramel Tsunami is a threat actor that specializes in spyware attacks. They have recently resurfaced with an updated toolset and zero-day exploits, targeting s… |
| CARAMEL-TSUNAMI | Caramel Tsunami | Caramel Tsunami is a threat actor that specializes in spyware attacks. They have recently resurfaced with an updated toolset and zero-day exploits, targeting s… |
| Carderbee | Carderbee | Symantec recently reported on activity attributed to a threat actor group dubbed Carderbee. In the campaign, the threat actors target entities in Hong Kong and… |
| CARDERBEE | Carderbee | Symantec recently reported on activity attributed to a threat actor group dubbed Carderbee. In the campaign, the threat actors target entities in Hong Kong and… |
| CARDINALLIZARD | CardinalLizard | CardinalLizard, a cyber threat actor linked to China, has targeted entities in Asia since 2018. Their methods include spear-phishing, custom malware with anti-… |
| CARETO | Careto | This threat actor targets governments, diplomatic missions, private companies in the energy sector, and academics for espionage purposes. The Mask is an advanc… |
| CARMINE-TSUNAMI | Carmine Tsunami | Carmine Tsunami is a threat actor linked to an Israel-based private sector offensive actor called QuaDream. QuaDream sells a platform called REIGN to governmen… |
| CashRewindo | CashRewindo | CashRewindo is a sophisticated threat actor leveraging aged domains in global malvertising campaigns to direct victims to investment scam sites. The group empl… |
| CASHREWINDO | CashRewindo | CashRewindo is a sophisticated threat actor leveraging aged domains in global malvertising campaigns to direct victims to investment scam sites. The group empl… |
| CERANAKEEPER | CeranaKeeper | CeranaKeeper is a China-aligned APT that has been active since at least early 2022, primarily targeting governmental institutions in Asian countries. The group… |
| ChainedShark | ChainedShark | ChainedShark is an APT group targeting China's scientific research sector, particularly professionals in international relations and marine technology, with th… |
| CHAINEDSHARK | ChainedShark | ChainedShark is an APT group targeting China's scientific research sector, particularly professionals in international relations and marine technology, with th… |
| Chamelgang | Chamelgang | In Q2 2021, the PT Expert Security Center incident response team conducted an investigation in an energy company. The investigation revealed that the company's… |
| CHAMELGANG | Chamelgang | In Q2 2021, the PT Expert Security Center incident response team conducted an investigation in an energy company. The investigation revealed that the company's… |
| CHARMING-KITTEN | Charming Kitten | Charming Kitten (aka Parastoo, aka Newscaster) is an group with a suspected nexus to Iran that targets organizations involved in government, defense technology… |
| CHAYA-004 | Chaya_004 | Chaya_004 is a Chinese threat actor identified through malicious infrastructure, including a network of servers hosting Supershell backdoors and various pen te… |
| CHERNOVITE | Chernovite | Chernovite is a highly capable and sophisticated threat actor group that has developed a modular ICS malware framework called PIPEDREAM. They are known for tar… |
| CHRONUS-GROUP | Chronus Group | Chronus Team is a hacktivist group known for defacement attacks and data leaks, primarily targeting public-sector organizations in Mexico. They have been linke… |
| CHRYSENE | CHRYSENE | Adversaries abusing ICS (based on Dragos Inc adversary list). This threat actor targets organizations involved in oil, gas, and electricity production, primari… |
| CHRYSENE | CHRYSENE | Adversaries abusing ICS (based on Dragos Inc adversary list). This threat actor targets organizations involved in oil, gas, and electricity production, primari… |
| CiberInteligenciaSV | CiberInteligenciaSV | CiberInteligenciaSV is a threat actor that leaked 5.1 million Salvadoran records on Breach Forums. They have also compromised El Salvador's state Bitcoin walle… |