2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 251–300 of 1,546 in Other · page 6 of 31
| ID | Title | Summary |
|---|---|---|
| COUGHINGDOWN | CoughingDown | CoughingDown is a threat group attributed to various cyber campaigns, including the deployment of the EAGERBEE backdoor, which utilizes service manipulation an… |
| Crimson Collective | Crimson Collective | The Crimson Collective is a cybercrime group that claimed to have compromised Red Hat's private GitHub repositories in September 2025. The group asserted it ha… |
| CRIMSON-COLLECTIVE | Crimson Collective | The Crimson Collective is a cybercrime group that claimed to have compromised Red Hat's private GitHub repositories in September 2025. The group asserted it ha… |
| CryptoChameleon | CryptoChameleon | CryptoChameleon is a cybercriminal group known for targeting cryptocurrency exchanges and users to steal digital assets, employing tactics such as VIP spear ph… |
| CRYPTOCHAMELEON | CryptoChameleon | CryptoChameleon is a cybercriminal group known for targeting cryptocurrency exchanges and users to steal digital assets, employing tactics such as VIP spear ph… |
| CRYSTALRAY | CRYSTALRAY | CRYSTALRAY is a threat actor known for leveraging open source tools like zmap and SSH-Snake to conduct widespread vulnerability scanning and exploitation. They… |
| CRYSTALRAY | CRYSTALRAY | CRYSTALRAY is a threat actor known for leveraging open source tools like zmap and SSH-Snake to conduct widespread vulnerability scanning and exploitation. They… |
| CUBOID-SANDSTORM | Cuboid Sandstorm | Cuboid Sandstorm is an Iranian threat actor that targeted an Israel-based IT company in July 2021. They gained access to the company's network and used it to c… |
| CURIOUS-GORGE | Curious Gorge | Curious Gorge, a group TAG attributes to China's PLA SSF, has conducted campaigns against government and military organizations in Ukraine, Russia, Kazakhstan,… |
| CURLY-COMRADES | Curly COMrades | Curly COMrades is a threat actor identified by Amazon Threat Intelligence and Bitdefender, believed to operate in support of Russian interests. They employ tec… |
| CUTTING-KITTEN | Cutting Kitten | One of the threat actors responsible for the denial of service attacks against U.S in 2012–2013. Three individuals associated with the group—believed to be hav… |
| CYBER-ALLIANCE | Cyber Alliance | The Ukrainian Cyber Alliance is a pro-Ukraine hacktivist group formed in 2016, primarily targeting Russian entities since the invasion of Ukraine in 2022. They… |
| Cyber Army of Russia Reborn | Cyber Army of Russia Reborn | |
| CYBER-ARMY-OF-RUSSIA-REBORN | Cyber Army of Russia Reborn | |
| CYBER-AV3NGERS | Cyber Av3ngers | Cyber Av3ngers is an Iranian IRGC Cyber-Electronic Command-affiliated threat actor that targets internet-exposed operational technology and industrial control … |
| CYBER-BERKUT | Cyber Berkut | |
| Cyber Caliphate Army | Cyber Caliphate Army | Cyber Caliphate Army is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Islamic State Hacking Division, CCA, United C… |
| CYBER-CALIPHATE-ARMY | Cyber Caliphate Army | |
| CYBER-FIGHTERS-OF-IZZ-AD-DIN-AL-QASSAM | Cyber fighters of Izz Ad-Din Al Qassam | |
| CYBER-ISLAMIC-RESISTANCE | Cyber Islamic Resistance | Cyber Islamic Resistance is a hacktivist collective ideologically aligned with Iran, engaging in operations such as website defacements, DDoS attacks, and data… |
| CYBER-PARTISANS | Cyber Partisans | The Cyber Partisans, a hacktivist group based in Belarus, has been involved in various cyber-attacks targeting organizations and infrastructure in Belarus and … |
| CYBER-SERP | Cyber Serp | UAC-0255 is a threat actor that conducted a phishing campaign impersonating CERT-UA to distribute the AGEWHEEZE RAT, targeting organizations in Ukraine's publi… |
| CYBER-TOUFAN | Cyber Toufan | Cyber Toufan is a threat actor group that has gained prominence for its cyberattacks targeting Israeli organizations. The group's tactics suggest potential nat… |
| CYBER-ANARCHY-SQUAD | Cyber.Anarchy.Squad | Cyber Anarchy Squad is a pro-Ukrainian hacktivist group known for targeting Russian companies and infrastructure. They have carried out cyberattacks on Russian… |
| CyberNiggers | CyberNiggers | CyberNiggers is a threat group known for breaching various organizations, including the US military, federal contractors, and multinational corporations like G… |
| CYBERNIGGERS | CyberNiggers | CyberNiggers is a threat group known for breaching various organizations, including the US military, federal contractors, and multinational corporations like G… |
| DAGGER-PANDA | DAGGER PANDA | Operate since at least 2011, from several locations in China, with members in Korea and Japan as well. Possibly linked to Onion Dog. This threat actor targets… |
| Daixin Team | Daixin Team | Daixin is a threat actor group that has been active since at least June 2022. They primarily target the healthcare and public health sector with ransomware att… |
| DAIXIN-TEAM | Daixin Team | Daixin is a threat actor group that has been active since at least June 2022. They primarily target the healthcare and public health sector with ransomware att… |
| DALBIT | Dalbit | The group usually targets vulnerable servers to breach information including internal data from companies or encrypts files and demands money. Their targets of… |
| Dancing Salome | Dancing Salome | Dancing Salome is the Kaspersky codename for an APT actor with a primary focus on ministries of foreign affairs, think tanks, and Ukraine. What makes Dancing S… |
| DANCING-SALOME | Dancing Salome | Dancing Salome is the Kaspersky codename for an APT actor with a primary focus on ministries of foreign affairs, think tanks, and Ukraine. What makes Dancing S… |
| DangerousSavanna | DangerousSavanna | Malicious campaign called DangerousSavanna has been targeting multiple major financial service groups in French-speaking Africa for the last two years. The thr… |
| DANGEROUSSAVANNA | DangerousSavanna | Malicious campaign called DangerousSavanna has been targeting multiple major financial service groups in French-speaking Africa for the last two years. The thr… |
| Danti | Danti | |
| DANTI | Danti | |
| Dark Basin | Dark Basin | Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups … |
| DARK-BASIN | Dark Basin | Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups … |
| DARK-CARACAL | Dark Caracal | Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be ad… |
| DarkCasino | DarkCasino | DarkCasino is an economically motivated APT group that targets online trading platforms, including cryptocurrencies, online casinos, network banks, and online … |
| DARKCASINO | DarkCasino | DarkCasino is an economically motivated APT group that targets online trading platforms, including cryptocurrencies, online casinos, network banks, and online … |
| DarkGaboon | DarkGaboon | DarkGaboon is a financially motivated APT group that has been independently targeting Russian organizations since May 2023, primarily using phishing emails to … |
| DARKGABOON | DarkGaboon | DarkGaboon is a financially motivated APT group that has been independently targeting Russian organizations since May 2023, primarily using phishing emails to … |
| DARKHOTEL | DarkHotel | Kaspersky described DarkHotel in a 2014 report as: '... DarkHotel drives its campaigns by spear-phishing targets with highly advanced Flash zero-day exploits t… |
| DarkHydrus | DarkHydrus | In July 2018, Unit 42 analyzed a targeted attack using a novel file type against at least one government agency in the Middle East. It was carried out by a pre… |
| DARKHYDRUS | DarkHydrus | In July 2018, Unit 42 analyzed a targeted attack using a novel file type against at least one government agency in the Middle East. It was carried out by a pre… |
| DarkPink | DarkPink | DarkPink is an APT group that has been active since mid-2021, primarily targeting government, military, and non-profit organizations in Southeast Asia and Euro… |
| DARKPINK | DarkPink | DarkPink is an APT group that has been active since mid-2021, primarily targeting government, military, and non-profit organizations in Southeast Asia and Euro… |
| DarkRaaS | DarkRaaS | DarkRaaS is a threat actor specializing in selling unauthorized access to various organizations' systems and networks across multiple countries, with a recent … |
| DARKRAAS | DarkRaaS | DarkRaaS is a threat actor specializing in selling unauthorized access to various organizations' systems and networks across multiple countries, with a recent … |