2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 401–450 of 1,546 in Other · page 9 of 31
| ID | Title | Summary |
|---|---|---|
| FEMWAR02 | Femwar02 | Femwar02 is a previously unknown pro-Russian ransomware threat actor that emerged in early 2026, linked to a major cyberattack on Italy's Sapienza University o… |
| FEROCIOUS-KITTEN | Ferocious Kitten | Ferocious Kitten is an APT group that has been active against Persian-speaking individuals since 2015 and appears to be based in Iran. Although it has been act… |
| FIN1 | FIN1 | FireEye first identified this activity during a recent investigation at an organization in the financial industry. They identified the presence of a financiall… |
| FIN10 | FIN10 | FireEye has observed multiple targeted intrusions occurring in North America — predominately in Canada — dating back to at least 2013 and continuing through at… |
| FIN10 | FIN10 | FireEye has observed multiple targeted intrusions occurring in North America — predominately in Canada — dating back to at least 2013 and continuing through at… |
| FIN11 | FIN11 | FIN11 is a well-established financial crime group that has recently focused its operations on ransomware and extortion. The group has been active since 2017 an… |
| FIN11 | FIN11 | FIN11 is a well-established financial crime group that has recently focused its operations on ransomware and extortion. The group has been active since 2017 an… |
| FIN13 | FIN13 | Since 2017, Mandiant has been tracking FIN13, an industrious and versatile financially motivated threat actor conducting long-term intrusions in Mexico with an… |
| FIN5 | FIN5 | FIN5 is a financially motivated threat group that has targeted personally identifiable information and payment card information. The group has been active sinc… |
| FIN5 | FIN5 | FIN5 is a financially motivated threat group that has targeted personally identifiable information and payment card information. The group has been active sinc… |
| FIN6 | FIN6 | FIN6 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as SKELETON SPIDER, ITG08, MageCart Group 6 (and 7 more). Origin… |
| FIN6 | FIN6 | FIN is a group targeting financial assets including assets able to do financial transaction including PoS. |
| FIN7 | FIN7 | Groups targeting financial organizations or people with significant financial assets. |
| FIN8 | FIN8 | FIN8 is a financially motivated group targeting the retail, hospitality and entertainment industries. The actor had previously conducted several tailored spear… |
| FIN8 | FIN8 | FIN8 is a financially motivated group targeting the retail, hospitality and entertainment industries. The actor had previously conducted several tailored spear… |
| Fishing Elephant | Fishing Elephant | Fishing Elephant is a threat actor that primarily targets victims in Bangladesh and Pakistan. They rely on consistent TTPs, including payload and communication… |
| FISHING-ELEPHANT | Fishing Elephant | Fishing Elephant is a threat actor that primarily targets victims in Bangladesh and Pakistan. They rely on consistent TTPs, including payload and communication… |
| FishMedley | FishMedley | Verticals targeted during Operation FishMedley include governments, NGOs, and think tanks, across Asia, Europe, and the United States. ; Operators used implant… |
| FISHMEDLEY | FishMedley | Verticals targeted during Operation FishMedley include governments, NGOs, and think tanks, across Asia, Europe, and the United States. ; Operators used implant… |
| Flash Kitten | Flash Kitten | This suspected Iran-based adversary conducted long-running SWC campaigns from December 2016 until public disclosure in July 2018. Like other Iran-based actors,… |
| FLASH-KITTEN | Flash Kitten | This suspected Iran-based adversary conducted long-running SWC campaigns from December 2016 until public disclosure in July 2018. Like other Iran-based actors,… |
| FLAX-TYPHOON | Flax Typhoon | Flax Typhoon is a Chinese state-sponsored threat actor that primarily targets organizations in Taiwan. They conduct espionage campaigns and focus on gaining an… |
| FlowerStorm | FlowerStorm | FlowerStorm is a phishing-as-a-service platform that mimics legitimate services to bypass multi-factor authentication structure. The majority of its targets ar… |
| FLOWERSTORM | FlowerStorm | FlowerStorm is a phishing-as-a-service platform that mimics legitimate services to bypass multi-factor authentication structure. The majority of its targets ar… |
| FLYING-KITTEN | Flying Kitten | Activity: defense and aerospace sectors, also interested in targeting entities in the oil/gas industry. |
| FLYINGYETI | FlyingYeti | FlyingYeti is a Russia-aligned threat actor targeting Ukrainian military entities. They conduct reconnaissance activities and launch phishing campaigns using m… |
| FOX-KITTEN | Fox Kitten | PIONEER KITTEN is an Iran-based adversary that has been active since at least 2017 and has a suspected nexus to the Iranian government. This adversary appears … |
| FOXY-PANDA | FOXY PANDA | Adversary group targeting telecommunication and technology organizations. |
| FROSTYNEIGHBOR | FrostyNeighbor | FrostyNeighbor is a Belarus-aligned APT group known for conducting influence and disinformation campaigns, particularly targeting Ukraine, Poland, and Lithuani… |
| FunkSec | FunkSec | Funksec is a newly identified extortion group that has claimed 11 victims across various sectors, including media, IT, and education, operating a Tor-based DLS… |
| FUNKSEC | FunkSec | Funksec is a newly identified extortion group that has claimed 11 victims across various sectors, including media, IT, and education, operating a Tor-based DLS… |
| FusionCore | FusionCore | The CYFIRMA research team has identified a new up-and-coming European threat actor group known as FusionCore. Running Malware-as-a-service, along with the hack… |
| FUSIONCORE | FusionCore | The CYFIRMA research team has identified a new up-and-coming European threat actor group known as FusionCore. Running Malware-as-a-service, along with the hack… |
| Fxmsp | Fxmsp | Throughout 2017 and 2018, Fxmsp established a network of trusted proxy resellers to promote their breaches on the criminal underground. Some of the known Fxmsp… |
| FXMSP | Fxmsp | Throughout 2017 and 2018, Fxmsp established a network of trusted proxy resellers to promote their breaches on the criminal underground. Some of the known Fxmsp… |
| GALLIUM | GALLIUM | GALLIUM, is a threat actor believed to be targeting telecommunication providers over the world, mostly South-East Asia, Europe and Africa. To compromise target… |
| Gallmaker | Gallmaker | Symantec researchers have uncovered a previously unknown attack group that is targeting government and military targets, including several overseas embassies o… |
| GALLMAKER | Gallmaker | Symantec researchers have uncovered a previously unknown attack group that is targeting government and military targets, including several overseas embassies o… |
| GamaCopy | GamaCopy | GamaCopy is a threat actor first discovered in June 2023, known for launching cyberattacks against Russia’s defense and critical infrastructure sectors by mimi… |
| GAMACOPY | GamaCopy | GamaCopy is a threat actor first discovered in June 2023, known for launching cyberattacks against Russia’s defense and critical infrastructure sectors by mimi… |
| GAMAREDON-GROUP | Gamaredon Group | Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon G… |
| GambleForce | GambleForce | GambleForce is a threat actor specializing in SQL injection attacks. They have targeted over 20 websites in various sectors across multiple countries, compromi… |
| GAMBLEFORCE | GambleForce | GambleForce is a threat actor specializing in SQL injection attacks. They have targeted over 20 websites in various sectors across multiple countries, compromi… |
| GC01 | GC01 | From November 2017 to October 2018, we attributed 14 campaigns to the GC threat actors that used a specific MaaS provider (hereinafter “the Provider”) offered … |
| GC01 | GC01 | From November 2017 to October 2018, we attributed 14 campaigns to the GC threat actors that used a specific MaaS provider (hereinafter “the Provider”) offered … |
| GC02 | GC02 | From November 2017 to October 2018, we attributed 14 campaigns to the GC threat actors that used a specific MaaS provider (hereinafter “the Provider”) offered … |
| GC02 | GC02 | From November 2017 to October 2018, we attributed 14 campaigns to the GC threat actors that used a specific MaaS provider (hereinafter “the Provider”) offered … |
| GCMAN | GCMAN | GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. |
| Gelsemium | Gelsemium | The Gelsemium group has been active since at least 2014 and was described in the past by a few security companies. Gelsemium’s name comes from one possible tra… |
| GELSEMIUM | Gelsemium | The Gelsemium group has been active since at least 2014 and was described in the past by a few security companies. Gelsemium’s name comes from one possible tra… |