2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1–50 of 77 in RU · page 1 of 2
| ID | Title | Summary |
|---|---|---|
| Angry Likho | Angry Likho RU | Angry Likho is an APT group that has been active since 2023, primarily targeting large organizations and government agencies in Russia and Belarus. Their attac… |
| APT28 | APT28 RU | The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely op… |
| APT29 | APT29 RU | A 2015 report by F-Secure describe APT29 as: 'The Dukes are a well-resourced, highly dedicated and organized cyberespionage group that we believe has been work… |
| Boulder Bear | Boulder Bear RU | Boulder Bear is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Boulder Bear is a Russian-attributed threat ac… |
| BuhTrap | BuhTrap RU | Buhtrap has been active since 2014, however their first attacks against financial institutions were only detected in August 2015. Earlier, the group had only f… |
| Callisto | Callisto RU | The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and… |
| Chernovite | Chernovite RU | Chernovite is a highly capable and sophisticated threat actor group that has developed a modular ICS malware framework called PIPEDREAM. They are known for tar… |
| CIRCUS SPIDER | CIRCUS SPIDER RU | According to Crowdstrike, the NetWalker ransomware is being developed and maintained by a Russian-speaking actor designated as CIRCUS SPIDER. Initially discove… |
| Curly COMrades | Curly COMrades RU | Curly COMrades is a threat actor identified by Amazon Threat Intelligence and Bitdefender, believed to operate in support of Russian interests. They employ tec… |
| Cyber Berkut | Cyber Berkut RU | Cyber Berkut is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Cyber Berkut is a Russian-attributed threat ac… |
| Cyber Serp | Cyber Serp RU | UAC-0255 is a threat actor that conducted a phishing campaign impersonating CERT-UA to distribute the AGEWHEEZE RAT, targeting organizations in Ukraine's publi… |
| DEV-0586 | DEV-0586 RU | MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malw… |
| DustSquad | DustSquad RU | Prodaft researchers have published a report on Paperbug, a cyber-espionage campaign carried out by suspected Russian-speaking group Nomadic Octopus and which t… |
| ENERGETIC BEAR | ENERGETIC BEAR RU | ENERGETIC BEAR is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as BERSERK BEAR, ALLANITE, CASTLE (… |
| EvilWeb | EvilWeb RU | EvilWeb is a pro-Russian hacktivist group created in March 2024 that targets American and European entities using a hack-and-leak method alongside DDoS attacks… |
| Femwar02 | Femwar02 RU | Femwar02 is a previously unknown pro-Russian ransomware threat actor that emerged in early 2026, linked to a major cyberattack on Italy's Sapienza University o… |
| FIN1 | FIN1 RU | FireEye first identified this activity during a recent investigation at an organization in the financial industry. They identified the presence of a financiall… |
| FIN13 | FIN13 RU | Since 2017, Mandiant has been tracking FIN13, an industrious and versatile financially motivated threat actor conducting long-term intrusions in Mexico with an… |
| FIN7 | FIN7 RU | FIN7 is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as CARBON SPIDER, GOLD NIAGARA, Calcium (and … |
| FlyingYeti | FlyingYeti RU | FlyingYeti is a Russia-aligned threat actor targeting Ukrainian military entities. They conduct reconnaissance activities and launch phishing campaigns using m… |
| Gamaredon Group | Gamaredon Group RU | Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon G… |
| GCMAN | GCMAN RU | GCMAN is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0036. Original record: GCMAN is a threat… |
| GreedyBear | GreedyBear RU | GreedyBear is a sophisticated threat actor responsible for over $1 million in cryptocurrency theft through a campaign involving 150 malicious Firefox extension… |
| HiddenArt | HiddenArt RU | It was observed that a mobile network threat actor designated as ‘HiddenArt’ actively sustains a capacity to remotely access the personal devices of targeted i… |
| Hunt3r Kill3rs | Hunt3r Kill3rs RU | Hunt3r Kill3rs is a newly emerged threat group claiming expertise in cyber operations, including ICS breaches and web application vulnerabilities exploitation.… |
| Inception Framework | Inception Framework RU | This threat actor uses spear-phishing techniques to target private-sector energy, defense, aerospace, research, and media organizations and embassies in Africa… |
| INDRIK SPIDER | INDRIK SPIDER RU | INDRIK SPIDER is a sophisticated eCrime group that has been operating Dridex since June 2014. In 2015 and 2016, Dridex was one of the most prolific eCrime bank… |
| Infrastructure Destruction Squad | Infrastructure Destruction Squad RU | Dark Engine has emerged as a significant threat actor targeting industrial control systems and SCADA systems in sectors such as metallurgy and food processing.… |
| MAGNETIC SPIDER | MAGNETIC SPIDER RU | MAGNETIC SPIDER is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: MAGNETIC SPIDER is a Russian-attributed thr… |
| Mora_001 | Mora_001 RU | Mora_001 is a threat actor exhibiting a distinct operational signature that combines opportunistic attacks with ties to the LockBit ecosystem. The actor has be… |
| OldGremlin | OldGremlin RU | OldGremlin is a Russian-speaking ransomware group that has been active for several years. They primarily target organizations in Russia, including banks, logis… |
| Operation BugDrop | Operation BugDrop RU | This threat actor targets critical infrastructure entities in the oil and gas sector, primarily in Ukraine. The threat actors deploy the BugDrop malware to rem… |
| Operation Emmental | Operation Emmental RU | Operation Emmental, also known as the Retefe gang, is a threat actor group that has been active since at least 2012. They primarily target customers of banks i… |
| RaHDit | RaHDit RU | RaHDit is a pro-Kremlin hacktivist group known for orchestrating hack-and-leak operations, including the publication of personal information about Ukrainian mi… |
| RomCom | RomCom RU | ROMCOM is an evolving and sophisticated threat actor group that has been using the malware tool ROMCOM for espionage and financially motivated attacks. They ha… |
| RuskiNet | RuskiNet RU | RuskiNet is a pro-Russian hacktivist collective associated with disruptive operations including DDoS attacks, website defacements, phishing, and data leaks aga… |
| Ruthless Rabbit | Ruthless Rabbit RU | Ruthless Rabbit has been running investment scam campaigns since November 2022, primarily targeting users in Russia, Poland, Romania, and Kazakhstan. The actor… |
| SaintBear | SaintBear RU | SaintBear is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as UNC2589, TA471, UAC-0056 (and 11 more… |
| Sandworm | Sandworm RU | This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial … |
| SHARK SPIDER | SHARK SPIDER RU | This group's activity was first observed in November 2013. It leverages a banking Trojan more commonly known as Shylock which aims to compromise online banking… |
| Solntsepek | Solntsepek RU | Solntsepek is a threat actor group with ties to the Russian military unit GRU. They have claimed responsibility for a cyberattack on Kyivstar, a Ukrainian mobi… |
| SpaceBears | SpaceBears RU | SpaceBears is a ransomware group believed to be based in Moscow, Russia, that has taken credit for several high-profile cyberattacks while primarily operating … |
| Storm-0381 | Storm-0381 RU | Storm-0381 is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as DEV-0381. Original record: Storm-038… |
| Storm-1099 | Storm-1099 RU | Storm-1099 is a sophisticated Russia-affiliated influence actor that has been conducting pro-Russia influence operations targeting international supporters of … |
| Storm-1516 | Storm-1516 RU | CopyCop is a Russian covert influence network that has established over 300 fictional media websites targeting the US, France, Canada, and other countries, pri… |
| Storm-1679 | Storm-1679 RU | Storm-1679 is a Russian disinformation group believed to be a spinoff of the Internet Research Agency, actively engaged in influence operations targeting the I… |
| Storm-2372 | Storm-2372 RU | Storm-2372 is a suspected nation-state actor aligned with Russian interests, engaging in device code phishing campaigns targeting governments, NGOs, and variou… |
| Sunglow Blizzard | Sunglow Blizzard RU | Sunglow Blizzard is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as DEV-0665. Original record: DEV… |
| TA2101 | TA2101 RU | Proofpoint researchers detected campaigns from a relatively new actor, tracked internally as TA2101, targeting German companies and organizations to deliver an… |
| TA505 | TA505 RU | TA505, the name given by Proofpoint, has been in the cybercrime business for at least four years. This is the group behind the infamous Dridex banking trojan a… |