2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 51–77 of 77 in RU · page 2 of 2
| ID | Title | Summary |
|---|---|---|
| TA570 | TA570 RU | TA570 is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as DEV-0450. Original record: One of the mos… |
| TA577 | TA577 RU | TA577 is a prolific cybercrime threat actor tracked by Proofpoint since mid-2020. This actor conducts broad targeting across various industries and geographies… |
| TA829 | TA829 RU | TA829 is a Russia-aligned threat actor that employs the RomCom RAT for intelligence-gathering and financially motivated cyberattacks, exploiting zero-day vulne… |
| TeamSpy Crew | TeamSpy Crew RU | Researchers have uncovered a long-term cyber-espionage campaign that used a combination of legitimate software packages and commodity malware tools to target a… |
| Turla | Turla RU | A 2014 Guardian article described Turla as: 'Dubbed the Turla hackers, initial intelligence had indicated western powers were key targets, but it was later det… |
| UAC-0020 | UAC-0020 RU | Vermin is a threat actor group linked to the Luhansk People’s Republic and believed to be acting on behalf of the Kremlin. They have targeted Ukrainian governm… |
| UAC-0094 | UAC-0094 RU | State Service of Special Communication and Information Protection of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram acc… |
| UAC-0194 | UAC-0194 RU | UAC-0194 is a Russian threat actor linked to the exploitation of the Windows zero-day CVE-2024-43451, which was used in attacks against Ukrainian organizations… |
| UAC-0245 | UAC-0245 RU | UAC-0245 is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Threat actors, tracked under the identifier UAC-02… |
| UNC2452 | UNC2452 RU | Reporting regarding activity related to the SolarWinds supply chain injection has grown quickly since initial disclosure on 13 December 2020. A significant amo… |
| UNC6293 | UNC6293 RU | UNC6293 is a Russian state-sponsored threat actor identified by Google's Threat Intelligence Group (GTIG), which associates them with APT29 with low confidence… |
| UNC6748 | UNC6748 RU | UNC6748 targets users in Saudi Arabia through a fake Snapchat website, employing a backdoor known as GHOSTKNIFE for data exfiltration. Their exploitation proce… |
| UNION SPIDER | UNION SPIDER RU | UNION SPIDER is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: UNION SPIDER is a Russian-attributed threat ac… |
| UNK_AcademicFlare | UNK_AcademicFlare RU | UNK_AcademicFlare is a suspected Russia-aligned threat actor that conducts device code phishing campaigns by leveraging compromised email addresses from govern… |
| UNK_RemoteRogue | UNK_RemoteRogue RU | UNK_RemoteRogue is a suspected Russian threat actor that has been observed utilizing ClickFix in its infection chains, although this technique is not revolutio… |
| UserSec | UserSec RU | UserSec is a pro-Russian hacking group that has been active since at least 2022. The group is known for its DDoS attacks and has collaborated with other pro-Ru… |
| UTA0352 | UTA0352 RU | UTA0352 is a Russian threat actor attributed to phishing campaigns that exploit Microsoft OAuth 2.0 authentication workflows, often impersonating government of… |
| UTA0355 | UTA0355 RU | UTA0355 is a Russian threat actor that conducts phishing campaigns targeting individuals and organizations associated with Ukraine. The actor initiates contact… |
| VICE SPIDER | VICE SPIDER RU | Vice Spider is a Russian-speaking ransomware group that has been active since at least April 2021 and is linked to a significant increase in identity-based att… |
| Void Blizzard | Void Blizzard RU | Void Blizzard’s cyberespionage operations tend to be highly targeted at specific organizations of interest to the Russian government, including in government, … |
| Water Gamayun | Water Gamayun RU | Water Gamayun exploits the MSC EvilTwin zero-day vulnerability to compromise systems and exfiltrate data, utilizing custom payloads and advanced data exfiltrat… |
| White Bear | White Bear RU | As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we … |
| Winter Vivern | Winter Vivern RU | Winter Vivern is a cyberespionage group first revealed by DomainTools in 2021. It is thought to have been active since at least 2020 and it targets governments… |
| WIZARD SPIDER | WIZARD SPIDER RU | Wizard Spider is reportedly associated with Grim Spider and Lunar Spider. The WIZARD SPIDER threat group is the Russia-based operator of the TrickBot banking m… |
| XakNet | XakNet RU | XakNet is a self-proclaimed hacktivist group that has targeted Ukraine. They claim to be comprised of Russian patriotic volunteers and have conducted various t… |
| Z-Pentest Alliance | Z-Pentest Alliance RU | Z-Pentest Alliance is a pro-Russian hacktivist group known for targeting industrial control systems and operational technology systems, particularly in Italy a… |
| Zarya | Zarya RU | Zarya is a pro-Russian hacktivist group that emerged in March 2022. Initially operating as a special forces unit under the command of Killnet, Zarya has since … |