2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 701–750 of 2,004 · page 15 of 41
| ID | Title | Summary |
|---|---|---|
| GreyEnergy | GreyEnergy | GreyEnergy is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: ESET research reveals a successor to the infamous BlackEnergy APT g… |
| GREYENERGY | GreyEnergy | ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks |
| GREYVIBE | GreyVibe | GREYVIBE is a low-to-moderately sophisticated threat actor associated with Russian state interests, primarily targeting Ukrainian entities. The group employs c… |
| GRIM SPIDER | GRIM SPIDER | GRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom retu… |
| GRIM-SPIDER | GRIM SPIDER | GRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom retu… |
| Groundbait | Groundbait UA | Groundbait is a Ukrainian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Groundbait is a group targeting anti-governmen… |
| GROUNDBAIT | Groundbait | Groundbait is a group targeting anti-government separatists in the self-declared Donetsk and Luhansk People’s Republics. |
| Group5 | Group5 | A threat actor using Iranian-language tools, Iranian hosting companies, operating from the Iranian IP space at times was observed targeting the Syrian oppositi… |
| GROUP5 | Group5 | A threat actor using Iranian-language tools, Iranian hosting companies, operating from the Iranian IP space at times was observed targeting the Syrian oppositi… |
| GTFire | GTFire | GTFire is a threat actor that leverages Google Firebase for hosting phishing pages and Google Translate to disguise malicious URLs, effectively bypassing secur… |
| GTFIRE | GTFire | GTFire is a threat actor that leverages Google Firebase for hosting phishing pages and Google Translate to disguise malicious URLs, effectively bypassing secur… |
| GTG-1002 | GTG-1002 CN | GTG-1002 is a Chinese state-sponsored APT that conducted a large-scale autonomous cyber espionage campaign targeting approximately 30 global organizations acro… |
| GTG-1002 | GTG-1002 | GTG-1002 is a Chinese state-sponsored APT that conducted a large-scale autonomous cyber espionage campaign targeting approximately 30 global organizations acro… |
| Guacamaya | Guacamaya | Guacamaya has conducted multiple hack and leak campaigns against military and police agencies and mining companies across Latin America, which they believe hav… |
| GUACAMAYA | Guacamaya | Guacamaya has conducted multiple hack and leak campaigns against military and police agencies and mining companies across Latin America, which they believe hav… |
| GURU SPIDER | GURU SPIDER | GURU SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Early in 2018, CrowdStrike Intelligence observed GURU SPIDER suppo… |
| GURU-SPIDER | GURU SPIDER | Early in 2018, CrowdStrike Intelligence observed GURU SPIDER supporting the distribution of multiple crimeware families through its flagship malware loader, Qu… |
| Hacking Team | Hacking Team | The many 0-days that had been collected by Hacking Team and which became publicly available during the breach of their organization in 2015, have been used by … |
| HACKING-TEAM | Hacking Team | The many 0-days that had been collected by Hacking Team and which became publicly available during the breach of their organization in 2015, have been used by … |
| HAFNIUM | HAFNIUM CN | HAFNIUM primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher educat… |
| HAFNIUM | HAFNIUM | HAFNIUM primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher educat… |
| Hagga | Hagga | Hagga is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Aggah, TH-157. Original record: Hagga is believed to have be… |
| HAGGA | Hagga | Hagga is believed to have been using Agent Tesla, 2021’s sixth most prevalent malware, to steal sensitive information from his victims since the latter part of… |
| Handala | Handala PS | Handala is a pro-Palestinian hacktivist group that targets Israeli organizations, employing tactics such as phishing, data theft, extortion, and destructive at… |
| HANDALA | Handala | Handala is a pro-Palestinian hacktivist group that targets Israeli organizations, employing tactics such as phishing, data theft, extortion, and destructive at… |
| HAZY TIGER | HAZY TIGER IN | The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released in 2014 were based on the Andr… |
| HAZY-TIGER | HAZY TIGER | The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released in 2014 were based on the Andr… |
| Head Mare | Head Mare | Head Mare is a hacktivism focussed threat actor group known for targeting Russia and Belarus sectors using a remote access malware called PhantomRAT. They have… |
| HEAD-MARE | Head Mare | Head Mare is a hacktivism focussed threat actor group known for targeting Russia and Belarus sectors using a remote access malware called PhantomRAT. They have… |
| HellHounds | HellHounds | Hellhounds is an APT group targeting organizations in Russia, using a modified version of Pupy RAT called Decoy Dog. They gain initial access through vulnerabl… |
| HELLHOUNDS | HellHounds | Hellhounds is an APT group targeting organizations in Russia, using a modified version of Pupy RAT called Decoy Dog. They gain initial access through vulnerabl… |
| Hellsing | Hellsing CN | This threat actor uses spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the United States. It also seems to have target… |
| HELLSING | Hellsing | This threat actor uses spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the United States. It also seems to have target… |
| HenBox | HenBox CN | HenBox is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Civil society sector. Documented… |
| HENBOX | HenBox | This threat actor targets Uighurs—a minority ethnic group located primarily in northwestern China—and devices from Chinese mobile phone manufacturer Xiaomi, fo… |
| HexagonalRodent | HexagonalRodent | HexagonalRodent targets Web3 developers to steal crypto assets, employing social engineering tactics such as fake job offers. They utilize malware like BeaverT… |
| HEXAGONALRODENT | HexagonalRodent | HexagonalRodent targets Web3 developers to steal crypto assets, employing social engineering tactics such as fake job offers. They utilize malware like BeaverT… |
| Hezb | Hezb | Hezb is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Mimo. Original record: Hezb is a group deploying cryptominers… |
| HEZB | Hezb | Hezb is a group deploying cryptominers when new exploit are available for public facing vulnerabilities. The name is after the miner process they deploy. |
| HiddenArt | HiddenArt RU | It was observed that a mobile network threat actor designated as ‘HiddenArt’ actively sustains a capacity to remotely access the personal devices of targeted i… |
| HIDDENART | HiddenArt | It was observed that a mobile network threat actor designated as ‘HiddenArt’ actively sustains a capacity to remotely access the personal devices of targeted i… |
| Higaisa | Higaisa KR | The organization often uses important North Korean time nodes such as holidays and North Korea to conduct fishing activities. The bait includes New Year blessi… |
| HIGAISA | Higaisa | The organization often uses important North Korean time nodes such as holidays and North Korea to conduct fishing activities. The bait includes New Year blessi… |
| HikkI-Chan | HikkI-Chan | Hikki-Chan has claimed responsibility for multiple significant data breaches, including the theft of data from 390.4 million users of VKontakte, which included… |
| HIKKI-CHAN | HikkI-Chan | Hikki-Chan has claimed responsibility for multiple significant data breaches, including the theft of data from 390.4 million users of VKontakte, which included… |
| HIVE-0145 | HIVE-0145 | Hive0145 is a financially motivated initial access broker that has been active since late 2022, primarily utilizing Strela Stealer malware to target email cred… |
| HIVE-0145 | HIVE-0145 | Hive0145 is a financially motivated initial access broker that has been active since late 2022, primarily utilizing Strela Stealer malware to target email cred… |
| Hive0117 | Hive0117 | Hive0117 is a financially motivated cybercriminal group that conducts phishing campaigns to deliver the fileless malware DarkWatchman, which is capable of keyl… |
| HIVE0117 | Hive0117 | Hive0117 is a financially motivated cybercriminal group that conducts phishing campaigns to deliver the fileless malware DarkWatchman, which is capable of keyl… |
| Hive0137 | Hive0137 | Being one of the most active malware distributors, Hive0137 demonstrates a willingness to explore new payloads and technologies such as GenAI. They have quickl… |