2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 751–800 of 2,004 · page 16 of 41
| ID | Title | Summary |
|---|---|---|
| HIVE0137 | Hive0137 | Being one of the most active malware distributors, Hive0137 demonstrates a willingness to explore new payloads and technologies such as GenAI. They have quickl… |
| Hive0163 | Hive0163 | Hive0163 is a financially motivated ransomware group responsible for deploying Interlock ransomware, utilizing ClickFix social engineering for initial access. … |
| HIVE0163 | Hive0163 | Hive0163 is a financially motivated ransomware group responsible for deploying Interlock ransomware, utilizing ClickFix social engineering for initial access. … |
| HollowQuill | HollowQuill | SEQRITE Labs APT-Team has been tracking and has uncovered a campaign targeting the Baltic State Technical University, a well-known institution for various defe… |
| HOLLOWQUILL | HollowQuill | SEQRITE Labs APT-Team has been tracking and has uncovered a campaign targeting the Baltic State Technical University, a well-known institution for various defe… |
| HomeLand Justice | HomeLand Justice IR | HomeLand Justice is an Iranian state-sponsored cyber threat group that has been active since at least May 2021. They have targeted various organizations, inclu… |
| HOMELAND-JUSTICE | HomeLand Justice | HomeLand Justice is an Iranian state-sponsored cyber threat group that has been active since at least May 2021. They have targeted various organizations, inclu… |
| Honeybee | Honeybee | McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as ba… |
| HONEYBEE | Honeybee | McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as ba… |
| HookAds | HookAds | HookAds is a malvertising campaign that purchases cheap ad space on low quality ad networks commonly used by adult web sites, online games, or blackhat seo sit… |
| HOOKADS | HookAds | HookAds is a malvertising campaign that purchases cheap ad space on low quality ad networks commonly used by adult web sites, online games, or blackhat seo sit… |
| Houken | Houken CN | Houken is a Chinese state-sponsored threat actor that exploits zero-day vulnerabilities in Ivanti Cloud Services Appliance devices to gain initial access to cr… |
| HOUKEN | Houken | Houken is a Chinese state-sponsored threat actor that exploits zero-day vulnerabilities in Ivanti Cloud Services Appliance devices to gain initial access to cr… |
| HOUND SPIDER | HOUND SPIDER | HOUND SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: HOUND SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Ga… |
| HOUND-SPIDER | HOUND SPIDER | According to Crowdstrike, HOUND SPIDER affiliates arrested in Romania on December,2017 |
| HummingBad | HummingBad CN | This group created a malware that takes over Android devices and generates $300,000 per month in fraudulent ad revenue. The group effectively controls an arse… |
| HUMMINGBAD | HummingBad | This group created a malware that takes over Android devices and generates $300,000 per month in fraudulent ad revenue. The group effectively controls an arse… |
| Hunt3r Kill3rs | Hunt3r Kill3rs RU | Hunt3r Kill3rs is a newly emerged threat group claiming expertise in cyber operations, including ICS breaches and web application vulnerabilities exploitation.… |
| HUNT3R-KILL3RS | Hunt3r Kill3rs | Hunt3r Kill3rs is a newly emerged threat group claiming expertise in cyber operations, including ICS breaches and web application vulnerabilities exploitation.… |
| HURRICANE PANDA | HURRICANE PANDA CN | We have investigated their intrusions since 2013 and have been battling them nonstop over the last year at several large telecommunications and technology comp… |
| HURRICANE-PANDA | HURRICANE PANDA | We have investigated their intrusions since 2013 and have been battling them nonstop over the last year at several large telecommunications and technology comp… |
| IcePeony | IcePeony CN | IcePeony is a China-nexus APT group that has been active since at least 2023, targeting government agencies, academic institutions, and political organizations… |
| ICEPEONY | IcePeony | IcePeony is a China-nexus APT group that has been active since at least 2023, targeting government agencies, academic institutions, and political organizations… |
| IMPERSONATING PANDA | IMPERSONATING PANDA CN | IMPERSONATING PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: IMPERSONATING PANDA is a Chinese-attrib… |
| IMPERSONATING-PANDA | IMPERSONATING PANDA | |
| Inception Framework | Inception Framework RU | This threat actor uses spear-phishing techniques to target private-sector energy, defense, aerospace, research, and media organizations and embassies in Africa… |
| INCEPTION-FRAMEWORK | Inception Framework | This threat actor uses spear-phishing techniques to target private-sector energy, defense, aerospace, research, and media organizations and embassies in Africa… |
| IndigoZebra | IndigoZebra CN | IndigoZebra is a Chinese state-sponsored actor mentioned for the first time by Kaspersky in its APT Trends report Q2 2017, targeting, at the time of its discov… |
| INDIGOZEBRA | IndigoZebra | IndigoZebra is a Chinese state-sponsored actor mentioned for the first time by Kaspersky in its APT Trends report Q2 2017, targeting, at the time of its discov… |
| INDOHAXSEC TEAM | INDOHAXSEC TEAM ID | INDOHAXSEC TEAM is an Indonesian group that claims to have developed a web-based version of WannaCry, asserting the ability to encrypt websites and demand Bitc… |
| INDOHAXSEC-TEAM | INDOHAXSEC TEAM | INDOHAXSEC TEAM is an Indonesian group that claims to have developed a web-based version of WannaCry, asserting the ability to encrypt websites and demand Bitc… |
| INDRIK SPIDER | INDRIK SPIDER RU | INDRIK SPIDER is a sophisticated eCrime group that has been operating Dridex since June 2014. In 2015 and 2016, Dridex was one of the most prolific eCrime bank… |
| INDRIK-SPIDER | INDRIK SPIDER | INDRIK SPIDER is a sophisticated eCrime group that has been operating Dridex since June 2014. In 2015 and 2016, Dridex was one of the most prolific eCrime bank… |
| Infrastructure Destruction Squad | Infrastructure Destruction Squad RU | Dark Engine has emerged as a significant threat actor targeting industrial control systems and SCADA systems in sectors such as metallurgy and food processing.… |
| INFRASTRUCTURE-DESTRUCTION-SQUAD | Infrastructure Destruction Squad | Dark Engine has emerged as a significant threat actor targeting industrial control systems and SCADA systems in sectors such as metallurgy and food processing.… |
| Infy | Infy IR | Infy is a group of suspected Iranian origin. Since early 2013, we have observed activity from a unique threat actor group, which we began to investigate based … |
| INFY | Infy | Infy is a group of suspected Iranian origin. Since early 2013, we have observed activity from a unique threat actor group, which we began to investigate based … |
| INJ3CTOR3 | INJ3CTOR3 | INJ3CTOR3 is a threat actor first identified in 2020, known for targeting vulnerabilities in VoIP systems, specifically CVE-2019-19006 and CVE-2021-45461. Thei… |
| INJ3CTOR3 | INJ3CTOR3 | INJ3CTOR3 is a threat actor first identified in 2020, known for targeting vulnerabilities in VoIP systems, specifically CVE-2019-19006 and CVE-2021-45461. Thei… |
| INTEID | Inteid | Inteid is a member of the Russian Legion alliance, which includes groups like Cardinal and The White Pulse, and has been involved in DDoS attacks targeting Den… |
| IntelBroker | IntelBroker | IntelBroker is a threat actor known for orchestrating high-profile data breaches targeting companies like Apple, Zscaler, and Facebook Marketplace. They have a… |
| INTELBROKER | IntelBroker | IntelBroker is a threat actor known for orchestrating high-profile data breaches targeting companies like Apple, Zscaler, and Facebook Marketplace. They have a… |
| InvisiMole | InvisiMole | InvisiMole is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Government sector. Documented victim organisati… |
| INVISIMOLE | InvisiMole | Adversary group targeting diplomatic missions, governmental and military organisations, mainly in Ukraine. |
| IRIDIUM | IRIDIUM IR | Resecurity’s research indicates that the attack on Parliament is a part of a multi-year cyberespionage campaign orchestrated by a nation-state actor whom we ar… |
| IRIDIUM | IRIDIUM | Resecurity’s research indicates that the attack on Parliament is a part of a multi-year cyberespionage campaign orchestrated by a nation-state actor whom we ar… |
| IRLeaks | IRLeaks | IRLeaks is a threat actor known for significant cyberattacks targeting Iranian organizations, including a major breach of SnappFood, where they exfiltrated 3TB… |
| IRLEAKS | IRLeaks | IRLeaks is a threat actor known for significant cyberattacks targeting Iranian organizations, including a major breach of SnappFood, where they exfiltrated 3TB… |
| Iron Group | Iron Group | Iron group has developed multiple types of malware (backdoors, crypto-miners, and ransomware) for Windows, Linux and Android platforms. They have used their ma… |
| IRON-GROUP | Iron Group | Iron group has developed multiple types of malware (backdoors, crypto-miners, and ransomware) for Windows, Linux and Android platforms. They have used their ma… |