2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 851–900 of 2,004 · page 18 of 41
| ID | Title | Summary |
|---|---|---|
| LANCEFLY | Lancefly | Lancefly targets government, aviation, and telecom organizations in South and Southeast Asia. They use a custom backdoor named Merdoor, developed since 2018, a… |
| LAPSUS | LAPSUS | LAPSUS is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as LAPSUS$, DEV-0537, SLIPPY SPIDER (and 3 more). Original rec… |
| LAPSUS | LAPSUS | An actor group conducting large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive element… |
| Larva-208 | Larva-208 | LARVA-208 is a financially motivated threat actor employing sophisticated phishing campaigns to harvest credentials and deploy ransomware. The actor uses multi… |
| LARVA-208 | Larva-208 | LARVA-208 is a financially motivated threat actor employing sophisticated phishing campaigns to harvest credentials and deploy ransomware. The actor uses multi… |
| Larva-24005 | Larva-24005 KP | Larva-24005 is a threat actor that breaches servers in Korea to establish a web server and PHP environment for phishing attacks, primarily targeting individual… |
| LARVA-24005 | Larva-24005 | Larva-24005 is a threat actor that breaches servers in Korea to establish a web server and PHP environment for phishing attacks, primarily targeting individual… |
| Larva-24010 | Larva-24010 | The Larva-24010 threat actor is distributing malware through the website of a Korean VPN service provider. As a result, when a user downloads and runs the inst… |
| LARVA-24010 | Larva-24010 | The Larva-24010 threat actor is distributing malware through the website of a Korean VPN service provider. As a result, when a user downloads and runs the inst… |
| Larva-26002 | Larva-26002 | Larva-26002 targets improperly managed MS-SQL servers, exploiting vulnerabilities such as brute force and dictionary attacks. The actor has distributed Trigona… |
| LARVA-26002 | Larva-26002 | Larva-26002 targets improperly managed MS-SQL servers, exploiting vulnerabilities such as brute force and dictionary attacks. The actor has distributed Trigona… |
| Larva‑25012 | Larva‑25012 | Larva‑25012 is a threat actor known for deploying Proxyware, utilizing malware disguised as a Notepad++ installer. The actor injects Proxyware into the Windows… |
| LARVA-25012 | Larva‑25012 | Larva‑25012 is a threat actor known for deploying Proxyware, utilizing malware disguised as a Notepad++ installer. The actor injects Proxyware into the Windows… |
| Lazarus Group | Lazarus Group KP | Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltratio… |
| LAZARUS-GROUP | Lazarus Group | Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltratio… |
| Libyan Scorpions | Libyan Scorpions LY | Libyan Scorpions is a malware operation in use since September 2015 and operated by a politically motivated group whose main objective is intelligence gatherin… |
| LIBYAN-SCORPIONS | Libyan Scorpions | Libyan Scorpions is a malware operation in use since September 2015 and operated by a politically motivated group whose main objective is intelligence gatherin… |
| Lifting Zmiy | Lifting Zmiy | Rostelecom's security team has discovered a new APT group that is breaching companies via industrial PLCs. Named Lifting Zmiy, the group's first attacks were t… |
| LIFTING-ZMIY | Lifting Zmiy | Rostelecom's security team has discovered a new APT group that is breaching companies via industrial PLCs. Named Lifting Zmiy, the group's first attacks were t… |
| LightBasin | LightBasin | UNC1945 is an APT group that has been targeting telecommunications companies globally. They use Linux-based implants to maintain long-term access in compromise… |
| LIGHTBASIN | LightBasin | UNC1945 is an APT group that has been targeting telecommunications companies globally. They use Linux-based implants to maintain long-term access in compromise… |
| Lilac Typhoon | Lilac Typhoon CN | Lilac Typhoon is a threat actor attributed to China. They have been identified as exploiting the Atlassian Confluence RCE vulnerability CVE-2022-26134, which a… |
| LILAC-TYPHOON | Lilac Typhoon | Lilac Typhoon is a threat actor attributed to China. They have been identified as exploiting the Atlassian Confluence RCE vulnerability CVE-2022-26134, which a… |
| LilacSquid | LilacSquid | LilacSquid is an APT actor targeting a variety of industries worldwide since at least 2021. They use tactics such as exploiting vulnerabilities and compromised… |
| LILACSQUID | LilacSquid | LilacSquid is an APT actor targeting a variety of industries worldwide since at least 2021. They use tactics such as exploiting vulnerabilities and compromised… |
| LIMINAL PANDA | LIMINAL PANDA CN | LIMINAL PANDA is a China-nexus APT that targets telecommunications entities, employing custom malware and publicly available tools for covert access, C2, and d… |
| LIMINAL-PANDA | LIMINAL PANDA | LIMINAL PANDA is a China-nexus APT that targets telecommunications entities, employing custom malware and publicly available tools for covert access, C2, and d… |
| LinkC Pub | LinkC Pub | Linkc is a newly emerged ransomware group that operates an onion-based data leak site and has claimed one victim, a U.S.-based AI and cloud service provider, H… |
| LINKC-PUB | LinkC Pub | Linkc is a newly emerged ransomware group that operates an onion-based data leak site and has claimed one victim, a U.S.-based AI and cloud service provider, H… |
| LofyGang | LofyGang | LofyGang has been found to be linked to more than 200 malicious packages, with thousands of installations throughout 2022. The group, believed to have been ope… |
| LOFYGANG | LofyGang | LofyGang has been found to be linked to more than 200 malicious packages, with thousands of installations throughout 2022. The group, believed to have been ope… |
| Longhorn | Longhorn US | Longhorn has been active since at least 2011. It has used a range of back door Trojans in addition to zero-day vulnerabilities to compromise its targets. Longh… |
| LONGHORN | Longhorn | Longhorn has been active since at least 2011. It has used a range of back door Trojans in addition to zero-day vulnerabilities to compromise its targets. Longh… |
| LongNosedGoblin | LongNosedGoblin CN | LongNosedGoblin is a China-aligned APT group targeting governmental entities in Southeast Asia and Japan for cyberespionage. The group employs Group Policy for… |
| LONGNOSEDGOBLIN | LongNosedGoblin | LongNosedGoblin is a China-aligned APT group targeting governmental entities in Southeast Asia and Japan for cyberespionage. The group employs Group Policy for… |
| LOTUS PANDA | LOTUS PANDA CN | LOTUS PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Spring Dragon, ST Group, DRAGONFISH… |
| LOTUS-PANDA | LOTUS PANDA | Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia. |
| Lucky Cat | Lucky Cat | A series of attacks, targeting both Indian military research and south Asian shipping organizations, demonstrate the minimum level of effort required to succes… |
| LUCKY-CAT | Lucky Cat | A series of attacks, targeting both Indian military research and south Asian shipping organizations, demonstrate the minimum level of effort required to succes… |
| LulzIntel | LulzIntel | The threat actor lulzintel has claimed responsibility for multiple data breaches, including those of vegehome.pl, Almaex, Smaregi, and Kin Teck Tong, exposing … |
| LULZINTEL | LulzIntel | The threat actor lulzintel has claimed responsibility for multiple data breaches, including those of vegehome.pl, Almaex, Smaregi, and Kin Teck Tong, exposing … |
| LulzSec Black | LulzSec Black | LulzSec Black is a hacktivist group that has claimed responsibility for coordinated DDoS attacks against Cyprus' government and critical infrastructure in resp… |
| LULZSEC-BLACK | LulzSec Black | LulzSec Black is a hacktivist group that has claimed responsibility for coordinated DDoS attacks against Cyprus' government and critical infrastructure in resp… |
| Luna Moth | Luna Moth | Luna Moth conducts high-tempo callback phishing campaigns targeting legal and financial organizations in the U.S., using social engineering to lure victims int… |
| LUNA-MOTH | Luna Moth | Luna Moth conducts high-tempo callback phishing campaigns targeting legal and financial organizations in the U.S., using social engineering to lure victims int… |
| LUNAR SPIDER | LUNAR SPIDER | According to CrowdStrike, this actor is using BokBok/IcedID, potentially buying distribution through Emotet infections. On March 17, 2019, CrowdStrike Intellig… |
| LUNAR-SPIDER | LUNAR SPIDER | According to CrowdStrike, this actor is using BokBok/IcedID, potentially buying distribution through Emotet infections. On March 17, 2019, CrowdStrike Intellig… |
| luoxk | luoxk | luoxk is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: luoxk is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Or… |
| LUOXK | luoxk | Luoxk is a malware campaign targeting web servers throughout Asia, Europe and North America. |
| LYCEUM | LYCEUM IR | Lyceum is an Iranian APT group that has been active since at least 2014. They primarily target Middle Eastern governments and organizations in the energy and t… |