2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 951–1,000 of 2,004 · page 20 of 41
| ID | Title | Summary |
|---|---|---|
| MORH4X | MORH4x | MORH4x is a self-proclaimed Moroccan hacking group that claimed responsibility for a data leak from Algeria's pharmaceutical industry ministry. The group annou… |
| MosesStaff | MosesStaff IR | MosesStaff is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Moses Staff, Marigold Sandstorm, DEV… |
| MOSESSTAFF | MosesStaff | Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation appears to be to harm Israeli companies … |
| Moshen Dragon | Moshen Dragon CN | Moshen Dragon is a Chinese-aligned cyberespionage threat actor operating in Central Asia. They have been observed deploying multiple malware triads and utilizi… |
| MOSHEN-DRAGON | Moshen Dragon | Moshen Dragon is a Chinese-aligned cyberespionage threat actor operating in Central Asia. They have been observed deploying multiple malware triads and utilizi… |
| Moskalvzapoe | Moskalvzapoe | Moskalvzapoe is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as MAN1, TA511. Original record: Moskalvzapoe is a threa… |
| MOSKALVZAPOE | Moskalvzapoe | |
| MoustachedBouncer | MoustachedBouncer BY | MoustachedBouncer is a cyberespionage group discovered by ESET Research and first publicly disclosed in August 2023. The group has been active since at least 2… |
| MOUSTACHEDBOUNCER | MoustachedBouncer | MoustachedBouncer is a cyberespionage group discovered by ESET Research and first publicly disclosed in August 2023. The group has been active since at least 2… |
| Mr_Rot13 | Mr_Rot13 | Mr_Rot13 is a stable hacking group identified through a PHP backdoor and a Downloader domain linked to a C2 infrastructure active since 2020. They utilize the … |
| MR-ROT13 | Mr_Rot13 | Mr_Rot13 is a stable hacking group identified through a PHP backdoor and a Downloader domain linked to a C2 infrastructure active since 2020. They utilize the … |
| MuddyWater | MuddyWater IR | The MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including t… |
| MUDDYWATER | MuddyWater | The MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including t… |
| MUMMY SPIDER | MUMMY SPIDER | MUMMY SPIDER is a criminal entity linked to the core development of the malware most commonly known as Emotet or Geodo. First observed in mid-2014, this malwar… |
| MUMMY-SPIDER | MUMMY SPIDER | MUMMY SPIDER is a criminal entity linked to the core development of the malware most commonly known as Emotet or Geodo. First observed in mid-2014, this malwar… |
| MurenShark | MurenShark | MurenShark is an advanced persistent threat group that operates primarily in the Middle East, with a focus on targeting Turkey. They have shown interest in mil… |
| MURENSHARK | MurenShark | MurenShark is an advanced persistent threat group that operates primarily in the Middle East, with a focus on targeting Turkey. They have shown interest in mil… |
| MUSTANG PANDA | MUSTANG PANDA CN | This threat actor targets nongovernmental organizations using Mongolian-themed lures for espionage purposes. In April 2017, CrowdStrike Falcon Intelligence obs… |
| MUSTANG-PANDA | MUSTANG PANDA | This threat actor targets nongovernmental organizations using Mongolian-themed lures for espionage purposes. In April 2017, CrowdStrike Falcon Intelligence obs… |
| Mustard Tempest | Mustard Tempest | Mustard Tempest is a threat actor that primarily uses malvertising as their main technique to gain access to and profile networks. They deploy FakeUpdates, dis… |
| MUSTARD-TEMPEST | Mustard Tempest | Mustard Tempest is a threat actor that primarily uses malvertising as their main technique to gain access to and profile networks. They deploy FakeUpdates, dis… |
| Mythic Likho | Mythic Likho | Arcane Werewolf has been observed targeting Russian manufacturing enterprises through phishing emails that lead to malicious links and spoofed websites. The ac… |
| MYTHIC-LIKHO | Mythic Likho | Arcane Werewolf has been observed targeting Russian manufacturing enterprises through phishing emails that lead to malicious links and spoofed websites. The ac… |
| N4ughtysecTU | N4ughtysecTU BR | In March 2022, a hacking group calling themselves N4ughtySecTU claimed to have breached TransUnion’s systems and threatened to leak four terabytes of data if t… |
| N4UGHTYSECTU | N4ughtysecTU | In March 2022, a hacking group calling themselves N4ughtySecTU claimed to have breached TransUnion’s systems and threatened to leak four terabytes of data if t… |
| Naikon | Naikon CN | Kaspersky described Naikon in a 2015 report as: 'The Naikon group is mostly active in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam… |
| NAIKON | Naikon | Kaspersky described Naikon in a 2015 report as: 'The Naikon group is mostly active in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam… |
| Nam3L3ss | Nam3L3ss | Nam3L3ss is a threat actor who has leaked data from 25 companies, including over 2.8 million lines of Amazon employee data, which was confirmed to be stolen fr… |
| NAM3L3SS | Nam3L3ss | Nam3L3ss is a threat actor who has leaked data from 25 companies, including over 2.8 million lines of Amazon employee data, which was confirmed to be stolen fr… |
| NARKETING163 | Narketing163 | Narketing163 is a financially motivated threat actor named after one of their frequently used email addresses (narketing163@gmail.com). Active since at least J… |
| NARWHAL SPIDER | NARWHAL SPIDER | NARWHAL SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as GOLD ESSEX, TA544, Storm-0302. Original record: NAR… |
| NARWHAL-SPIDER | NARWHAL SPIDER | NARWHAL SPIDER’s operation of Cutwail v2 was limited to country-specific spam campaigns, although late in 2019 there appeared to be an effort to expand by brin… |
| Natohub | Natohub | Natohub is a hacker who claimed to have stolen 42,000 documents from the UN’s International Civil Aviation Organization and is offering the data for sale on un… |
| NATOHUB | Natohub | Natohub is a hacker who claimed to have stolen 42,000 documents from the UN’s International Civil Aviation Organization and is offering the data for sale on un… |
| Nazar | Nazar | This actor was identified by Juan Andres Guerrero-Saade from the SIG37 cluster as published in the ShadowBrokers' 'Lost in Translation' leak. Earliest known si… |
| NAZAR | Nazar | This actor was identified by Juan Andres Guerrero-Saade from the SIG37 cluster as published in the ShadowBrokers' 'Lost in Translation' leak. Earliest known si… |
| NB65 | NB65 | NB65 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Network Battalion 65. Original record: Network Battalion 65 i… |
| NB65 | NB65 | Network Battalion 65 is an hactivist group with ties to Anonymous, known for attacking Russian companies and performing hack-and-leak operations. |
| NEODYMIUM | NEODYMIUM | NEODYMIUM is an activity group that is known to use a backdoor malware detected by Microsoft as Wingbird. This backdoor’s characteristics closely match FinFish… |
| NEODYMIUM | NEODYMIUM | NEODYMIUM is an activity group that is known to use a backdoor malware detected by Microsoft as Wingbird. This backdoor’s characteristics closely match FinFish… |
| NetRunnerPR | NetRunnerPR | NetRunnerPR has claimed to breach the networks of Shiraume Hospital and Nippon Medical School Musashi Kosugi Hospital in Japan, exfiltrating patient PII and me… |
| NETRUNNERPR | NetRunnerPR | NetRunnerPR has claimed to breach the networks of Shiraume Hospital and Nippon Medical School Musashi Kosugi Hospital in Japan, exfiltrating patient PII and me… |
| NewsPenguin | NewsPenguin | NewsPenguin is threat actor that has been targeting organizations in Pakistan. They use a complex payload delivery mechanism and exploit the upcoming Pakistan … |
| NEWSPENGUIN | NewsPenguin | NewsPenguin is threat actor that has been targeting organizations in Pakistan. They use a complex payload delivery mechanism and exploit the upcoming Pakistan … |
| Nexus Zeta | Nexus Zeta | Nexus Zeta is no stranger when it comes to implementing SOAP related exploits. The threat actor has already been observed in implementing two other known SOAP … |
| NEXUS-ZETA | Nexus Zeta | Nexus Zeta is no stranger when it comes to implementing SOAP related exploits. The threat actor has already been observed in implementing two other known SOAP … |
| Nickel Alley | Nickel Alley KP | NICKEL ALLEY is a North Korean threat group that targets technology professionals through fake job opportunities, employing social engineering tactics such as … |
| NICKEL-ALLEY | Nickel Alley | NICKEL ALLEY is a North Korean threat group that targets technology professionals through fake job opportunities, employing social engineering tactics such as … |
| Night Dragon | Night Dragon CN | Night Dragon is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0014. Original record: Night Drag… |
| NIGHT-DRAGON | Night Dragon |