2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,001–1,050 of 2,004 · page 21 of 41
| ID | Title | Summary |
|---|---|---|
| NightEagle | NightEagle US | NightEagle is an advanced Threat Actor that targeted China's High-Tech Industry and Military Organisation, leveraging sophisticated techniques, 0 days, and spe… |
| NIGHTEAGLE | NightEagle | NightEagle is an advanced Threat Actor that targeted China's High-Tech Industry and Military Organisation, leveraging sophisticated techniques, 0 days, and spe… |
| Nitro | Nitro CN | These attackers were the subject of an extensive report by Symantec in 2011, which termed the attackers Nitro and stated: 'The goal of the attackers appears to… |
| NITRO | Nitro | These attackers were the subject of an extensive report by Symantec in 2011, which termed the attackers Nitro and stated: 'The goal of the attackers appears to… |
| NOCTURNAL SPIDER | NOCTURNAL SPIDER | NOCTURNAL SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: NOCTURNAL SPIDER is a threat actor catalogued by MISP-Galaxy … |
| NOCTURNAL-SPIDER | NOCTURNAL SPIDER | Mentioned as MaaS operator in CrowdStrike's 2020 Report. |
| NOMAD PANDA | NOMAD PANDA | NOMAD PANDA is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: In the first quarter of 2018, CrowdStrike Intelligence identified … |
| NOMAD-PANDA | NOMAD PANDA | In the first quarter of 2018, CrowdStrike Intelligence identified NOMAD PANDA activity targeting Central Asian nations with exploit documents built with the 8.… |
| NoName057(16) | NoName057(16) | NoName057(16) is performing DDoS attacks on websites belonging to governments, news agencies, armies, suppliers, telecommunications companies, transportation a… |
| NONAME057-16 | NoName057(16) | NoName057(16) is performing DDoS attacks on websites belonging to governments, news agencies, armies, suppliers, telecommunications companies, transportation a… |
| NOTROBIN | NOTROBIN | Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effe… |
| NOTROBIN | NOTROBIN | Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effe… |
| Nullbulge | Nullbulge | NullBulge is a cybercriminal threat group targeting AI and gaming focused entities. They weaponize code in publicly available repositories to distribute malwar… |
| NULLBULGE | Nullbulge | NullBulge is a cybercriminal threat group targeting AI and gaming focused entities. They weaponize code in publicly available repositories to distribute malwar… |
| NyxarGroup | NyxarGroup | NyxarGroup is a threat actor involved in a coordinated data brokerage ecosystem across Latin America, primarily targeting government infrastructure. They have … |
| NYXARGROUP | NyxarGroup | NyxarGroup is a threat actor involved in a coordinated data brokerage ecosystem across Latin America, primarily targeting government infrastructure. They have … |
| OilAlpha | OilAlpha | OilAlpha has almost exclusively relied on infrastructure associated with the Public Telecommunication Corporation (PTC), a Yemeni government-owned enterprise r… |
| OILALPHA | OilAlpha | OilAlpha has almost exclusively relied on infrastructure associated with the Public Telecommunication Corporation (PTC), a Yemeni government-owned enterprise r… |
| OilRig | OilRig IR | OilRig is an Iranian threat group operating primarily in the Middle East by targeting organizations in this region that are in a variety of different industrie… |
| OILRIG | OilRig | OilRig is an Iranian threat group operating primarily in the Middle East by targeting organizations in this region that are in a variety of different industrie… |
| OldGremlin | OldGremlin RU | OldGremlin is a Russian-speaking ransomware group that has been active for several years. They primarily target organizations in Russia, including banks, logis… |
| OLDGREMLIN | OldGremlin | OldGremlin is a Russian-speaking ransomware group that has been active for several years. They primarily target organizations in Russia, including banks, logis… |
| OnionDog | OnionDog KP | OnionDog is a North Korean-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Government and Private se… |
| ONIONDOG | OnionDog | This threat actor targets the South Korean government, transportation, and energy sectors. |
| Opal Sleet | Opal Sleet KP | Konni is a threat actor associated with APT37, a North Korean cyber crime group. They have been active since 2012 and are known for their cyber-espionage activ… |
| OPAL-SLEET | Opal Sleet | Konni is a threat actor associated with APT37, a North Korean cyber crime group. They have been active since 2012 and are known for their cyber-espionage activ… |
| Operation BugDrop | Operation BugDrop RU | This threat actor targets critical infrastructure entities in the oil and gas sector, primarily in Ukraine. The threat actors deploy the BugDrop malware to rem… |
| OPERATION-BUGDROP | Operation BugDrop | This threat actor targets critical infrastructure entities in the oil and gas sector, primarily in Ukraine. The threat actors deploy the BugDrop malware to rem… |
| Operation C-Major | Operation C-Major PK | Operation C-Major is a Pakistani-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as C-Major, Transparent Tribe,… |
| OPERATION-C-MAJOR | Operation C-Major | Group targeting Indian Army or related assets in India, as well as activists and civil society in Pakistan. Attribution to a Pakistani connection has been made… |
| Operation Cobalt Whisper | Operation Cobalt Whisper | |
| OPERATION-COBALT-WHISPER | Operation Cobalt Whisper | |
| Operation Comando | Operation Comando | Operation Comando is a pure cybercrime campaign, possibly with Brazilian origin, with a concrete and persistent focus on the hospitality sector, which proves h… |
| OPERATION-COMANDO | Operation Comando | Operation Comando is a pure cybercrime campaign, possibly with Brazilian origin, with a concrete and persistent focus on the hospitality sector, which proves h… |
| Operation DRBControl | Operation DRBControl CN | Operation DRBControl is a cyberespionage campaign targeting gambling companies in Southeast Asia, first identified in 2019. The operation involves the use of H… |
| OPERATION-DRBCONTROL | Operation DRBControl | Operation DRBControl is a cyberespionage campaign targeting gambling companies in Southeast Asia, first identified in 2019. The operation involves the use of H… |
| Operation Emmental | Operation Emmental RU | Operation Emmental, also known as the Retefe gang, is a threat actor group that has been active since at least 2012. They primarily target customers of banks i… |
| OPERATION-EMMENTAL | Operation Emmental | Operation Emmental, also known as the Retefe gang, is a threat actor group that has been active since at least 2012. They primarily target customers of banks i… |
| Operation ForumTroll | Operation ForumTroll | Operation ForumTroll is a sophisticated cyber espionage campaign discovered by Kaspersky in mid-March 2025. The attack exploited a zero-day vulnerability in Go… |
| OPERATION-FORUMTROLL | Operation ForumTroll | Operation ForumTroll is a sophisticated cyber espionage campaign discovered by Kaspersky in mid-March 2025. The attack exploited a zero-day vulnerability in Go… |
| Operation Ghoul | Operation Ghoul | Operation Ghoul is a profit-driven threat actor that targeted over 130 organizations in 30 countries, primarily in the industrial and engineering sectors. They… |
| OPERATION-GHOUL | Operation Ghoul | Operation Ghoul is a profit-driven threat actor that targeted over 130 organizations in 30 countries, primarily in the industrial and engineering sectors. They… |
| Operation Kabar Cobra | Operation Kabar Cobra | |
| OPERATION-KABAR-COBRA | Operation Kabar Cobra | |
| Operation Parliament | Operation Parliament | This threat actor uses spear-phishing techniques to target parliaments, government ministries, academics, and media organizations, primarily in the Middle East… |
| OPERATION-PARLIAMENT | Operation Parliament | This threat actor uses spear-phishing techniques to target parliaments, government ministries, academics, and media organizations, primarily in the Middle East… |
| Operation Poison Needles | Operation Poison Needles | What’s noteworthy is that according to the introduction on the compromised website of the polyclinic (http://www.p2f.ru), the institution was established in 19… |
| OPERATION-POISON-NEEDLES | Operation Poison Needles | What’s noteworthy is that according to the introduction on the compromised website of the polyclinic (http://www.p2f.ru), the institution was established in 19… |
| Operation Red Signature | Operation Red Signature CN | The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of inte… |
| OPERATION-RED-SIGNATURE | Operation Red Signature | The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of inte… |