2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,051–1,100 of 2,004 · page 22 of 41
| ID | Title | Summary |
|---|---|---|
| Operation Shadow Force | Operation Shadow Force CN | Operation Shadow Force is a group of malware that is representative of Shadow Force and Wgdrop from 2013 to 2020, and is a group activity that attacks Korean c… |
| OPERATION-SHADOW-FORCE | Operation Shadow Force | Operation Shadow Force is a group of malware that is representative of Shadow Force and Wgdrop from 2013 to 2020, and is a group activity that attacks Korean c… |
| Operation ShadowHammer | Operation ShadowHammer | Newly discovered supply chain attack that leveraged ASUS Live Update software. The goal of the attack was to surgically target an unknown pool of users, which … |
| OPERATION-SHADOWHAMMER | Operation ShadowHammer | Newly discovered supply chain attack that leveraged ASUS Live Update software. The goal of the attack was to surgically target an unknown pool of users, which … |
| Operation Sharpshooter | Operation Sharpshooter | The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and… |
| OPERATION-SHARPSHOOTER | Operation Sharpshooter | The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and… |
| Operation Soft Cell | Operation Soft Cell | In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor us… |
| OPERATION-SOFT-CELL | Operation Soft Cell | In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor us… |
| Operation Triangulation | Operation Triangulation | Operation Triangulation is an ongoing APT campaign targeting iOS devices with zero-click iMessage exploits. The threat actor behind the campaign has been activ… |
| OPERATION-TRIANGULATION | Operation Triangulation | Operation Triangulation is an ongoing APT campaign targeting iOS devices with zero-click iMessage exploits. The threat actor behind the campaign has been activ… |
| Operation WizardOpium | Operation WizardOpium | We are calling these attacks Operation WizardOpium. So far, we have been unable to establish a definitive link with any known threat actors. There are certain … |
| OPERATION-WIZARDOPIUM | Operation WizardOpium | We are calling these attacks Operation WizardOpium. So far, we have been unable to establish a definitive link with any known threat actors. There are certain … |
| Operation Wocao | Operation Wocao | Operation Wocao (我操, “Wǒ cāo”, used as “shit” or “damn”) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group. This… |
| OPERATION-WOCAO | Operation Wocao | Operation Wocao (我操, “Wǒ cāo”, used as “shit” or “damn”) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group. This… |
| Orangeworm | Orangeworm | Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large in… |
| ORANGEWORM | Orangeworm | Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large in… |
| OurMine | OurMine | OurMine is known for celebrity internet accounts, often causing cyber vandalism, to advertise their commercial services. (Trend Micro) In light of the recent r… |
| OURMINE | OurMine | OurMine is known for celebrity internet accounts, often causing cyber vandalism, to advertise their commercial services. (Trend Micro) In light of the recent r… |
| OUTLAW SPIDER | OUTLAW SPIDER | On May 7, 2019, Mayor Bernard “Jack” Young confirmed that the network for the U.S. City of Baltimore (CoB) was infected with ransomware, which was announced vi… |
| OUTLAW-SPIDER | OUTLAW SPIDER | On May 7, 2019, Mayor Bernard “Jack” Young confirmed that the network for the U.S. City of Baltimore (CoB) was infected with ransomware, which was announced vi… |
| OverFlame | OverFlame | OverFlame is a hacktivist group known for executing DDoS attacks and website defacements, primarily targeting government institutions and corporations in Europ… |
| OVERFLAME | OverFlame | OverFlame is a hacktivist group known for executing DDoS attacks and website defacements, primarily targeting government institutions and corporations in Europ… |
| OVERLORD SPIDER | OVERLORD SPIDER | OVERLORD SPIDER, aka The Dark Overlord. Similar to ransomware operators today, OVERLORD SPIDER likely purchased RDP access to compromised servers on undergroun… |
| OVERLORD-SPIDER | OVERLORD SPIDER | OVERLORD SPIDER, aka The Dark Overlord. Similar to ransomware operators today, OVERLORD SPIDER likely purchased RDP access to compromised servers on undergroun… |
| Pacha Group | Pacha Group | Antd is a miner found in the wild on September 18, 2018. Recently we discovered that the authors from Antd are actively delivering newer campaigns deploying a … |
| PACHA-GROUP | Pacha Group | Antd is a miner found in the wild on September 18, 2018. Recently we discovered that the authors from Antd are actively delivering newer campaigns deploying a … |
| Packrat | Packrat | A threat group that has been active for at least seven years has used malware, phishing and disinformation tactics to target activists, journalists, politician… |
| PACKRAT | Packrat | A threat group that has been active for at least seven years has used malware, phishing and disinformation tactics to target activists, journalists, politician… |
| PALE PANDA | PALE PANDA CN | PALE PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: PALE PANDA is a Chinese-attributed threat actor … |
| PALE-PANDA | PALE PANDA | |
| PARINACOTA | PARINACOTA | One actor that has emerged in this trend of human-operated attacks is an active, highly adaptive group that frequently drops Wadhrama as payload. PARINACOTA i… |
| PARINACOTA | PARINACOTA | One actor that has emerged in this trend of human-operated attacks is an active, highly adaptive group that frequently drops Wadhrama as payload. PARINACOTA i… |
| PassCV | PassCV CN | The PassCV group continues to be one of the most successful and active threat groups that leverage a wide array of stolen Authenticode-signing certificates. S… |
| PASSCV | PassCV | The PassCV group continues to be one of the most successful and active threat groups that leverage a wide array of stolen Authenticode-signing certificates. S… |
| Patched Lightning | Patched Lightning | Patched Lightning is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Storm-0113. Original record: Patched Lightning i… |
| PATCHED-LIGHTNING | Patched Lightning | |
| PayTool | PayTool | PayTool is a threat actor that operates a phishing ecosystem focused on traffic violation and fine payment scams targeting Canadians through SMS-based social e… |
| PAYTOOL | PayTool | PayTool is a threat actor that operates a phishing ecosystem focused on traffic violation and fine payment scams targeting Canadians through SMS-based social e… |
| Pearl Sleet | Pearl Sleet KP | Pearl Sleet is a nation state activity group based in North Korea that has been active since at least 2012. They primarily target defectors from North Korea, m… |
| PEARL-SLEET | Pearl Sleet | Pearl Sleet is a nation state activity group based in North Korea that has been active since at least 2012. They primarily target defectors from North Korea, m… |
| People's Cyber Army of Russia | People's Cyber Army of Russia | |
| PEOPLE-S-CYBER-ARMY-OF-RUSSIA | People's Cyber Army of Russia | |
| PerSwaysion | PerSwaysion VN | PerSwaysion is a threat actor known for conducting phishing campaigns targeting high-level executives. They have been active since at least August 2019 and are… |
| PERSWAYSION | PerSwaysion | PerSwaysion is a threat actor known for conducting phishing campaigns targeting high-level executives. They have been active since at least August 2019 and are… |
| PhantomControl | PhantomControl | PhantomControl is a sophisticated threat actor that emerged in November 2023. They utilize phishing emails as their initial infection vector and employ a Scree… |
| PHANTOMCONTROL | PhantomControl | PhantomControl is a sophisticated threat actor that emerged in November 2023. They utilize phishing emails as their initial infection vector and employ a Scree… |
| Phlox Tempest | Phlox Tempest | Phlox Tempest is a threat actor responsible for a large-scale click fraud campaign targeting users through YouTube comments and malicious ads. They use ChromeL… |
| PHLOX-TEMPEST | Phlox Tempest | Phlox Tempest is a threat actor responsible for a large-scale click fraud campaign targeting users through YouTube comments and malicious ads. They use ChromeL… |
| Pickaxe | Pickaxe | Prying Libra, also known as Pickaxe, is a threat actor active since at least August 2017, and continues to remain active to this day. The adversary's goal is t… |
| PICKAXE | Pickaxe | Prying Libra, also known as Pickaxe, is a threat actor active since at least August 2017, and continues to remain active to this day. The adversary's goal is t… |