2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,201–1,250 of 2,004 · page 25 of 41
| ID | Title | Summary |
|---|---|---|
| ResumeLooters | ResumeLooters | Since the beginning of 2023, ResumeLooters have been able to compromise at least 65 websites. The group employs a variety of simple techniques, including SQL i… |
| RESUMELOOTERS | ResumeLooters | Since the beginning of 2023, ResumeLooters have been able to compromise at least 65 websites. The group employs a variety of simple techniques, including SQL i… |
| Returned Libra | Returned Libra | Returned Libra, also known as 8220 Mining Group, is a cloud threat actor group that has been active since at least 2017. Tools commonly employed during their o… |
| RETURNED-LIBRA | Returned Libra | Returned Libra, also known as 8220 Mining Group, is a cloud threat actor group that has been active since at least 2017. Tools commonly employed during their o… |
| RevengeHotels | RevengeHotels | RevengeHotels is a targeted cybercrime campaign that has been active since 2015, primarily targeting hotels, hostels, and tourism companies. The threat actor u… |
| REVENGEHOTELS | RevengeHotels | RevengeHotels is a targeted cybercrime campaign that has been active since 2015, primarily targeting hotels, hostels, and tourism companies. The threat actor u… |
| RGB-TEAM | RGB-TEAM | RGB-TEAM is a previously unknown Russian-speaking threat actor. They describe themselves as “a community of anonymous hacktivists fighting for freedom.” The gr… |
| RGB-TEAM | RGB-TEAM | RGB-TEAM is a previously unknown Russian-speaking threat actor. They describe themselves as “a community of anonymous hacktivists fighting for freedom.” The gr… |
| RIDDLE SPIDER | RIDDLE SPIDER | RIDDLE SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: RIDDLE SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-… |
| RIDDLE-SPIDER | RIDDLE SPIDER | According to Crowdstrike, RIDDLE SPIDER is the operator behind the avaddon ransomware |
| RipperSec | RipperSec MY | RipperSec is a pro-Palestinian, likely Malaysian hacktivist group created in June 2023, known for conducting DDoS attacks, data breaches, and defacements prima… |
| RIPPERSEC | RipperSec | RipperSec is a pro-Palestinian, likely Malaysian hacktivist group created in June 2023, known for conducting DDoS attacks, data breaches, and defacements prima… |
| Roaming Mantis | Roaming Mantis | According to new research by Kaspersky's GReAT team, the online criminal activities of the Roaming Mantis Group have continued to evolve since they were first … |
| ROAMING-MANTIS | Roaming Mantis | According to new research by Kaspersky's GReAT team, the online criminal activities of the Roaming Mantis Group have continued to evolve since they were first … |
| Roaming Tiger | Roaming Tiger | Roaming Tiger is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as BRONZE WOODLAND, Rotten Tomato. Original record: Roa… |
| ROAMING-TIGER | Roaming Tiger | |
| Rocke | Rocke | This threat actor initially came to our attention in April 2018, leveraging both Western and Chinese Git repositories to deliver malware to honeypot systems vu… |
| ROCKE | Rocke | This threat actor initially came to our attention in April 2018, leveraging both Western and Chinese Git repositories to deliver malware to honeypot systems vu… |
| Rocket Kitten | Rocket Kitten IR | Targets Saudi Arabia, Israel, US, Iran, high ranking defense officials, embassies of various target countries, notable Iran researchers, human rights activists… |
| ROCKET-KITTEN | Rocket Kitten | Targets Saudi Arabia, Israel, US, Iran, high ranking defense officials, embassies of various target countries, notable Iran researchers, human rights activists… |
| RomCom | RomCom RU | ROMCOM is an evolving and sophisticated threat actor group that has been using the malware tool ROMCOM for espionage and financially motivated attacks. They ha… |
| ROMCOM | RomCom | ROMCOM is an evolving and sophisticated threat actor group that has been using the malware tool ROMCOM for espionage and financially motivated attacks. They ha… |
| RTM | RTM | There are several groups actively and profitably targeting businesses in Russia. A trend that we have seen unfold before our eyes lately is these cybercriminal… |
| RTM | RTM | There are several groups actively and profitably targeting businesses in Russia. A trend that we have seen unfold before our eyes lately is these cybercriminal… |
| Ruby Sleet | Ruby Sleet KP | Ruby Sleet is a threat actor linked to North Korea's Ministry of State Security. Cerium has been involved in spear-phishing campaigns, compromising devices, an… |
| RUBY-SLEET | Ruby Sleet | Ruby Sleet is a threat actor linked to North Korea's Ministry of State Security. Cerium has been involved in spear-phishing campaigns, compromising devices, an… |
| RUBYCARP | RUBYCARP RO | RUBYCARP is a financially-motivated threat actor group likely based in Romania, with a history of at least 10 years of activity. They operate a botnet using pu… |
| RUBYCARP | RUBYCARP | RUBYCARP is a financially-motivated threat actor group likely based in Romania, with a history of at least 10 years of activity. They operate a botnet using pu… |
| RuskiNet | RuskiNet RU | RuskiNet is a pro-Russian hacktivist collective associated with disruptive operations including DDoS attacks, website defacements, phishing, and data leaks aga… |
| RUSKINET | RuskiNet | RuskiNet is a pro-Russian hacktivist collective associated with disruptive operations including DDoS attacks, website defacements, phishing, and data leaks aga… |
| Ruthless Rabbit | Ruthless Rabbit RU | Ruthless Rabbit has been running investment scam campaigns since November 2022, primarily targeting users in Russia, Poland, Romania, and Kazakhstan. The actor… |
| RUTHLESS-RABBIT | Ruthless Rabbit | Ruthless Rabbit has been running investment scam campaigns since November 2022, primarily targeting users in Russia, Poland, Romania, and Kazakhstan. The actor… |
| Saad Tycoon | Saad Tycoon | Saad Tycoon is the operator and alleged developer of the Tycoon 2FA PhaaS, a phishing service that targets users for financial gain. The actor utilizes Bitcoin… |
| SAAD-TYCOON | Saad Tycoon | Saad Tycoon is the operator and alleged developer of the Tycoon 2FA PhaaS, a phishing service that targets users for financial gain. The actor utilizes Bitcoin… |
| SABRE PANDA | SABRE PANDA CN | SABRE PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: SABRE PANDA is a Chinese-attributed threat acto… |
| SABRE-PANDA | SABRE PANDA | |
| SaintBear | SaintBear RU | SaintBear is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as UNC2589, TA471, UAC-0056 (and 11 more… |
| SAINTBEAR | SaintBear | A group targeting UA state organizations using the GraphSteel and GrimPlant malware. |
| SALTY SPIDER | SALTY SPIDER | Beginning in January 2018 and persisting through the first half of the year, CrowdStrike Intelligence observed SALTY SPIDER, developer and operator of the long… |
| SALTY-SPIDER | SALTY SPIDER | Beginning in January 2018 and persisting through the first half of the year, CrowdStrike Intelligence observed SALTY SPIDER, developer and operator of the long… |
| SAMBASPIDER | SAMBASPIDER | SAMBASPIDER is a threat actor associated to the Mispadu malware. On July 24, USDoD allegedly scraped and leaked a 100,000-line Indicator of Compromise list fro… |
| SAMBASPIDER | SAMBASPIDER | SAMBASPIDER is a threat actor associated to the Mispadu malware. On July 24, USDoD allegedly scraped and leaked a 100,000-line Indicator of Compromise list fro… |
| SAMURAI PANDA | SAMURAI PANDA CN | SAMURAI PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as PLA Navy, Wisp Team. Operational … |
| SAMURAI-PANDA | SAMURAI PANDA | |
| SandCat | SandCat | SandCat, on the other hand, is a group that was discovered more recently by Kaspersky. One of the Windows vulnerabilities patched by Microsoft in December had … |
| SANDCAT | SandCat | SandCat, on the other hand, is a group that was discovered more recently by Kaspersky. One of the Windows vulnerabilities patched by Microsoft in December had … |
| Sandman APT | Sandman APT CN | First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifically STO… |
| SANDMAN-APT | Sandman APT | First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifically STO… |
| Sands Casino | Sands Casino IR | Sands Casino is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Sands Casino is a Iranian-attributed threat ac… |
| SANDS-CASINO | Sands Casino |