2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,251–1,300 of 2,004 · page 26 of 41
| ID | Title | Summary |
|---|---|---|
| Sandworm | Sandworm RU | This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial … |
| SANDWORM | Sandworm | This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial … |
| Sath-ı Müdafaa | Sath-ı Müdafaa TR | A Turkish hacking group, Sath-ı Müdafaa, is encouraging individuals to join its DDoS-for-Points platform that features points and prizes for carrying out distr… |
| SATH-M-DAFAA | Sath-ı Müdafaa | A Turkish hacking group, Sath-ı Müdafaa, is encouraging individuals to join its DDoS-for-Points platform that features points and prizes for carrying out distr… |
| ScamClub | ScamClub | ScamClub is a threat actor involved in malvertising activities since 2018. They target the Mobile Web market segment, particularly on iOS devices, where securi… |
| SCAMCLUB | ScamClub | ScamClub is a threat actor involved in malvertising activities since 2018. They target the Mobile Web market segment, particularly on iOS devices, where securi… |
| Scarab | Scarab CN | Scarab APT was first spotted in 2015, but is believed to have been active since at least 2012, conducting surgical attacks against a small number of individual… |
| SCARAB | Scarab | Scarab APT was first spotted in 2015, but is believed to have been active since at least 2012, conducting surgical attacks against a small number of individual… |
| Scarlet Mimic | Scarlet Mimic CN | Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group’s mo… |
| SCARLET-MIMIC | Scarlet Mimic | Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group’s mo… |
| SCARLETEEL | SCARLETEEL | SCARLETEEL is a threat actor that primarily targets cloud environments, specifically AWS and Kubernetes. They have been observed stealing proprietary data and … |
| SCARLETEEL | SCARLETEEL | SCARLETEEL is a threat actor that primarily targets cloud environments, specifically AWS and Kubernetes. They have been observed stealing proprietary data and … |
| Scarred Manticore | Scarred Manticore IR | Scarred Manticore has been pursuing high-value targets for years, utilizing a variety of IIS-based backdoors to attack Windows servers. These include a variety… |
| SCARRED-MANTICORE | Scarred Manticore | Scarred Manticore has been pursuing high-value targets for years, utilizing a variety of IIS-based backdoors to attack Windows servers. These include a variety… |
| Scattered Canary | Scattered Canary NG | When the first member of Scattered Canary, who, for the purposes of this report, we call Alpha, began his operations, he was a lone wolf—working mostly Craigsl… |
| SCATTERED-CANARY | Scattered Canary | When the first member of Scattered Canary, who, for the purposes of this report, we call Alpha, began his operations, he was a lone wolf—working mostly Craigsl… |
| Scattered Spider | Scattered Spider | Scattered Spider is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as UNC3944, Muddled Libra, Oktapus (and 7 more). Ori… |
| SCATTERED-SPIDER | Scattered Spider | Scattered Spider, a highly active hacking group, has made headlines by targeting more than 130 organizations, with the number of victims steadily increasing. |
| ScreamedJungle | ScreamedJungle | ScreamedJungle is a threat actor that exploits vulnerabilities in outdated Magento e-commerce platforms to inject malicious JavaScript code, specifically Bablo… |
| SCREAMEDJUNGLE | ScreamedJungle | ScreamedJungle is a threat actor that exploits vulnerabilities in outdated Magento e-commerce platforms to inject malicious JavaScript code, specifically Bablo… |
| Scripted Sparrow | Scripted Sparrow | Scripted Sparrow is a prolific Business Email Compromise (BEC) collective that conducts highly targeted phishing campaigns, impersonating professional services… |
| SCRIPTED-SPARROW | Scripted Sparrow | Scripted Sparrow is a prolific Business Email Compromise (BEC) collective that conducts highly targeted phishing campaigns, impersonating professional services… |
| SCULLY SPIDER | SCULLY SPIDER | SCULLY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: SCULLY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-… |
| SCULLY-SPIDER | SCULLY SPIDER | Mentioned as operator of DanaBot in CrowdStrike's 2020 Report. |
| Sea Turtle | Sea Turtle TR | This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily nati… |
| SEA-TURTLE | Sea Turtle | This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily nati… |
| SEXi | SEXi | SEXi is a ransomware group that targets VMware ESXi servers, encrypting data and demanding ransom payments. They have been observed encrypting virtual machines… |
| SEXI | SEXi | SEXi is a ransomware group that targets VMware ESXi servers, encrypting data and demanding ransom payments. They have been observed encrypting virtual machines… |
| Shadow Network | Shadow Network | Shadows in the Cloud documents a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer networ… |
| SHADOW-NETWORK | Shadow Network | Shadows in the Cloud documents a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer networ… |
| SHADOW-AETHER-015 | SHADOW-AETHER-015 | SHADOW-AETHER-015 is a highly adaptable cybercriminal group known for identity abuse and cloud compromise, primarily targeting identity and access management s… |
| SHADOW-AETHER-015 | SHADOW-AETHER-015 | SHADOW-AETHER-015 is a highly adaptable cybercriminal group known for identity abuse and cloud compromise, primarily targeting identity and access management s… |
| Shadow-Earth-053 | Shadow-Earth-053 CN | SHADOW-EARTH-053 is a China-aligned threat group exploiting unpatched Microsoft Exchange Server vulnerabilities, specifically CVE-2021-26855, to conduct cybere… |
| SHADOW-EARTH-053 | Shadow-Earth-053 | SHADOW-EARTH-053 is a China-aligned threat group exploiting unpatched Microsoft Exchange Server vulnerabilities, specifically CVE-2021-26855, to conduct cybere… |
| SHADOW-VOID-042 | SHADOW-VOID-042 | SHADOW-VOID-042 is a provisional intrusion set tracked by Trend Micro, active in October-November 2025, conducting spear-phishing campaigns against energy, def… |
| SHADOW-VOID-042 | SHADOW-VOID-042 | SHADOW-VOID-042 is a provisional intrusion set tracked by Trend Micro, active in October-November 2025, conducting spear-phishing campaigns against energy, def… |
| SHADOW-WATER-063 | SHADOW-WATER-063 | SHADOW-WATER-063 is a financially motivated threat actor attributed to the Banana RAT banking trojan, primarily targeting Brazilian financial accounts. Analysi… |
| ShadowSyndicate | ShadowSyndicate | ShadowSyndicate is a threat actor associated with various ransomware groups, using a consistent Secure Shell fingerprint across multiple servers. They have bee… |
| SHADOWSYNDICATE | ShadowSyndicate | ShadowSyndicate is a threat actor associated with various ransomware groups, using a consistent Secure Shell fingerprint across multiple servers. They have bee… |
| ShadyPanda | ShadyPanda | ShadyPanda is a threat actor behind a 7-year campaign that has infected 4.3 million users through extensions masquerading as productivity tools while functioni… |
| SHADYPANDA | ShadyPanda | ShadyPanda is a threat actor behind a 7-year campaign that has infected 4.3 million users through extensions masquerading as productivity tools while functioni… |
| ShaggyPanther | ShaggyPanther CN | ShaggyPanther is a threat actor that primarily targets government entities in Taiwan and Malaysia. They have been active since 2008 and utilize hidden encrypte… |
| SHAGGYPANTHER | ShaggyPanther | ShaggyPanther is a threat actor that primarily targets government entities in Taiwan and Malaysia. They have been active since 2008 and utilize hidden encrypte… |
| Shahid Hemmat | Shahid Hemmat IR | Shahid Hemmat is an IRGC-CEC affiliated hacking group linked to cyberattacks targeting U.S. critical infrastructure, including the defense industry and interna… |
| SHAHID-HEMMAT | Shahid Hemmat | Shahid Hemmat is an IRGC-CEC affiliated hacking group linked to cyberattacks targeting U.S. critical infrastructure, including the defense industry and interna… |
| Shamoon Group | Shamoon Group IR | Shamoon Group is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Cutting Sword of Justice. Origina… |
| SHAMOON-GROUP | Shamoon Group | Shamoon Group is an Iran-linked threat actor associated with destructive Shamoon wiper operations targeting organizations in the Middle East, especially in the… |
| SHARK SPIDER | SHARK SPIDER RU | This group's activity was first observed in November 2013. It leverages a banking Trojan more commonly known as Shylock which aims to compromise online banking… |
| SHARK-SPIDER | SHARK SPIDER | This group's activity was first observed in November 2013. It leverages a banking Trojan more commonly known as Shylock which aims to compromise online banking… |
| SharpPanda | SharpPanda CN | SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phish… |