2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,301–1,350 of 2,004 · page 27 of 41
| ID | Title | Summary |
|---|---|---|
| SHARPPANDA | SharpPanda | SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phish… |
| ShinyHunters | ShinyHunters | ShinyHunters is a cybercriminal group of unknown origin that is motivated by financial gain. The group is known for its sophisticated attacks against a wide ra… |
| SHINYHUNTERS | ShinyHunters | ShinyHunters is a cybercriminal group of unknown origin that is motivated by financial gain. The group is known for its sophisticated attacks against a wide ra… |
| ShroudedSnooper | ShroudedSnooper | In September 2023, Cisco Talos identified a new malware family that it calls ‘HTTPSnoop’ being deployed against telecommunications providers in the Middle East… |
| SHROUDEDSNOOPER | ShroudedSnooper | In September 2023, Cisco Talos identified a new malware family that it calls ‘HTTPSnoop’ being deployed against telecommunications providers in the Middle East… |
| SideCopy | SideCopy PK | The SideCopy APT is a Pakistani threat actor that has been operating since at least 2019, mainly targeting South Asian countries and more specifically India an… |
| SIDECOPY | SideCopy | The SideCopy APT is a Pakistani threat actor that has been operating since at least 2019, mainly targeting South Asian countries and more specifically India an… |
| SiegedSec | SiegedSec | SiegedSec, a hacktivist collective, emerged coincidentally just days before Russia’s invasion of Ukraine. Under the leadership of the hacktivist known as “Your… |
| SIEGEDSEC | SiegedSec | SiegedSec, a hacktivist collective, emerged coincidentally just days before Russia’s invasion of Ukraine. Under the leadership of the hacktivist known as “Your… |
| Siesta | Siesta | FireEye recently looked deeper into the activity discussed in TrendMicro’s blog and dubbed the “Siesta” campaign. The tools, modus operandi, and infrastructure… |
| SIESTA | Siesta | FireEye recently looked deeper into the activity discussed in TrendMicro’s blog and dubbed the “Siesta” campaign. The tools, modus operandi, and infrastructure… |
| Silence group | Silence group | a relatively new threat actor that’s been operating since mid-2016 Group-IB has exposed the attacks committed by Silence cybercriminal group. While the gang ha… |
| SILENCE-GROUP | Silence group | a relatively new threat actor that’s been operating since mid-2016 Group-IB has exposed the attacks committed by Silence cybercriminal group. While the gang ha… |
| Silent Chollima | Silent Chollima KP | Andariel is a threat actor that primarily targets South Korean corporations and institutions. They are believed to collaborate with or operate as a subsidiary … |
| SILENT-CHOLLIMA | Silent Chollima | Andariel is a threat actor that primarily targets South Korean corporations and institutions. They are believed to collaborate with or operate as a subsidiary … |
| Silent Librarian | Silent Librarian IR | Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. Accordi… |
| SILENT-LIBRARIAN | Silent Librarian | Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. Accordi… |
| SilitNetwork | SilitNetwork | SilitNetwork is a hacking group known for targeting high-profile entities, such as airlines, for various motives. They utilize sophisticated tactics to breach … |
| SILITNETWORK | SilitNetwork | SilitNetwork is a hacking group known for targeting high-profile entities, such as airlines, for various motives. They utilize sophisticated tactics to breach … |
| SILKFIN AGENCY | SILKFIN AGENCY | SILKFIN AGENCY has claimed responsibility for multiple significant data breaches, including the compromise of DimeCuba.com, which exposed over 1 million SMS re… |
| SILKFIN-AGENCY | SILKFIN AGENCY | SILKFIN AGENCY has claimed responsibility for multiple significant data breaches, including the compromise of DimeCuba.com, which exposed over 1 million SMS re… |
| SilkSpecter | SilkSpecter CN | SilkSpecter is a Chinese financially motivated threat actor that orchestrates phishing campaigns targeting e-commerce shoppers, particularly during peak shoppi… |
| SILKSPECTER | SilkSpecter | SilkSpecter is a Chinese financially motivated threat actor that orchestrates phishing campaigns targeting e-commerce shoppers, particularly during peak shoppi… |
| SilverFish | SilverFish | SilverFish is believed to be a Russian cyberespionage group that has been involved in various cyberattacks, including the use of the SolarWinds breach as an at… |
| SILVERFISH | SilverFish | SilverFish is believed to be a Russian cyberespionage group that has been involved in various cyberattacks, including the use of the SolarWinds breach as an at… |
| SilverTerrier | SilverTerrier NG | As these tools rise and fall in popularity (and more importantly, as detection rates by antivirus vendors improve), SilverTerrier actors have consistently adop… |
| SILVERTERRIER | SilverTerrier | As these tools rise and fall in popularity (and more importantly, as detection rates by antivirus vendors improve), SilverTerrier actors have consistently adop… |
| Sima | Sima IR | Sima is a group of suspected Iranian origin targeting Iranians in diaspora. In February 2016, Iran-focused individuals received messages purporting to be from … |
| SIMA | Sima | Sima is a group of suspected Iranian origin targeting Iranians in diaspora. In February 2016, Iran-focused individuals received messages purporting to be from … |
| SINGING SPIDER | SINGING SPIDER | |
| SINGING-SPIDER | SINGING SPIDER | |
| SingularityMD | SingularityMD | SingularityMD is a threat actor group that has targeted educational institutions in the US. They gained unauthorized access to their networks by exploiting wea… |
| SINGULARITYMD | SingularityMD | SingularityMD is a threat actor group that has targeted educational institutions in the US. They gained unauthorized access to their networks by exploiting wea… |
| Sinobi | Sinobi | Sinobi is a financially motivated ransomware group that employs data theft and extortion as primary tactics, operating a public-facing leak portal to pressure … |
| SINOBI | Sinobi | Sinobi is a financially motivated ransomware group that employs data theft and extortion as primary tactics, operating a public-facing leak portal to pressure … |
| SkidSec | SkidSec | SkidSec is a threat group that has engaged in operations targeting exposed printers in South Korea to disseminate North Korean propaganda, utilizing techniques… |
| SKIDSEC | SkidSec | SkidSec is a threat group that has engaged in operations targeting exposed printers in South Korea to disseminate North Korean propaganda, utilizing techniques… |
| SLIME29 | SLIME29 CN | SLIME29 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Private Sector sector. Original… |
| SLIME29 | SLIME29 | |
| SLIME88 | SLIME88 | SLIME88 is a China-nexus APT that has exploited the critical vulnerability CVE-2026-34197 in Apache ActiveMQ to deploy SoxAgent RAT, compromising Linux devices… |
| Slingshot | Slingshot | While analysing an incident which involved a suspected keylogger, we identified a malicious library able to interact with a virtual file system, which is usual… |
| SLINGSHOT | Slingshot | While analysing an incident which involved a suspected keylogger, we identified a malicious library able to interact with a virtual file system, which is usual… |
| SlopAds | SlopAds | SlopAds is a sophisticated ad fraud and click fraud operation involving a collection of 224 apps, downloaded over 38 million times globally. The threat actors … |
| SLOPADS | SlopAds | SlopAds is a sophisticated ad fraud and click fraud operation involving a collection of 224 apps, downloaded over 38 million times globally. The threat actors … |
| SloppyLemming | SloppyLemming | SloppyLemming is an advanced actor that uses multiple cloud service providers to facilitate different aspects of their activities, such as credential harvestin… |
| SLOPPYLEMMING | SloppyLemming | SloppyLemming is an advanced actor that uses multiple cloud service providers to facilitate different aspects of their activities, such as credential harvestin… |
| Smishing Triad | Smishing Triad CN | The Smishing Triad is a Chinese-speaking threat group known for targeting postal services and their customers globally through smishing campaigns. They leverag… |
| SMISHING-TRIAD | Smishing Triad | The Smishing Triad is a Chinese-speaking threat group known for targeting postal services and their customers globally through smishing campaigns. They leverag… |
| SMOKY SPIDER | SMOKY SPIDER | SMOKY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: SMOKY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Ga… |
| SMOKY-SPIDER | SMOKY SPIDER | Mentioned as operator of SmokeLoader in CrowdStrike's 2020 Report. |