2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,351–1,400 of 2,004 · page 28 of 41
| ID | Title | Summary |
|---|---|---|
| SmugX | SmugX | The campaign, called SmugX, overlaps with previously reported activity by Chinese APT actors RedDelta and Mustang Panda. Although those two correlate to some e… |
| SMUGX | SmugX | The campaign, called SmugX, overlaps with previously reported activity by Chinese APT actors RedDelta and Mustang Panda. Although those two correlate to some e… |
| Snake Wine | Snake Wine | While investigating some of the smaller name servers that APT28/Sofacy routinely use to host their infrastructure, Cylance discovered another prolonged campaig… |
| SNAKE-WINE | Snake Wine | While investigating some of the smaller name servers that APT28/Sofacy routinely use to host their infrastructure, Cylance discovered another prolonged campaig… |
| SneakyChef | SneakyChef CN | SneakyChef is a threat actor known for using the SugarGh0st RAT to target government agencies, research institutions, and organizations worldwide. They have be… |
| SNEAKYCHEF | SneakyChef | SneakyChef is a threat actor known for using the SugarGh0st RAT to target government agencies, research institutions, and organizations worldwide. They have be… |
| SNOWGLOBE | SNOWGLOBE FR | In 2014, researchers at Kaspersky Lab discovered and reported on three zero-days that were being used in cyberattacks in the wild. Two of these zero-day vulner… |
| SNOWGLOBE | SNOWGLOBE | In 2014, researchers at Kaspersky Lab discovered and reported on three zero-days that were being used in cyberattacks in the wild. Two of these zero-day vulner… |
| SNOWSOUL | SnowSoul | SnowSoul is a financially motivated threat actor active since at least early 2026, operating a low-ransom extortion scheme primarily targeting Chinese organiza… |
| SOLAR SPIDER | SOLAR SPIDER | SOLAR SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: SOLAR SPIDER’s phishing campaigns deliver the JSOutProx RAT to fi… |
| SOLAR-SPIDER | SOLAR SPIDER | SOLAR SPIDER’s phishing campaigns deliver the JSOutProx RAT to financial institutions across Africa, the Middle East, South Asia and Southeast Asia. |
| Solntsepek | Solntsepek RU | Solntsepek is a threat actor group with ties to the Russian military unit GRU. They have claimed responsibility for a cyberattack on Kyivstar, a Ukrainian mobi… |
| SOLNTSEPEK | Solntsepek | Solntsepek is a threat actor group with ties to the Russian military unit GRU. They have claimed responsibility for a cyberattack on Kyivstar, a Ukrainian mobi… |
| SongXY | SongXY | SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2… |
| SONGXY | SongXY | SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2… |
| Sowbug | Sowbug | Sowbug has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign… |
| SOWBUG | Sowbug | Sowbug has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign… |
| Sp1d3r | Sp1d3r | Sp1d3r, a threat actor, has been involved in multiple data breaches targeting companies like Truist Bank, Cylance, and Advance Auto Parts. They have stolen and… |
| SP1D3R | Sp1d3r | Sp1d3r, a threat actor, has been involved in multiple data breaches targeting companies like Truist Bank, Cylance, and Advance Auto Parts. They have stolen and… |
| SpaceBears | SpaceBears RU | SpaceBears is a ransomware group believed to be based in Moscow, Russia, that has taken credit for several high-profile cyberattacks while primarily operating … |
| SPACEBEARS | SpaceBears | SpaceBears is a ransomware group believed to be based in Moscow, Russia, that has taken credit for several high-profile cyberattacks while primarily operating … |
| SparklingGoblin | SparklingGoblin | ESET researchers have discovered a new undocumented modular backdoor, SideWalk, being used by an APT group they’ve named SparklingGoblin; this backdoor was use… |
| SPARKLINGGOBLIN | SparklingGoblin | ESET researchers have discovered a new undocumented modular backdoor, SideWalk, being used by an APT group they’ve named SparklingGoblin; this backdoor was use… |
| SPICY PANDA | SPICY PANDA CN | SPICY PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: SPICY PANDA is a Chinese-attributed threat acto… |
| SPICY-PANDA | SPICY PANDA | |
| SPIKEDWINE | SPIKEDWINE | SPIKEDWINE is a threat actor targeting European officials with a new backdoor called WINELOADER. They use a bait PDF document posing as an invitation letter fr… |
| SPIKEDWINE | SPIKEDWINE | SPIKEDWINE is a threat actor targeting European officials with a new backdoor called WINELOADER. They use a bait PDF document posing as an invitation letter fr… |
| STAC5143 | STAC5143 | STAC5143 is a threat actor group tracked by Sophos, notable for its sophisticated use of Microsoft Office 365's legitimate services to conduct ransomware and d… |
| STAC5143 | STAC5143 | STAC5143 is a threat actor group tracked by Sophos, notable for its sophisticated use of Microsoft Office 365's legitimate services to conduct ransomware and d… |
| STARDUST CHOLLIMA | STARDUST CHOLLIMA | Open-source reporting has claimed that the Hermes ransomware was developed by the North Korean group STARDUST CHOLLIMA (activities of which have been public re… |
| STARDUST-CHOLLIMA | STARDUST CHOLLIMA | Open-source reporting has claimed that the Hermes ransomware was developed by the North Korean group STARDUST CHOLLIMA (activities of which have been public re… |
| Stargazer Goblin | Stargazer Goblin | Stargazer Goblin is a threat actor group that operates the Stargazers Ghost Network on GitHub, distributing malware and malicious links through multiple accoun… |
| STARGAZER-GOBLIN | Stargazer Goblin | Stargazer Goblin is a threat actor group that operates the Stargazers Ghost Network on GitHub, distributing malware and malicious links through multiple accoun… |
| Starry Addax | Starry Addax | Starry Addax is a threat actor targeting human rights activists associated with the Sahrawi Arab Democratic Republic using a novel mobile malware called FlexSt… |
| STARRY-ADDAX | Starry Addax | Starry Addax is a threat actor targeting human rights activists associated with the Sahrawi Arab Democratic Republic using a novel mobile malware called FlexSt… |
| Stealth Falcon | Stealth Falcon AE | Stealth Falcon is a threat actor (origin AE) catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as FruityArmor, G0038. Operational targeti… |
| STEALTH-FALCON | Stealth Falcon | This threat actor targets civil society groups and Emirati journalists, activists, and dissidents. |
| Storm Cloud | Storm Cloud CN | Storm Cloud is a Chinese espionage threat actor known for targeting organizations across Asia, particularly Tibetan organizations and individuals. They use a v… |
| STORM-CLOUD | Storm Cloud | Storm Cloud is a Chinese espionage threat actor known for targeting organizations across Asia, particularly Tibetan organizations and individuals. They use a v… |
| Storm-0062 | Storm-0062 CN | The cyberattack campaign that Microsoft uncovered was launched by a China-linked hacking group called Storm-0062. According to the company, the group is launch… |
| STORM-0062 | Storm-0062 | The cyberattack campaign that Microsoft uncovered was launched by a China-linked hacking group called Storm-0062. According to the company, the group is launch… |
| Storm-0249 | Storm-0249 | Storm-0249 is an access broker active since 2021, known for distributing BazaLoader, IcedID, Bumblebee, and Emotet malware. The actor primarily employs phishin… |
| STORM-0249 | Storm-0249 | Storm-0249 is an access broker active since 2021, known for distributing BazaLoader, IcedID, Bumblebee, and Emotet malware. The actor primarily employs phishin… |
| Storm-0324 | Storm-0324 | The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors … |
| STORM-0324 | Storm-0324 | The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors … |
| Storm-0381 | Storm-0381 RU | Storm-0381 is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as DEV-0381. Original record: Storm-038… |
| STORM-0381 | Storm-0381 | Storm-0381 is a threat actor identified by Microsoft as a Russian cybercrime group. They are known for their use of malvertising to deploy Magniber, a type of … |
| Storm-0473 | Storm-0473 KZ | Storm-0473 (Tomiris) is a threat actor that has been active since at least 2019. They primarily target government and diplomatic entities in the Commonwealth o… |
| STORM-0473 | Storm-0473 | Storm-0473 (Tomiris) is a threat actor that has been active since at least 2019. They primarily target government and diplomatic entities in the Commonwealth o… |
| Storm-0494 | Storm-0494 | Storm-0494 is a threat actor that facilitates Gootloader infections, which are then exploited by groups like Vice Society to deploy tools such as the Supper ba… |