2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,401–1,450 of 2,004 · page 29 of 41
| ID | Title | Summary |
|---|---|---|
| STORM-0494 | Storm-0494 | Storm-0494 is a threat actor that facilitates Gootloader infections, which are then exploited by groups like Vice Society to deploy tools such as the Supper ba… |
| Storm-0501 | Storm-0501 | Storm-0501 is a financially motivated cybercriminal group that has been active since 2021, initially targeting US school districts with the Sabbath ransomware … |
| STORM-0501 | Storm-0501 | Storm-0501 is a financially motivated cybercriminal group that has been active since 2021, initially targeting US school districts with the Sabbath ransomware … |
| Storm-0506 | Storm-0506 | Storm-0506 (DEV-0506) is a financially motivated cybercriminal group operating as a core affiliate within the Black Basta ransomware-as-a-service (RaaS) ecosys… |
| STORM-0506 | Storm-0506 | Storm-0506 (DEV-0506) is a financially motivated cybercriminal group operating as a core affiliate within the Black Basta ransomware-as-a-service (RaaS) ecosys… |
| Storm-0530 | Storm-0530 KP | H0lyGh0st is a North Korean threat actor that has been active since June 2021. They are responsible for developing and deploying the H0lyGh0st ransomware, whic… |
| STORM-0530 | Storm-0530 | H0lyGh0st is a North Korean threat actor that has been active since June 2021. They are responsible for developing and deploying the H0lyGh0st ransomware, whic… |
| Storm-0539 | Storm-0539 | Storm-0539 is a financially motivated threat actor that has been active since at least 2021. They primarily target retail organizations for gift card fraud and… |
| STORM-0539 | Storm-0539 | Storm-0539 is a financially motivated threat actor that has been active since at least 2021. They primarily target retail organizations for gift card fraud and… |
| Storm-0558 | Storm-0558 CN | Storm-0558 is a China-based threat actor with espionage objectives. While there are some minimal overlaps with other Chinese groups such as Violet Typhoon (ZIR… |
| STORM-0558 | Storm-0558 | Storm-0558 is a China-based threat actor with espionage objectives. While there are some minimal overlaps with other Chinese groups such as Violet Typhoon (ZIR… |
| Storm-0826 | Storm-0826 | Storm-0826 is a financially motivated cybercriminal group operating as an affiliate within the Black Basta ransomware-as-a-service (RaaS) ecosystem. This actor… |
| STORM-0826 | Storm-0826 | Storm-0826 is a financially motivated cybercriminal group operating as an affiliate within the Black Basta ransomware-as-a-service (RaaS) ecosystem. This actor… |
| Storm-0829 | Storm-0829 | Nwgen is a group that focuses on data exfiltration and ransomware activities. They have been found to share techniques with other threat groups such as Karakur… |
| STORM-0829 | Storm-0829 | Nwgen is a group that focuses on data exfiltration and ransomware activities. They have been found to share techniques with other threat groups such as Karakur… |
| Storm-0835 | Storm-0835 | Cybercriminals have launched a phishing campaign targeting senior executives in U.S. firms, using the EvilProxy phishing toolkit for credential harvesting and … |
| STORM-0835 | Storm-0835 | Cybercriminals have launched a phishing campaign targeting senior executives in U.S. firms, using the EvilProxy phishing toolkit for credential harvesting and … |
| Storm-0867 | Storm-0867 EG | Storm-0867 is a threat actor that has been active since 2012 and has targeted various industries and regions. They employ sophisticated phishing campaigns, uti… |
| STORM-0867 | Storm-0867 | Storm-0867 is a threat actor that has been active since 2012 and has targeted various industries and regions. They employ sophisticated phishing campaigns, uti… |
| Storm-0940 | Storm-0940 CN | Storm-0940 is a Chinese threat actor active since at least 2021, known for gaining initial access through password spray and brute-force attacks, as well as ex… |
| STORM-0940 | Storm-0940 | Storm-0940 is a Chinese threat actor active since at least 2021, known for gaining initial access through password spray and brute-force attacks, as well as ex… |
| Storm-1044 | Storm-1044 | Storm-1044 has been identified as part of a cyber campaign in collaboration with Twisted Spider. They employ a strategic approach, targeting specific endpoints… |
| STORM-1044 | Storm-1044 | Storm-1044 has been identified as part of a cyber campaign in collaboration with Twisted Spider. They employ a strategic approach, targeting specific endpoints… |
| Storm-1084 | Storm-1084 IR | Storm-1084 is a threat actor that has been observed collaborating with the MuddyWater group. They have used the DarkBit persona to mask their involvement in ta… |
| STORM-1084 | Storm-1084 | Storm-1084 is a threat actor that has been observed collaborating with the MuddyWater group. They have used the DarkBit persona to mask their involvement in ta… |
| Storm-1099 | Storm-1099 RU | Storm-1099 is a sophisticated Russia-affiliated influence actor that has been conducting pro-Russia influence operations targeting international supporters of … |
| STORM-1099 | Storm-1099 | Storm-1099 is a sophisticated Russia-affiliated influence actor that has been conducting pro-Russia influence operations targeting international supporters of … |
| Storm-1101 | Storm-1101 | DEV-1101 is a threat actor tracked by Microsoft who is responsible for developing and advertising phishing kits, specifically AiTM phishing kits. These kits ar… |
| STORM-1101 | Storm-1101 | DEV-1101 is a threat actor tracked by Microsoft who is responsible for developing and advertising phishing kits, specifically AiTM phishing kits. These kits ar… |
| Storm-1113 | Storm-1113 | Storm-1113 is a threat actor that acts both as an access broker focused on malware distribution through search advertisements and as an “as-a-service” entity p… |
| STORM-1113 | Storm-1113 | Storm-1113 is a threat actor that acts both as an access broker focused on malware distribution through search advertisements and as an “as-a-service” entity p… |
| Storm-1133 | Storm-1133 PS | In early 2023, Microsoft In early 2023, observed a wave of activity from a Gaza-based group that we track as Storm-1133 targeting Israeli private sector energy… |
| STORM-1133 | Storm-1133 | In early 2023, Microsoft In early 2023, observed a wave of activity from a Gaza-based group that we track as Storm-1133 targeting Israeli private sector energy… |
| Storm-1152 | Storm-1152 VN | Storm-1152, a cybercriminal group, was recently taken down by Microsoft for illegally reselling Outlook accounts. They operated by creating approximately 750 m… |
| STORM-1152 | Storm-1152 | Storm-1152, a cybercriminal group, was recently taken down by Microsoft for illegally reselling Outlook accounts. They operated by creating approximately 750 m… |
| Storm-1167 | Storm-1167 ID | Storm-1167 is a threat actor (origin ID) catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as DEV-1167. Original record: Storm-1167 is a … |
| STORM-1167 | Storm-1167 | Storm-1167 is a threat actor tracked by Microsoft, known for their use of an AiTM phishing kit. They were responsible for launching an attack that led to Busin… |
| Storm-1175 | Storm-1175 CN | Storm-1175 is a cybercriminal group known for deploying Medusa ransomware and exploiting public-facing applications for initial access. They have been observed… |
| STORM-1175 | Storm-1175 | Storm-1175 is a cybercriminal group known for deploying Medusa ransomware and exploiting public-facing applications for initial access. They have been observed… |
| Storm-1283 | Storm-1283 | Storm-1283 is a threat actor that targeted Microsoft Azure cloud platform. They gained access to user accounts and created OAuth applications using stolen cred… |
| STORM-1283 | Storm-1283 | Storm-1283 is a threat actor that targeted Microsoft Azure cloud platform. They gained access to user accounts and created OAuth applications using stolen cred… |
| Storm-1286 | Storm-1286 | Storm-1286 is a threat actor that engages in large-scale spamming activities, primarily targeting user accounts without multifactor authentication enabled. The… |
| STORM-1286 | Storm-1286 | Storm-1286 is a threat actor that engages in large-scale spamming activities, primarily targeting user accounts without multifactor authentication enabled. The… |
| Storm-1295 | Storm-1295 | Storm-1295 is a threat actor group that operates the Greatness phishing-as-a-service platform. They utilize synchronous relay servers to present targets with a… |
| STORM-1295 | Storm-1295 | Storm-1295 is a threat actor group that operates the Greatness phishing-as-a-service platform. They utilize synchronous relay servers to present targets with a… |
| Storm-1516 | Storm-1516 RU | CopyCop is a Russian covert influence network that has established over 300 fictional media websites targeting the US, France, Canada, and other countries, pri… |
| STORM-1516 | Storm-1516 | CopyCop is a Russian covert influence network that has established over 300 fictional media websites targeting the US, France, Canada, and other countries, pri… |
| Storm-1567 | Storm-1567 | Storm-1567 is the threat actor behind the Ransomware-as-a-Service Akira. They attacked Swedish organizations in March 2023. This ransomware utilizes the ChaCha… |
| STORM-1567 | Storm-1567 | Storm-1567 is the threat actor behind the Ransomware-as-a-Service Akira. They attacked Swedish organizations in March 2023. This ransomware utilizes the ChaCha… |
| Storm-1575 | Storm-1575 | Storm-1575 is a threat actor identified by Microsoft as being involved in phishing campaigns using the Dadsec platform. They utilize hundreds of Domain Generat… |