2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 101–150 of 2,004 · page 3 of 41
| ID | Title | Summary |
|---|---|---|
| APT3 | APT3 CN | Symantec described UPS in 2016 report as: 'Buckeye (also known as APT3, Gothic Panda, UPS Team, and TG-0110) is a cyberespionage group that is believed to hav… |
| APT3 | APT3 | Symantec described UPS in 2016 report as: 'Buckeye (also known as APT3, Gothic Panda, UPS Team, and TG-0110) is a cyberespionage group that is believed to hav… |
| APT30 | APT30 CN | APT30 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0013. Operational targeting focuses on t… |
| APT30 | APT30 | APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appe… |
| APT31 | APT31 CN | FireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competeti… |
| APT31 | APT31 | FireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competeti… |
| APT32 | APT32 VN | Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple indust… |
| APT32 | APT32 | Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple indust… |
| APT33 | APT33 IR | APT33 is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as APT 33, Elfin, MAGNALLIUM (and 7 more). O… |
| APT33 | APT33 | Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of … |
| APT35 | APT35 IR | FireEye has identified APT35 operations dating back to 2014. APT35, also known as the Newscaster Team, is a threat group sponsored by the Iranian government th… |
| APT35 | APT35 | FireEye has identified APT35 operations dating back to 2014. APT35, also known as the Newscaster Team, is a threat group sponsored by the Iranian government th… |
| APT37 | APT37 KP | APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its … |
| APT37 | APT37 | APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its … |
| APT39 | APT39 IR | APT39 was created to bring together previous activities and methods used by this actor, and its activities largely align with a group publicly referred to as "… |
| APT39 | APT39 | APT39 was created to bring together previous activities and methods used by this actor, and its activities largely align with a group publicly referred to as "… |
| APT4 | APT4 CN | APT4 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as PLA Navy, MAVERICK PANDA, BRONZE EDISON (a… |
| APT4 | APT4 | |
| APT40 | APT40 CN | Leviathan is an espionage actor targeting organizations and high-value targets in defense and government. Active since at least 2014, this actor has long-stand… |
| APT40 | APT40 | Leviathan is an espionage actor targeting organizations and high-value targets in defense and government. Active since at least 2014, this actor has long-stand… |
| APT41 | APT41 CN | APT41 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0096, TA415, Blackfly (and 17 more). Ope… |
| APT41 | APT41 | APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially ou… |
| APT42 | APT42 IR | Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations o… |
| APT42 | APT42 | Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations o… |
| APT43 | APT43 | • APT43 is a prolific cyber operator that supports the interests of the North Korean regime. The group combines moderately-sophisticated technical capabilities… |
| APT43 | APT43 | • APT43 is a prolific cyber operator that supports the interests of the North Korean regime. The group combines moderately-sophisticated technical capabilities… |
| APT45 | APT45 KP | APT45 is a North Korean cyber threat actor that has been active since at least 2009. They have conducted espionage campaigns targeting government agencies and … |
| APT45 | APT45 | APT45 is a North Korean cyber threat actor that has been active since at least 2009. They have conducted espionage campaigns targeting government agencies and … |
| APT5 | APT5 CN | We have observed one APT group, which we call APT5, particularly focused on telecommunications and technology companies. More than half of the organizations we… |
| APT5 | APT5 | We have observed one APT group, which we call APT5, particularly focused on telecommunications and technology companies. More than half of the organizations we… |
| APT6 | APT6 CN | The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer systems as far back as 2011 … |
| APT6 | APT6 | The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer systems as far back as 2011 … |
| APT73 | APT73 | APT73 is a ransomware group that has publicly identified 12 victims and launched its data leak site on April 25th. The DLS bears a striking resemblance to that… |
| APT73 | APT73 | APT73 is a ransomware group that has publicly identified 12 victims and launched its data leak site on April 25th. The DLS bears a striking resemblance to that… |
| APT9 | APT9 CN | APT9 engages in cyber operations where the goal is data theft, usually focusing on the data and projects that make a particular organization competitive within… |
| APT9 | APT9 | APT9 engages in cyber operations where the goal is data theft, usually focusing on the data and projects that make a particular organization competitive within… |
| APTIran | APTIran IR | APTIran has claimed responsibility for a large-scale campaign targeting Israeli critical infrastructure, asserting infiltration of government ministries, hospi… |
| APTIRAN | APTIran | APTIran has claimed responsibility for a large-scale campaign targeting Israeli critical infrastructure, asserting infiltration of government ministries, hospi… |
| ArcaneDoor | ArcaneDoor | ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actor… |
| ARCANEDOOR | ArcaneDoor | ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actor… |
| AridViper | AridViper PS | AridViper is a state-sponsored APT primarily targeting military personnel, journalists, and dissidents in the Middle East, with a focus on Israel and Palestine… |
| ARIDVIPER | AridViper | AridViper is a state-sponsored APT primarily targeting military personnel, journalists, and dissidents in the Middle East, with a focus on Israel and Palestine… |
| Aslan Neferler Tim | Aslan Neferler Tim TR | Turkish nationalist hacktivist group that has been active for roughly one year. According to Domaintools, the group’s site has been registered since December 2… |
| ASLAN-NEFERLER-TIM | Aslan Neferler Tim | Turkish nationalist hacktivist group that has been active for roughly one year. According to Domaintools, the group’s site has been registered since December 2… |
| Asnarök | Asnarök | Asnarök is a threat actor that exploited CVE-2020-12271 and utilized command injection privilege escalation to gain root access to devices and install the Asna… |
| ASNAR-K | Asnarök | Asnarök is a threat actor that exploited CVE-2020-12271 and utilized command injection privilege escalation to gain root access to devices and install the Asna… |
| AtlasCross | AtlasCross | NSFOCUS Security Labs recently discovered a new attack process based on phishing documents in their daily threat-hunting operations. Delving deeper into this f… |
| ATLASCROSS | AtlasCross | NSFOCUS Security Labs recently discovered a new attack process based on phishing documents in their daily threat-hunting operations. Delving deeper into this f… |
| Attor | Attor | Attor is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Private sector and Government sectors. Original reco… |
| ATTOR | Attor | Adversary group targeting diplomatic missions and governmental organisations. |