2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,451–1,500 of 2,004 · page 30 of 41
| ID | Title | Summary |
|---|---|---|
| STORM-1575 | Storm-1575 | Storm-1575 is a threat actor identified by Microsoft as being involved in phishing campaigns using the Dadsec platform. They utilize hundreds of Domain Generat… |
| Storm-1674 | Storm-1674 | Storm-1674 is an access broker known for using tools based on the publicly available TeamsPhisher tool to distribute DarkGate malware. Storm-1674 campaigns hav… |
| STORM-1674 | Storm-1674 | Storm-1674 is an access broker known for using tools based on the publicly available TeamsPhisher tool to distribute DarkGate malware. Storm-1674 campaigns hav… |
| Storm-1679 | Storm-1679 RU | Storm-1679 is a Russian disinformation group believed to be a spinoff of the Internet Research Agency, actively engaged in influence operations targeting the I… |
| STORM-1679 | Storm-1679 | Storm-1679 is a Russian disinformation group believed to be a spinoff of the Internet Research Agency, actively engaged in influence operations targeting the I… |
| Storm-1747 | Storm-1747 | Storm-1747 is an intrusion set that develops and operates the Tycoon 2FA phishing kit, which has been active since at least mid-2023 and is known for its sophi… |
| STORM-1747 | Storm-1747 | Storm-1747 is an intrusion set that develops and operates the Tycoon 2FA phishing kit, which has been active since at least mid-2023 and is known for its sophi… |
| Storm-1849 | Storm-1849 | UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabi… |
| STORM-1849 | Storm-1849 | UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabi… |
| Storm-1977 | Storm-1977 | Storm-1977 is a sophisticated threat actor that conducts password-spraying attacks targeting cloud tenants, particularly in the education sector, utilizing the… |
| STORM-1977 | Storm-1977 | Storm-1977 is a sophisticated threat actor that conducts password-spraying attacks targeting cloud tenants, particularly in the education sector, utilizing the… |
| Storm-2077 | Storm-2077 CN | TAG-100 is a cyber-espionage APT that targets government and private sector organizations globally, exploiting vulnerabilities in internet-facing devices such … |
| STORM-2077 | Storm-2077 | TAG-100 is a cyber-espionage APT that targets government and private sector organizations globally, exploiting vulnerabilities in internet-facing devices such … |
| Storm-2139 | Storm-2139 | Storm-2139 is a cybercrime group that exploited stolen API keys from compromised Azure OpenAI Service accounts to generate harmful content, including non-conse… |
| STORM-2139 | Storm-2139 | Storm-2139 is a cybercrime group that exploited stolen API keys from compromised Azure OpenAI Service accounts to generate harmful content, including non-conse… |
| Storm-2372 | Storm-2372 RU | Storm-2372 is a suspected nation-state actor aligned with Russian interests, engaging in device code phishing campaigns targeting governments, NGOs, and variou… |
| STORM-2372 | Storm-2372 | Storm-2372 is a suspected nation-state actor aligned with Russian interests, engaging in device code phishing campaigns targeting governments, NGOs, and variou… |
| Storm-2460 | Storm-2460 | Storm-2460 is a threat actor that has exploited elevation of privilege vulnerabilities to deploy PipeMagic malware and ransomware, enabling them to escalate ac… |
| STORM-2460 | Storm-2460 | Storm-2460 is a threat actor that has exploited elevation of privilege vulnerabilities to deploy PipeMagic malware and ransomware, enabling them to escalate ac… |
| Storm-2561 | Storm-2561 | Storm-2561 is a cybercriminal threat actor known for a credential theft campaign that employs SEO poisoning to distribute fake VPN clients. The campaign redire… |
| STORM-2561 | Storm-2561 | Storm-2561 is a cybercriminal threat actor known for a credential theft campaign that employs SEO poisoning to distribute fake VPN clients. The campaign redire… |
| Storm-2603 | Storm-2603 CN | The group Microsoft tracks as Storm-2603 is assessed with medium confidence to be a China-based threat actor. Microsoft has not identified links between Storm-… |
| STORM-2603 | Storm-2603 | The group Microsoft tracks as Storm-2603 is assessed with medium confidence to be a China-based threat actor. Microsoft has not identified links between Storm-… |
| Storm-2657 | Storm-2657 | Storm-2657 is a financially motivated threat actor targeting US-based organizations, particularly in higher education, to compromise employee accounts and redi… |
| STORM-2657 | Storm-2657 | Storm-2657 is a financially motivated threat actor targeting US-based organizations, particularly in higher education, to compromise employee accounts and redi… |
| STORM-2949 | Storm-2949 | Storm-2949 is a sophisticated threat actor that exploited Microsoft’s Self-Service Password Reset process to compromise high-value accounts, primarily targetin… |
| StucxTeam | StucxTeam | Stucx is a threat actor known for targeting Israeli systems, including SCADA systems and the Red Alert missile protection system. Stucx Team has also developed… |
| STUCXTEAM | StucxTeam | Stucx is a threat actor known for targeting Israeli systems, including SCADA systems and the Red Alert missile protection system. Stucx Team has also developed… |
| Sunglow Blizzard | Sunglow Blizzard RU | Sunglow Blizzard is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as DEV-0665. Original record: DEV… |
| SUNGLOW-BLIZZARD | Sunglow Blizzard | DEV-0665 is a threat actor associated with the HermeticWiper attacks. Their objective is to disrupt, degrade, and destroy specific resources within a targeted … |
| Swan Vector | Swan Vector | Seqrite Labs APT-Team has recently uncovered a campaign which we have termed as Swan Vector, that has been targeting the nations across the East China sea such… |
| SWAN-VECTOR | Swan Vector | Seqrite Labs APT-Team has recently uncovered a campaign which we have termed as Swan Vector, that has been targeting the nations across the East China sea such… |
| SWEED | SWEED | Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable… |
| SWEED | SWEED | Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable… |
| SYLHET GANG-SG | SYLHET GANG-SG | SYLHET GANG-SG is a hacktivist group that has targeted critical infrastructure and various entities, including the Central European University and the EU Parli… |
| SYLHET-GANG-SG | SYLHET GANG-SG | SYLHET GANG-SG is a hacktivist group that has targeted critical infrastructure and various entities, including the Central European University and the EU Parli… |
| TA2101 | TA2101 RU | Proofpoint researchers detected campaigns from a relatively new actor, tracked internally as TA2101, targeting German companies and organizations to deliver an… |
| TA2101 | TA2101 | Proofpoint researchers detected campaigns from a relatively new actor, tracked internally as TA2101, targeting German companies and organizations to deliver an… |
| TA2536 | TA2536 NG | TA2536, which has been active since at least 2015, is likely Nigerian based on its unique linguistic style, tactics and tools. It uses keyloggers such as HawkE… |
| TA2536 | TA2536 | TA2536, which has been active since at least 2015, is likely Nigerian based on its unique linguistic style, tactics and tools. It uses keyloggers such as HawkE… |
| TA2541 | TA2541 | Persistent cybercrime threat actor targeting aviation, aerospace, transportation, manufacturing, and defense industries for years. This threat actor consistent… |
| TA2541 | TA2541 | Persistent cybercrime threat actor targeting aviation, aerospace, transportation, manufacturing, and defense industries for years. This threat actor consistent… |
| TA2552 | TA2552 | Since January 2020, Proofpoint researchers have tracked an actor abusing Microsoft Office 365 (O365) third-party application (3PA) access, with suspected activ… |
| TA2552 | TA2552 | Since January 2020, Proofpoint researchers have tracked an actor abusing Microsoft Office 365 (O365) third-party application (3PA) access, with suspected activ… |
| TA2719 | TA2719 | In late March 2020, Proofpoint researchers began tracking a new actor with a penchant for using NanoCore and later AsyncRAT, popular commodity remote access tr… |
| TA2719 | TA2719 | In late March 2020, Proofpoint researchers began tracking a new actor with a penchant for using NanoCore and later AsyncRAT, popular commodity remote access tr… |
| TA2722 | TA2722 | TA2722 is a highly active threat actor that targets various industries including Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Ener… |
| TA2722 | TA2722 | TA2722 is a highly active threat actor that targets various industries including Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Ener… |
| TA2723 | TA2723 | TA2723 is a financially-motivated, high-volume credential phishing threat actor known for spoofing Microsoft OneDrive, LinkedIn, and DocuSign. Proofpoint Threa… |
| TA2723 | TA2723 | TA2723 is a financially-motivated, high-volume credential phishing threat actor known for spoofing Microsoft OneDrive, LinkedIn, and DocuSign. Proofpoint Threa… |