2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,651–1,700 of 2,004 · page 34 of 41
| ID | Title | Summary |
|---|---|---|
| TRIPLESTRENGTH | TRIPLESTRENGTH | TRIPLESTRENGTH is a financially motivated threat actor targeting cloud environments and on-premises infrastructures for cryptojacking, ransomware, and extortio… |
| Tstark | Tstark CN | TStark is a threat actor identified by X-Ops, associated with a cluster of devices that executed the bookmark buffer overflow exploit targeting CVE-2020-15069 … |
| TSTARK | Tstark | TStark is a threat actor identified by X-Ops, associated with a cluster of devices that executed the bookmark buffer overflow exploit targeting CVE-2020-15069 … |
| TunnelSnake | TunnelSnake CN | The TunnelSnake campaign demonstrates the activity of a sophisticated actor that invests significant resources in designing an evasive toolset and infiltrating… |
| TUNNELSNAKE | TunnelSnake | The TunnelSnake campaign demonstrates the activity of a sophisticated actor that invests significant resources in designing an evasive toolset and infiltrating… |
| TurkHackTeam | TurkHackTeam TR | Founded in 2004, Turkhackteam is one of Turkey’s oldest and most high-profile hacking collectives. According to a list compiled on Turkhackteam’s forum, the gr… |
| TURKHACKTEAM | TurkHackTeam | Founded in 2004, Turkhackteam is one of Turkey’s oldest and most high-profile hacking collectives. According to a list compiled on Turkhackteam’s forum, the gr… |
| Turla | Turla RU | A 2014 Guardian article described Turla as: 'Dubbed the Turla hackers, initial intelligence had indicated western powers were key targets, but it was later det… |
| TURLA | Turla | A 2014 Guardian article described Turla as: 'Dubbed the Turla hackers, initial intelligence had indicated western powers were key targets, but it was later det… |
| TwoSail Junk | TwoSail Junk | TwoSail Junk directs visitors to its exploit site by posting links within the threads of forum discussions, or creating new topic threads of their own. To date… |
| TWOSAIL-JUNK | TwoSail Junk | TwoSail Junk directs visitors to its exploit site by posting links within the threads of forum discussions, or creating new topic threads of their own. To date… |
| UAC-0006 | UAC-0006 | UAC-0006 is a financially motivated threat actor that has been active since at least 2013. They primarily target Ukrainian organizations, particularly accounta… |
| UAC-0006 | UAC-0006 | UAC-0006 is a financially motivated threat actor that has been active since at least 2013. They primarily target Ukrainian organizations, particularly accounta… |
| UAC-0020 | UAC-0020 RU | Vermin is a threat actor group linked to the Luhansk People’s Republic and believed to be acting on behalf of the Kremlin. They have targeted Ukrainian governm… |
| UAC-0020 | UAC-0020 | Vermin is a threat actor group linked to the Luhansk People’s Republic and believed to be acting on behalf of the Kremlin. They have targeted Ukrainian governm… |
| UAC-0050 | UAC-0050 | UAC-0050 is a threat actor that has been active since 2020, targeting government agencies in Ukraine. They have been distributing the Remcos RAT malware throug… |
| UAC-0050 | UAC-0050 | UAC-0050 is a threat actor that has been active since 2020, targeting government agencies in Ukraine. They have been distributing the Remcos RAT malware throug… |
| UAC-0063 | UAC-0063 | UAC-0063 is a threat actor linked to Russian APT28, known for targeting government entities in Ukraine and Central Asia for cyber espionage operations. They ut… |
| UAC-0063 | UAC-0063 | UAC-0063 is a threat actor linked to Russian APT28, known for targeting government entities in Ukraine and Central Asia for cyber espionage operations. They ut… |
| UAC-0094 | UAC-0094 RU | State Service of Special Communication and Information Protection of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram acc… |
| UAC-0094 | UAC-0094 | State Service of Special Communication and Information Protection of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram acc… |
| UAC-0099 | UAC-0099 | UAC-0099 is a threat actor that has been active since at least May 2023, targeting Ukrainian entities. They have been observed using a known WinRAR vulnerabili… |
| UAC-0099 | UAC-0099 | UAC-0099 is a threat actor that has been active since at least May 2023, targeting Ukrainian entities. They have been observed using a known WinRAR vulnerabili… |
| UAC-0102 | UAC-0102 | UAC-0102 is a threat actor group targeting UKR.NET users through phishing attacks. They distribute emails with HTML file attachments that redirect users to a f… |
| UAC-0102 | UAC-0102 | UAC-0102 is a threat actor group targeting UKR.NET users through phishing attacks. They distribute emails with HTML file attachments that redirect users to a f… |
| UAC-0118 | UAC-0118 | From Russia with Love, is a threat actor group that emerged during the Russia-Ukraine war in 2022. They primarily engage in DDoS attacks and have targeted crit… |
| UAC-0118 | UAC-0118 | From Russia with Love, is a threat actor group that emerged during the Russia-Ukraine war in 2022. They primarily engage in DDoS attacks and have targeted crit… |
| UAC-0149 | UAC-0149 | UAC-0149 is a threat actor targeting the Armed Forces of Ukraine with COOKBOX malware. They use obfuscation techniques like character encoding and base64 encod… |
| UAC-0149 | UAC-0149 | UAC-0149 is a threat actor targeting the Armed Forces of Ukraine with COOKBOX malware. They use obfuscation techniques like character encoding and base64 encod… |
| UAC-0154 | UAC-0154 | UAC-0154 is a threat actor orchestrating the STARK#VORTEX phishing campaign, specifically targeting Ukraine’s military. They employ a Microsoft Help file conta… |
| UAC-0154 | UAC-0154 | UAC-0154 is a threat actor orchestrating the STARK#VORTEX phishing campaign, specifically targeting Ukraine’s military. They employ a Microsoft Help file conta… |
| UAC-0184 | UAC-0184 | UAC-0184 is a threat actor targeting Ukrainian organizations in Finland, using the Remcos Remote Access Trojan in their attacks. They have been observed utiliz… |
| UAC-0184 | UAC-0184 | UAC-0184 is a threat actor targeting Ukrainian organizations in Finland, using the Remcos Remote Access Trojan in their attacks. They have been observed utiliz… |
| UAC-0185 | UAC-0185 | UAC-0185 has been active since at least 2022, primarily targeting Ukrainian defense organizations through credential theft via messaging apps like Signal, Tele… |
| UAC-0185 | UAC-0185 | UAC-0185 has been active since at least 2022, primarily targeting Ukrainian defense organizations through credential theft via messaging apps like Signal, Tele… |
| UAC-0194 | UAC-0194 RU | UAC-0194 is a Russian threat actor linked to the exploitation of the Windows zero-day CVE-2024-43451, which was used in attacks against Ukrainian organizations… |
| UAC-0194 | UAC-0194 | UAC-0194 is a Russian threat actor linked to the exploitation of the Windows zero-day CVE-2024-43451, which was used in attacks against Ukrainian organizations… |
| UAC-0215 | UAC-0215 | UAC-0215 is an APT group that has orchestrated a phishing campaign targeting public institutions, major industries, and military units in Ukraine, utilizing ro… |
| UAC-0215 | UAC-0215 | UAC-0215 is an APT group that has orchestrated a phishing campaign targeting public institutions, major industries, and military units in Ukraine, utilizing ro… |
| UAC-0219 | UAC-0219 | UAC-0219 is a hacking group observed conducting cyber-espionage operations targeting Ukrainian critical sectors, primarily utilising WRECKSTEEL malware for fil… |
| UAC-0219 | UAC-0219 | UAC-0219 is a hacking group observed conducting cyber-espionage operations targeting Ukrainian critical sectors, primarily utilising WRECKSTEEL malware for fil… |
| UAC-0226 | UAC-0226 | UAC-0226 is a cyber-espionage group targeting Ukrainian military, law enforcement, and local government entities—particularly near the eastern border—since Feb… |
| UAC-0226 | UAC-0226 | UAC-0226 is a cyber-espionage group targeting Ukrainian military, law enforcement, and local government entities—particularly near the eastern border—since Feb… |
| UAC-0227 | UAC-0227 | UAC-0227 is an APT group that has been active since at least March 2025, targeting local governments, critical infrastructure, and various organizations in the… |
| UAC-0227 | UAC-0227 | UAC-0227 is an APT group that has been active since at least March 2025, targeting local governments, critical infrastructure, and various organizations in the… |
| UAC-0239 | UAC-0239 | UAC-0239 has been observed conducting spearphishing attacks targeting the Defence Forces and local state agencies of Ukraine, impersonating the Security Servic… |
| UAC-0239 | UAC-0239 | UAC-0239 has been observed conducting spearphishing attacks targeting the Defence Forces and local state agencies of Ukraine, impersonating the Security Servic… |
| UAC-0241 | UAC-0241 | UAC-0241 is a threat actor tracked by CERT-UA, active from May to November 2025, targeting educational institutions and government bodies in eastern Ukraine vi… |
| UAC-0241 | UAC-0241 | UAC-0241 is a threat actor tracked by CERT-UA, active from May to November 2025, targeting educational institutions and government bodies in eastern Ukraine vi… |
| UAC-0245 | UAC-0245 RU | UAC-0245 is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Threat actors, tracked under the identifier UAC-02… |