2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,801–1,850 of 2,004 · page 37 of 41
| ID | Title | Summary |
|---|---|---|
| UNC5820 | UNC5820 | UNC5820 is a threat actor exploiting the CVE-2024-47575 vulnerability in Fortinet's FortiManager, allowing them to bypass authentication and execute arbitrary … |
| UNC6032 | UNC6032 VN | UNC6032 is a threat actor that weaponizes interest in AI tools, specifically targeting users with fake "AI video generator" websites to distribute malware, inc… |
| UNC6032 | UNC6032 | UNC6032 is a threat actor that weaponizes interest in AI tools, specifically targeting users with fake "AI video generator" websites to distribute malware, inc… |
| UNC6040 | UNC6040 | UNC6040 is a financially motivated threat cluster that employs vishing to gain access to organizations' Salesforce environments, facilitating large-scale data … |
| UNC6040 | UNC6040 | UNC6040 is a financially motivated threat cluster that employs vishing to gain access to organizations' Salesforce environments, facilitating large-scale data … |
| UNC6148 | UNC6148 | UNC6148 is a financially motivated threat actor that targets SonicWall Secure Mobile Access 100 series appliances, leveraging stolen credentials and possibly z… |
| UNC6148 | UNC6148 | UNC6148 is a financially motivated threat actor that targets SonicWall Secure Mobile Access 100 series appliances, leveraging stolen credentials and possibly z… |
| UNC6201 | UNC6201 CN | UNC6201 is a sophisticated Chinese state-sponsored hacking group that exploited CVE-2026–22769, a critical vulnerability in Dell RecoverPoint for Virtual Machi… |
| UNC6201 | UNC6201 | UNC6201 is a sophisticated Chinese state-sponsored hacking group that exploited CVE-2026–22769, a critical vulnerability in Dell RecoverPoint for Virtual Machi… |
| UNC6293 | UNC6293 RU | UNC6293 is a Russian state-sponsored threat actor identified by Google's Threat Intelligence Group (GTIG), which associates them with APT29 with low confidence… |
| UNC6293 | UNC6293 | UNC6293 is a Russian state-sponsored threat actor identified by Google's Threat Intelligence Group (GTIG), which associates them with APT29 with low confidence… |
| UNC6353 | UNC6353 | UNC6353 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: UNC6353 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341)… |
| UNC6353 | UNC6353 | suspected Russian espionage group. |
| UNC6384 | UNC6384 CN | UNC6384 (also tracked as Vertigo Panda) is a Chinese-affiliated APT that conducts targeted espionage campaigns primarily against diplomatic entities in Southea… |
| UNC6384 | UNC6384 | UNC6384 (also tracked as Vertigo Panda) is a Chinese-affiliated APT that conducts targeted espionage campaigns primarily against diplomatic entities in Southea… |
| UNC6395 | UNC6395 | The actor systematically exported large volumes of data from numerous corporate Salesforce instances. GTIG assesses the primary intent of the threat actor is t… |
| UNC6395 | UNC6395 | The actor systematically exported large volumes of data from numerous corporate Salesforce instances. GTIG assesses the primary intent of the threat actor is t… |
| UNC6426 | UNC6426 | UNC6426 exploited a supply chain compromise of the nx npm package to steal a developer's GitHub Personal Access Token and gain access to a victim's cloud envir… |
| UNC6426 | UNC6426 | UNC6426 exploited a supply chain compromise of the nx npm package to steal a developer's GitHub Personal Access Token and gain access to a victim's cloud envir… |
| UNC6485 | UNC6485 | UNC6485 is a cyber-espionage group exploiting CVE-2025-12480 in Gladinet’s Triofox file-sharing platform to gain initial network access and establish long-term… |
| UNC6485 | UNC6485 | UNC6485 is a cyber-espionage group exploiting CVE-2025-12480 in Gladinet’s Triofox file-sharing platform to gain initial network access and establish long-term… |
| UNC6619 | UNC6619 | TGR-STA-1030 is a state-aligned cyberespionage group operating out of Asia, known for compromising government and critical infrastructure organizations across … |
| UNC6619 | UNC6619 | TGR-STA-1030 is a state-aligned cyberespionage group operating out of Asia, known for compromising government and critical infrastructure organizations across … |
| UNC6671 | UNC6671 | UNC6671 is involved in credential harvesting operations, utilizing vishing tactics to impersonate IT staff and directing victims to enter credentials on a vict… |
| UNC6671 | UNC6671 | UNC6671 is involved in credential harvesting operations, utilizing vishing tactics to impersonate IT staff and directing victims to enter credentials on a vict… |
| UNC6691 | UNC6691 | UNC6691 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: UNC6691 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341)… |
| UNC6691 | UNC6691 | financially motivated threat actor operating from China |
| UNC6692 | UNC6692 | UNC6692 is a threat actor that employs social engineering tactics, such as impersonating IT helpdesk personnel, to gain initial access to victim environments. … |
| UNC6692 | UNC6692 | UNC6692 is a threat actor that employs social engineering tactics, such as impersonating IT helpdesk personnel, to gain initial access to victim environments. … |
| UNC6748 | UNC6748 RU | UNC6748 targets users in Saudi Arabia through a fake Snapchat website, employing a backdoor known as GHOSTKNIFE for data exfiltration. Their exploitation proce… |
| UNC6748 | UNC6748 | UNC6748 targets users in Saudi Arabia through a fake Snapchat website, employing a backdoor known as GHOSTKNIFE for data exfiltration. Their exploitation proce… |
| Unfading Sea Haze | Unfading Sea Haze CN | Unfading Sea Haze is a threat actor focused on espionage, targeting government and military organizations in the South China Sea region since 2018. They employ… |
| UNFADING-SEA-HAZE | Unfading Sea Haze | Unfading Sea Haze is a threat actor focused on espionage, targeting government and military organizations in the South China Sea region since 2018. They employ… |
| UNG0002 | UNG0002 | UNG0002 is a technically adept APT conducting large-scale cyber espionage campaigns targeting strategic sectors in China, Hong Kong, and Pakistan, including de… |
| UNG0002 | UNG0002 | UNG0002 is a technically adept APT conducting large-scale cyber espionage campaigns targeting strategic sectors in China, Hong Kong, and Pakistan, including de… |
| UNG0901 | UNG0901 | UNG0901 is a cyber-espionage threat actor targeting Russian entities, particularly in the aerospace and defense sectors, utilizing spear-phishing tactics. They… |
| UNG0901 | UNG0901 | UNG0901 is a cyber-espionage threat actor targeting Russian entities, particularly in the aerospace and defense sectors, utilizing spear-phishing tactics. They… |
| UNION PANDA | UNION PANDA CN | UNION PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: UNION PANDA is a Chinese-attributed threat acto… |
| UNION-PANDA | UNION PANDA | |
| UNION SPIDER | UNION SPIDER RU | UNION SPIDER is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: UNION SPIDER is a Russian-attributed threat ac… |
| UNION-SPIDER | UNION SPIDER | Adversary targeting manufacturing and industrial organizations. |
| Unit 8200 | Unit 8200 IL | Unit 8200 is a Israeli-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Duqu Group. Operational targeting foc… |
| UNIT-8200 | Unit 8200 | |
| UNK_AcademicFlare | UNK_AcademicFlare RU | UNK_AcademicFlare is a suspected Russia-aligned threat actor that conducts device code phishing campaigns by leveraging compromised email addresses from govern… |
| UNK-ACADEMICFLARE | UNK_AcademicFlare | UNK_AcademicFlare is a suspected Russia-aligned threat actor that conducts device code phishing campaigns by leveraging compromised email addresses from govern… |
| UNK_DropPitch | UNK_DropPitch | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| UNK-DROPPITCH | UNK_DropPitch | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| UNK_FistBump | UNK_FistBump | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| UNK-FISTBUMP | UNK_FistBump | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| UNK_RemoteRogue | UNK_RemoteRogue RU | UNK_RemoteRogue is a suspected Russian threat actor that has been observed utilizing ClickFix in its infection chains, although this technique is not revolutio… |