2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 151–200 of 2,004 · page 4 of 41
| ID | Title | Summary |
|---|---|---|
| Avivore | Avivore CN | The group’s existence came to light during Context’s investigation of a number of attacks against multinational enterprises that compromise smaller engineering… |
| AVIVORE | Avivore | The group’s existence came to light during Context’s investigation of a number of attacks against multinational enterprises that compromise smaller engineering… |
| Awaken Likho | Awaken Likho | Awaken Likho is an APT group that has targeted Russian government agencies and industrial enterprises, employing techniques such as information gathering via s… |
| AWAKEN-LIKHO | Awaken Likho | Awaken Likho is an APT group that has targeted Russian government agencies and industrial enterprises, employing techniques such as information gathering via s… |
| Ayyıldız Tim | Ayyıldız Tim TR | Ayyıldız (Crescent and Star) Tim is a nationalist hacking group founded in 2002. It performs defacements and DDoS attacks against the websites of governments t… |
| AYY-LD-Z-TIM | Ayyıldız Tim | Ayyıldız (Crescent and Star) Tim is a nationalist hacking group founded in 2002. It performs defacements and DDoS attacks against the websites of governments t… |
| AzzaSec | AzzaSec IT | AzzaSec is a hacktivist group that originated in Italy. Known for their pro-Palestine stance, they have been involved in various cyberattacks targeting Israel … |
| AZZASEC | AzzaSec | AzzaSec is a hacktivist group that originated in Italy. Known for their pro-Palestine stance, they have been involved in various cyberattacks targeting Israel … |
| BackdoorDiplomacy | BackdoorDiplomacy | An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunica… |
| BACKDOORDIPLOMACY | BackdoorDiplomacy | An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunica… |
| BadRory | BadRory | Kaspersky researchers have identified a new APT group named BadRory that has mounted two waves of spear-phishing attacks against Russian organizations. The cam… |
| BADRORY | BadRory | Kaspersky researchers have identified a new APT group named BadRory that has mounted two waves of spear-phishing attacks against Russian organizations. The cam… |
| Bahamut | Bahamut | Bahamut is a threat actor primarily operating in Middle East and Central Asia, suspected to be a private contractor to several state sponsored actors. They wer… |
| BAHAMUT | Bahamut | Bahamut is a threat actor primarily operating in Middle East and Central Asia, suspected to be a private contractor to several state sponsored actors. They wer… |
| BAMBOO SPIDER | BAMBOO SPIDER | BAMBOO SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: BAMBOO SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-… |
| BAMBOO-SPIDER | BAMBOO SPIDER | Crowdstrike tracks the developer of Panda Zeus as BAMBOO SPIDER |
| BANISHED KITTEN | BANISHED KITTEN IR | BANISHED KITTEN is an Iranian state-nexus adversary active since at least 2008. While the adversary’s most prominent activity is the July and September 2022 di… |
| BANISHED-KITTEN | BANISHED KITTEN | BANISHED KITTEN is an Iranian state-nexus adversary active since at least 2008. While the adversary’s most prominent activity is the July and September 2022 di… |
| BatShadow | BatShadow VN | BatShadow is a Vietnamese threat actor that targets job seekers and digital marketing professionals through social engineering campaigns, deploying the Go-base… |
| BATSHADOW | BatShadow | BatShadow is a Vietnamese threat actor that targets job seekers and digital marketing professionals through social engineering campaigns, deploying the Go-base… |
| BazarCall | BazarCall | BazarCall campaigns forgo malicious links or attachments in email messages in favor of phone numbers that recipients are misled into calling. It’s a technique … |
| BAZARCALL | BazarCall | BazarCall campaigns forgo malicious links or attachments in email messages in favor of phone numbers that recipients are misled into calling. It’s a technique … |
| Bearlyfy | Bearlyfy UA | Bearlyfy has been attributed to over 70 cyber attacks targeting Russian companies since its emergence in January 2025, employing a custom Windows ransomware st… |
| BEARLYFY | Bearlyfy | Bearlyfy has been attributed to over 70 cyber attacks targeting Russian companies since its emergence in January 2025, employing a custom Windows ransomware st… |
| Beijing Group | Beijing Group CN | Beijing Group is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as SNEAKY PANDA, Elderwood, Elderwoo… |
| BEIJING-GROUP | Beijing Group | |
| BelialDemon | BelialDemon | BelialDemon is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Matanbuchus. Original record: BelialDemon is a threat … |
| BELIALDEMON | BelialDemon | Mentioned as operator of TriumphLoader and Matanbuchus |
| Belsen Group | Belsen Group | The Belsen Group has exploited the CVE-2022-40684 vulnerability in Fortinet devices to compromise over 15,000 FortiGate firewalls, releasing detailed configura… |
| BELSEN-GROUP | Belsen Group | The Belsen Group has exploited the CVE-2022-40684 vulnerability in Fortinet devices to compromise over 15,000 FortiGate firewalls, releasing detailed configura… |
| BiBiGun | BiBiGun PS | A pro-Hamas hacktivist group developed a wiper called BiBi-Linux to target and destroy data on Israeli systems. The malware impersonates ransomware but operate… |
| BIBIGUN | BiBiGun | A pro-Hamas hacktivist group developed a wiper called BiBi-Linux to target and destroy data on Israeli systems. The malware impersonates ransomware but operate… |
| BIG PANDA | BIG PANDA CN | BIG PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: BIG PANDA is a Chinese-attributed threat actor ca… |
| BIG-PANDA | BIG PANDA | |
| Bignosa | Bignosa KE | Bignosa is a threat actor known for launching malware campaigns targeting Australian and US organizations using phishing emails with disguised Agent Tesla atta… |
| BIGNOSA | Bignosa | Bignosa is a threat actor known for launching malware campaigns targeting Australian and US organizations using phishing emails with disguised Agent Tesla atta… |
| BITWISE SPIDER | BITWISE SPIDER | BITWISE SPIDER has recently and quickly become a significant player in the big game hunting (BGH) landscape. Their dedicated leak site (DLS) has received the h… |
| BITWISE-SPIDER | BITWISE SPIDER | BITWISE SPIDER has recently and quickly become a significant player in the big game hunting (BGH) landscape. Their dedicated leak site (DLS) has received the h… |
| Blackatom | Blackatom PS | Recent campaigns suggest Hamas-linked actors may be advancing their TTPs to include intricate social engineering lures specially crafted to appeal to a niche g… |
| BLACKATOM | Blackatom | Recent campaigns suggest Hamas-linked actors may be advancing their TTPs to include intricate social engineering lures specially crafted to appeal to a niche g… |
| Blackgear | Blackgear CN | BLACKGEAR is an espionage campaign which has targeted users in Taiwan for many years. Multiple papers and talks have been released covering this campaign, whic… |
| BLACKGEAR | Blackgear | BLACKGEAR is an espionage campaign which has targeted users in Taiwan for many years. Multiple papers and talks have been released covering this campaign, whic… |
| BlackJack | BlackJack UA | Blackjack, a threat actor linked to Ukraine's security apparatus, has targeted critical Russian entities such as ISPs, utilities, and military infrastructure. … |
| BLACKJACK | BlackJack | Blackjack, a threat actor linked to Ukraine's security apparatus, has targeted critical Russian entities such as ISPs, utilities, and military infrastructure. … |
| BLACKMASKERS | BlackMaskers | BlackMaskers Team has emerged as a significant threat actor, particularly targeting Jordan amid the Israel-Iran conflict. They have claimed responsibility for … |
| Blackmeta | Blackmeta PS | BLACKMETA is a pro-Palestinian hacktivist group that has claimed responsibility for a series of DDoS attacks and data breaches targeting organizations perceive… |
| BLACKMETA | Blackmeta | BLACKMETA is a pro-Palestinian hacktivist group that has claimed responsibility for a series of DDoS attacks and data breaches targeting organizations perceive… |
| BlackOasis | BlackOasis | BlackOasis is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United N… |
| BLACKOASIS | BlackOasis | BlackOasis is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United N… |
| Blacktail | Blacktail | Blacktail is a cybercrime group that has gained attention for its ransomware campaigns, particularly the Buhti ransomware. They are known for using custom-buil… |