2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,951–2,000 of 2,004 · page 40 of 41
| ID | Title | Summary |
|---|---|---|
| WET-PANDA | WET PANDA | |
| White Bear | White Bear RU | As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we … |
| WHITE-BEAR | White Bear | As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we … |
| WhiteCobra | WhiteCobra | WhiteCobra is a threat actor that has infiltrated the Visual Studio Code marketplace and Open VSX registry, deploying 24 malicious extensions targeting cryptoc… |
| WHITECOBRA | WhiteCobra | WhiteCobra is a threat actor that has infiltrated the Visual Studio Code marketplace and Open VSX registry, deploying 24 malicious extensions targeting cryptoc… |
| Whitefly | Whitefly | In July 2018, an attack on Singapore’s largest public health organization, SingHealth, resulted in a reported 1.5 million patient records being stolen. Until n… |
| WHITEFLY | Whitefly | In July 2018, an attack on Singapore’s largest public health organization, SingHealth, resulted in a reported 1.5 million patient records being stolen. Until n… |
| WildCard | WildCard | Wildcard is a threat actor that initially targeted Israel's educational sector with the SysJoker malware. They have since expanded their operations and develop… |
| WILDCARD | WildCard | Wildcard is a threat actor that initially targeted Israel's educational sector with the SysJoker malware. They have since expanded their operations and develop… |
| WildNeutron | WildNeutron | A corporate espionage group has compromised a string of major corporations over the past three years in order to steal confidential information and intellectua… |
| WILDNEUTRON | WildNeutron | A corporate espionage group has compromised a string of major corporations over the past three years in order to steal confidential information and intellectua… |
| WildPressure | WildPressure | WildPressure is a threat actor that targets industrial-related entities in the Middle East. They use a variety of programming languages, including C++, VBScrip… |
| WILDPRESSURE | WildPressure | WildPressure is a threat actor that targets industrial-related entities in the Middle East. They use a variety of programming languages, including C++, VBScrip… |
| WindShift | WindShift | In August of 2018, DarkMatter released a report entitled “In the Trails of WINDSHIFT APT”, which unveiled a threat actor with TTPs very similar to those of Bah… |
| WINDSHIFT | WindShift | In August of 2018, DarkMatter released a report entitled “In the Trails of WINDSHIFT APT”, which unveiled a threat actor with TTPs very similar to those of Bah… |
| Winter Vivern | Winter Vivern RU | Winter Vivern is a cyberespionage group first revealed by DomainTools in 2021. It is thought to have been active since at least 2020 and it targets governments… |
| WINTER-VIVERN | Winter Vivern | Winter Vivern is a cyberespionage group first revealed by DomainTools in 2021. It is thought to have been active since at least 2020 and it targets governments… |
| WIP19 | WIP19 CN | WIP19 is a Chinese-speaking threat group involved in espionage targeting the Middle East and Asia. They utilize a stolen certificate to sign their malware, inc… |
| WIP19 | WIP19 | WIP19 is a Chinese-speaking threat group involved in espionage targeting the Middle East and Asia. They utilize a stolen certificate to sign their malware, inc… |
| WIRTE | WIRTE PS | WIRTE is a threat actor group that was first discovered in 2018. They are suspected to be part of the Gaza Cybergang, an Arabic politically motivated cyber cri… |
| WIRTE | WIRTE | WIRTE is a threat actor group that was first discovered in 2018. They are suspected to be part of the Gaza Cybergang, an Arabic politically motivated cyber cri… |
| Witchetty | Witchetty CN | Witchetty was first documented by ESET in April 2022, who concluded that it was one of three sub-groups of TA410, a broad cyber-espionage operation with some l… |
| WITCHETTY | Witchetty | Witchetty was first documented by ESET in April 2022, who concluded that it was one of three sub-groups of TA410, a broad cyber-espionage operation with some l… |
| WIZARD SPIDER | WIZARD SPIDER RU | Wizard Spider is reportedly associated with Grim Spider and Lunar Spider. The WIZARD SPIDER threat group is the Russia-based operator of the TrickBot banking m… |
| WIZARD-SPIDER | WIZARD SPIDER | Wizard Spider is reportedly associated with Grim Spider and Lunar Spider. The WIZARD SPIDER threat group is the Russia-based operator of the TrickBot banking m… |
| WOLF SPIDER | WOLF SPIDER RO | FIN4 is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthca… |
| WOLF-SPIDER | WOLF SPIDER | FIN4 is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthca… |
| Worok | Worok CN | Worok is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Government and Energy Company sec… |
| WOROK | Worok | Worok is a cyber espionage group, mostly targeting Central Asia. The group toolset includes a C++ loader named CLRLoad, a PowerShell backdoor named PowHeartBea… |
| XakNet | XakNet RU | XakNet is a self-proclaimed hacktivist group that has targeted Ukraine. They claim to be comprised of Russian patriotic volunteers and have conducted various t… |
| XAKNET | XakNet | XakNet is a self-proclaimed hacktivist group that has targeted Ukraine. They claim to be comprised of Russian patriotic volunteers and have conducted various t… |
| Xcatze | Xcatze | Cloud security company Lacework says it discovered a threat actor group named Xcatze that uses a Python named AndroxGh0st to take over AWS servers and send out… |
| XCATZE | Xcatze | Cloud security company Lacework says it discovered a threat actor group named Xcatze that uses a Python named AndroxGh0st to take over AWS servers and send out… |
| XDSpy | XDSpy | Rare is the APT group that goes largely undetected for nine years, but XDSpy is just that; a previously undocumented espionage group that has been active since… |
| XDSPY | XDSpy | Rare is the APT group that goes largely undetected for nine years, but XDSpy is just that; a previously undocumented espionage group that has been active since… |
| Xiaoqiying | Xiaoqiying CN | Xiaoqiying is a primarily Chinese-speaking threat group that is most well known for conducting website defacement and data exfiltration attacks on more than a … |
| XIAOQIYING | Xiaoqiying | Xiaoqiying is a primarily Chinese-speaking threat group that is most well known for conducting website defacement and data exfiltration attacks on more than a … |
| XinXin | XinXin CN | XinXin is a Chinese-speaking threat actor known for its phishing-as-a-service platform, Lucid, which targets global organizations to steal credit card details … |
| XINXIN | XinXin | XinXin is a Chinese-speaking threat actor known for its phishing-as-a-service platform, Lucid, which targets global organizations to steal credit card details … |
| Yanbian Gang | Yanbian Gang | RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting … |
| YANBIAN-GANG | Yanbian Gang | RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting … |
| YoroTrooper | YoroTrooper KZ | YoroTrooper’s main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States, based on … |
| YOROTROOPER | YoroTrooper | YoroTrooper’s main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States, based on … |
| Z-Pentest Alliance | Z-Pentest Alliance RU | Z-Pentest Alliance is a pro-Russian hacktivist group known for targeting industrial control systems and operational technology systems, particularly in Italy a… |
| Z-PENTEST-ALLIANCE | Z-Pentest Alliance | Z-Pentest Alliance is a pro-Russian hacktivist group known for targeting industrial control systems and operational technology systems, particularly in Italy a… |
| Zarya | Zarya RU | Zarya is a pro-Russian hacktivist group that emerged in March 2022. Initially operating as a special forces unit under the command of Killnet, Zarya has since … |
| ZARYA | Zarya | Zarya is a pro-Russian hacktivist group that emerged in March 2022. Initially operating as a special forces unit under the command of Killnet, Zarya has since … |
| ZEFFSEC | ZeffSec | ZeffSec is a hacktivist collective focused on infrastructure-level disruption and exposing vulnerabilities in centralized digital networks. In March 2026, the … |
| ZeroSevenGroup | ZeroSevenGroup | ZeroSevenGroup is a threat actor that claims to have breached a U.S. branch of Toyota, stealing 240GB of sensitive data, including employee and customer inform… |
| ZEROSEVENGROUP | ZeroSevenGroup | ZeroSevenGroup is a threat actor that claims to have breached a U.S. branch of Toyota, stealing 240GB of sensitive data, including employee and customer inform… |