2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 251–300 of 2,004 · page 6 of 41
| ID | Title | Summary |
|---|---|---|
| BYTETOBREACH | ByteToBreach | ByteToBreach is a prolific cybercriminal who operates across multiple platforms, including DarkForums and Telegram, and has been active since at least June 202… |
| Cadelle | Cadelle IR | Symantec telemetry identified Cadelle and Chafer activity dating from as far back as July 2014, however, it’s likely that activity began well before this date.… |
| CADELLE | Cadelle | Symantec telemetry identified Cadelle and Chafer activity dating from as far back as July 2014, however, it’s likely that activity began well before this date.… |
| Caliente Bandits | Caliente Bandits | Caliente Bandits is a highly active threat group that targets multiple industries, including finance and entertainment. They distribute the Bandook remote acce… |
| CALIENTE-BANDITS | Caliente Bandits | Caliente Bandits is a highly active threat group that targets multiple industries, including finance and entertainment. They distribute the Bandook remote acce… |
| Callisto | Callisto RU | The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and… |
| CALLISTO | Callisto | The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and… |
| Calypso | Calypso | For the first time, the activity of the Calypso group was detected by specialists of PT Expert Security Center in March 2019, during the work to detect cyber t… |
| CALYPSO | Calypso | For the first time, the activity of the Calypso group was detected by specialists of PT Expert Security Center in March 2019, during the work to detect cyber t… |
| Camaro Dragon | Camaro Dragon CN | In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tool… |
| CAMARO-DRAGON | Camaro Dragon | In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tool… |
| Caracal Kitten | Caracal Kitten | Caracal Kitten is an APT group that has been targeting activists associated with the Kurdistan Democratic Party. They employ a mobile remote access Trojan to g… |
| CARACAL-KITTEN | Caracal Kitten | Caracal Kitten is an APT group that has been targeting activists associated with the Kurdistan Democratic Party. They employ a mobile remote access Trojan to g… |
| Caramel Tsunami | Caramel Tsunami | Caramel Tsunami is a threat actor that specializes in spyware attacks. They have recently resurfaced with an updated toolset and zero-day exploits, targeting s… |
| CARAMEL-TSUNAMI | Caramel Tsunami | Caramel Tsunami is a threat actor that specializes in spyware attacks. They have recently resurfaced with an updated toolset and zero-day exploits, targeting s… |
| Carderbee | Carderbee | Symantec recently reported on activity attributed to a threat actor group dubbed Carderbee. In the campaign, the threat actors target entities in Hong Kong and… |
| CARDERBEE | Carderbee | Symantec recently reported on activity attributed to a threat actor group dubbed Carderbee. In the campaign, the threat actors target entities in Hong Kong and… |
| CardinalLizard | CardinalLizard CN | CardinalLizard, a cyber threat actor linked to China, has targeted entities in Asia since 2018. Their methods include spear-phishing, custom malware with anti-… |
| CARDINALLIZARD | CardinalLizard | CardinalLizard, a cyber threat actor linked to China, has targeted entities in Asia since 2018. Their methods include spear-phishing, custom malware with anti-… |
| Careto | Careto ES | This threat actor targets governments, diplomatic missions, private companies in the energy sector, and academics for espionage purposes. The Mask is an advanc… |
| CARETO | Careto | This threat actor targets governments, diplomatic missions, private companies in the energy sector, and academics for espionage purposes. The Mask is an advanc… |
| Carmine Tsunami | Carmine Tsunami IL | Carmine Tsunami is a threat actor linked to an Israel-based private sector offensive actor called QuaDream. QuaDream sells a platform called REIGN to governmen… |
| CARMINE-TSUNAMI | Carmine Tsunami | Carmine Tsunami is a threat actor linked to an Israel-based private sector offensive actor called QuaDream. QuaDream sells a platform called REIGN to governmen… |
| CashRewindo | CashRewindo | CashRewindo is a sophisticated threat actor leveraging aged domains in global malvertising campaigns to direct victims to investment scam sites. The group empl… |
| CASHREWINDO | CashRewindo | CashRewindo is a sophisticated threat actor leveraging aged domains in global malvertising campaigns to direct victims to investment scam sites. The group empl… |
| CeranaKeeper | CeranaKeeper CN | CeranaKeeper is a China-aligned APT that has been active since at least early 2022, primarily targeting governmental institutions in Asian countries. The group… |
| CERANAKEEPER | CeranaKeeper | CeranaKeeper is a China-aligned APT that has been active since at least early 2022, primarily targeting governmental institutions in Asian countries. The group… |
| ChainedShark | ChainedShark | ChainedShark is an APT group targeting China's scientific research sector, particularly professionals in international relations and marine technology, with th… |
| CHAINEDSHARK | ChainedShark | ChainedShark is an APT group targeting China's scientific research sector, particularly professionals in international relations and marine technology, with th… |
| Chamelgang | Chamelgang | In Q2 2021, the PT Expert Security Center incident response team conducted an investigation in an energy company. The investigation revealed that the company's… |
| CHAMELGANG | Chamelgang | In Q2 2021, the PT Expert Security Center incident response team conducted an investigation in an energy company. The investigation revealed that the company's… |
| Charming Kitten | Charming Kitten IR | Charming Kitten is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Newscaster, Parastoo, iKittens … |
| CHARMING-KITTEN | Charming Kitten | Charming Kitten (aka Parastoo, aka Newscaster) is an group with a suspected nexus to Iran that targets organizations involved in government, defense technology… |
| Chaya_004 | Chaya_004 CN | Chaya_004 is a Chinese threat actor identified through malicious infrastructure, including a network of servers hosting Supershell backdoors and various pen te… |
| CHAYA-004 | Chaya_004 | Chaya_004 is a Chinese threat actor identified through malicious infrastructure, including a network of servers hosting Supershell backdoors and various pen te… |
| Chernovite | Chernovite RU | Chernovite is a highly capable and sophisticated threat actor group that has developed a modular ICS malware framework called PIPEDREAM. They are known for tar… |
| CHERNOVITE | Chernovite | Chernovite is a highly capable and sophisticated threat actor group that has developed a modular ICS malware framework called PIPEDREAM. They are known for tar… |
| CHRONUS-GROUP | Chronus Group | Chronus Team is a hacktivist group known for defacement attacks and data leaks, primarily targeting public-sector organizations in Mexico. They have been linke… |
| CHRYSENE | CHRYSENE | Adversaries abusing ICS (based on Dragos Inc adversary list). This threat actor targets organizations involved in oil, gas, and electricity production, primari… |
| CHRYSENE | CHRYSENE | Adversaries abusing ICS (based on Dragos Inc adversary list). This threat actor targets organizations involved in oil, gas, and electricity production, primari… |
| CiberInteligenciaSV | CiberInteligenciaSV | CiberInteligenciaSV is a threat actor that leaked 5.1 million Salvadoran records on Breach Forums. They have also compromised El Salvador's state Bitcoin walle… |
| CIBERINTELIGENCIASV | CiberInteligenciaSV | CiberInteligenciaSV is a threat actor that leaked 5.1 million Salvadoran records on Breach Forums. They have also compromised El Salvador's state Bitcoin walle… |
| CIRCUS SPIDER | CIRCUS SPIDER RU | According to Crowdstrike, the NetWalker ransomware is being developed and maintained by a Russian-speaking actor designated as CIRCUS SPIDER. Initially discove… |
| CIRCUS-SPIDER | CIRCUS SPIDER | According to Crowdstrike, the NetWalker ransomware is being developed and maintained by a Russian-speaking actor designated as CIRCUS SPIDER. Initially discove… |
| CL-STA-0043 | CL-STA-0043 | CL-STA-0043 is a highly skilled and sophisticated threat actor, believed to be a nation-state, targeting governmental entities in the Middle East and Africa. T… |
| CL-STA-0043 | CL-STA-0043 | CL-STA-0043 is a highly skilled and sophisticated threat actor, believed to be a nation-state, targeting governmental entities in the Middle East and Africa. T… |
| CL-STA-0048 | CL-STA-0048 CN | CL-STA-0048 is a Chinese state-backed APT that targets strategic sectors in South Asia, particularly government and telecommunications entities, with a focus o… |
| CL-STA-0048 | CL-STA-0048 | CL-STA-0048 is a Chinese state-backed APT that targets strategic sectors in South Asia, particularly government and telecommunications entities, with a focus o… |
| CL-STA-1009 | CL-STA-1009 | CL-STA-1009 is a threat activity cluster associated with a suspected nation-state actor utilizing the Airstalk malware family, which includes both PowerShell a… |
| CL-STA-1009 | CL-STA-1009 | CL-STA-1009 is a threat activity cluster associated with a suspected nation-state actor utilizing the Airstalk malware family, which includes both PowerShell a… |