2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 351–400 of 2,004 · page 8 of 41
| ID | Title | Summary |
|---|---|---|
| CoughingDown | CoughingDown | CoughingDown is a threat group attributed to various cyber campaigns, including the deployment of the EAGERBEE backdoor, which utilizes service manipulation an… |
| COUGHINGDOWN | CoughingDown | CoughingDown is a threat group attributed to various cyber campaigns, including the deployment of the EAGERBEE backdoor, which utilizes service manipulation an… |
| Crimson Collective | Crimson Collective | The Crimson Collective is a cybercrime group that claimed to have compromised Red Hat's private GitHub repositories in September 2025. The group asserted it ha… |
| CRIMSON-COLLECTIVE | Crimson Collective | The Crimson Collective is a cybercrime group that claimed to have compromised Red Hat's private GitHub repositories in September 2025. The group asserted it ha… |
| CryptoChameleon | CryptoChameleon | CryptoChameleon is a cybercriminal group known for targeting cryptocurrency exchanges and users to steal digital assets, employing tactics such as VIP spear ph… |
| CRYPTOCHAMELEON | CryptoChameleon | CryptoChameleon is a cybercriminal group known for targeting cryptocurrency exchanges and users to steal digital assets, employing tactics such as VIP spear ph… |
| CRYSTALRAY | CRYSTALRAY | CRYSTALRAY is a threat actor known for leveraging open source tools like zmap and SSH-Snake to conduct widespread vulnerability scanning and exploitation. They… |
| CRYSTALRAY | CRYSTALRAY | CRYSTALRAY is a threat actor known for leveraging open source tools like zmap and SSH-Snake to conduct widespread vulnerability scanning and exploitation. They… |
| Cuboid Sandstorm | Cuboid Sandstorm IR | Cuboid Sandstorm is an Iranian threat actor that targeted an Israel-based IT company in July 2021. They gained access to the company's network and used it to c… |
| CUBOID-SANDSTORM | Cuboid Sandstorm | Cuboid Sandstorm is an Iranian threat actor that targeted an Israel-based IT company in July 2021. They gained access to the company's network and used it to c… |
| Curious Gorge | Curious Gorge CN | Curious Gorge, a group TAG attributes to China's PLA SSF, has conducted campaigns against government and military organizations in Ukraine, Russia, Kazakhstan,… |
| CURIOUS-GORGE | Curious Gorge | Curious Gorge, a group TAG attributes to China's PLA SSF, has conducted campaigns against government and military organizations in Ukraine, Russia, Kazakhstan,… |
| Curly COMrades | Curly COMrades RU | Curly COMrades is a threat actor identified by Amazon Threat Intelligence and Bitdefender, believed to operate in support of Russian interests. They employ tec… |
| CURLY-COMRADES | Curly COMrades | Curly COMrades is a threat actor identified by Amazon Threat Intelligence and Bitdefender, believed to operate in support of Russian interests. They employ tec… |
| Cutting Kitten | Cutting Kitten IR | One of the threat actors responsible for the denial of service attacks against U.S in 2012–2013. Three individuals associated with the group—believed to be hav… |
| CUTTING-KITTEN | Cutting Kitten | One of the threat actors responsible for the denial of service attacks against U.S in 2012–2013. Three individuals associated with the group—believed to be hav… |
| Cyber Alliance | Cyber Alliance UA | The Ukrainian Cyber Alliance is a pro-Ukraine hacktivist group formed in 2016, primarily targeting Russian entities since the invasion of Ukraine in 2022. They… |
| CYBER-ALLIANCE | Cyber Alliance | The Ukrainian Cyber Alliance is a pro-Ukraine hacktivist group formed in 2016, primarily targeting Russian entities since the invasion of Ukraine in 2022. They… |
| Cyber Army of Russia Reborn | Cyber Army of Russia Reborn | |
| CYBER-ARMY-OF-RUSSIA-REBORN | Cyber Army of Russia Reborn | |
| Cyber Av3ngers | Cyber Av3ngers IR | The hacktivist group ‘Cyber Av3ngers’ has historically claimed attacks on Israel’s critical infrastructures. It has been launching DDoS attacks and claiming br… |
| CYBER-AV3NGERS | Cyber Av3ngers | Cyber Av3ngers is an Iranian IRGC Cyber-Electronic Command-affiliated threat actor that targets internet-exposed operational technology and industrial control … |
| Cyber Berkut | Cyber Berkut RU | Cyber Berkut is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Cyber Berkut is a Russian-attributed threat ac… |
| CYBER-BERKUT | Cyber Berkut | |
| Cyber Caliphate Army | Cyber Caliphate Army | Cyber Caliphate Army is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Islamic State Hacking Division, CCA, United C… |
| CYBER-CALIPHATE-ARMY | Cyber Caliphate Army | |
| Cyber fighters of Izz Ad-Din Al Qassam | Cyber fighters of Izz Ad-Din Al Qassam IR | Cyber fighters of Izz Ad-Din Al Qassam is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Fraterna… |
| CYBER-FIGHTERS-OF-IZZ-AD-DIN-AL-QASSAM | Cyber fighters of Izz Ad-Din Al Qassam | |
| Cyber Islamic Resistance | Cyber Islamic Resistance IR | Cyber Islamic Resistance is a hacktivist collective ideologically aligned with Iran, engaging in operations such as website defacements, DDoS attacks, and data… |
| CYBER-ISLAMIC-RESISTANCE | Cyber Islamic Resistance | Cyber Islamic Resistance is a hacktivist collective ideologically aligned with Iran, engaging in operations such as website defacements, DDoS attacks, and data… |
| Cyber Partisans | Cyber Partisans BY | The Cyber Partisans, a hacktivist group based in Belarus, has been involved in various cyber-attacks targeting organizations and infrastructure in Belarus and … |
| CYBER-PARTISANS | Cyber Partisans | The Cyber Partisans, a hacktivist group based in Belarus, has been involved in various cyber-attacks targeting organizations and infrastructure in Belarus and … |
| Cyber Serp | Cyber Serp RU | UAC-0255 is a threat actor that conducted a phishing campaign impersonating CERT-UA to distribute the AGEWHEEZE RAT, targeting organizations in Ukraine's publi… |
| CYBER-SERP | Cyber Serp | UAC-0255 is a threat actor that conducted a phishing campaign impersonating CERT-UA to distribute the AGEWHEEZE RAT, targeting organizations in Ukraine's publi… |
| Cyber Toufan | Cyber Toufan IR | Cyber Toufan is a threat actor group that has gained prominence for its cyberattacks targeting Israeli organizations. The group's tactics suggest potential nat… |
| CYBER-TOUFAN | Cyber Toufan | Cyber Toufan is a threat actor group that has gained prominence for its cyberattacks targeting Israeli organizations. The group's tactics suggest potential nat… |
| Cyber.Anarchy.Squad | Cyber.Anarchy.Squad UA | Cyber Anarchy Squad is a pro-Ukrainian hacktivist group known for targeting Russian companies and infrastructure. They have carried out cyberattacks on Russian… |
| CYBER-ANARCHY-SQUAD | Cyber.Anarchy.Squad | Cyber Anarchy Squad is a pro-Ukrainian hacktivist group known for targeting Russian companies and infrastructure. They have carried out cyberattacks on Russian… |
| CyberNiggers | CyberNiggers | CyberNiggers is a threat group known for breaching various organizations, including the US military, federal contractors, and multinational corporations like G… |
| CYBERNIGGERS | CyberNiggers | CyberNiggers is a threat group known for breaching various organizations, including the US military, federal contractors, and multinational corporations like G… |
| DAGGER PANDA | DAGGER PANDA CN | Operate since at least 2011, from several locations in China, with members in Korea and Japan as well. Possibly linked to Onion Dog. This threat actor targets… |
| DAGGER-PANDA | DAGGER PANDA | Operate since at least 2011, from several locations in China, with members in Korea and Japan as well. Possibly linked to Onion Dog. This threat actor targets… |
| Daixin Team | Daixin Team | Daixin is a threat actor group that has been active since at least June 2022. They primarily target the healthcare and public health sector with ransomware att… |
| DAIXIN-TEAM | Daixin Team | Daixin is a threat actor group that has been active since at least June 2022. They primarily target the healthcare and public health sector with ransomware att… |
| Dalbit | Dalbit CN | The group usually targets vulnerable servers to breach information including internal data from companies or encrypts files and demands money. Their targets of… |
| DALBIT | Dalbit | The group usually targets vulnerable servers to breach information including internal data from companies or encrypts files and demands money. Their targets of… |
| Dancing Salome | Dancing Salome | Dancing Salome is the Kaspersky codename for an APT actor with a primary focus on ministries of foreign affairs, think tanks, and Ukraine. What makes Dancing S… |
| DANCING-SALOME | Dancing Salome | Dancing Salome is the Kaspersky codename for an APT actor with a primary focus on ministries of foreign affairs, think tanks, and Ukraine. What makes Dancing S… |
| DangerousSavanna | DangerousSavanna | Malicious campaign called DangerousSavanna has been targeting multiple major financial service groups in French-speaking Africa for the last two years. The thr… |
| DANGEROUSSAVANNA | DangerousSavanna | Malicious campaign called DangerousSavanna has been targeting multiple major financial service groups in French-speaking Africa for the last two years. The thr… |