All Actors
Related Incidents
Cybercrime
Cryptojacking
State-sponsored
Botnet Operators
Cloud-fluent
Name | Aliases | Attribution | Tags | Status | Targeted geography | Targeted industries |
|---|---|---|---|---|---|---|
0ktapus | ScatterSwine, UNC3944 (Mandiant), Octo Tempest (MSFT), Storm-0875 (MSFT), Scattered Spider, Muddled Libra (Unit42), LUCR-3 (Permiso) | 💰Cybercrime | ExtortionistRansomOps | Finalized | United States/North AmericaEurope | AerospaceTelecommunicationTechnologicalFinanceGamingRetail |
8220 Gang | 💰Cybercrime | Cryptojacking | Finalized | |||
Abcbot operator | 💰Cybercrime | Cryptojacking | Stub | |||
Agenda operator | Qilin, Water Galura | 💰Cybercrime | RansomOps | Finalized | AfricaAsia | Healthcare/MedicalEducation |
Albabat operator | Not started | |||||
AmberSquid | 💰Cybercrime | Cryptojacking | Finalized | |||
Andariel | Silent Chollima, Andariel, GOP, Guardian of Peace, Onyx Sleet, OperationTroy, PLUTONIUM | 🇰🇵 | State-Sponsored | Finalized | South Korea | |
APT5 | Mulberry Typhoon, MANGANESE, BRONZE FLEETWOOD, Keyhole Panda, UNC2630 | 🇨🇳 | State-Sponsored | Finalized | United States/North AmericaEuropeAsia | TelecommunicationTechnological |
APT27 | APT27 (Mandiant), Iron Tiger (TrendMicro), Emissary Panda (CS), BRONZE UNION, Budworm, Earth Smilodon, G0027, GreedyTaotie, Group 35, Iron Taurus, Lucky Mouse, Red Phoenix, TEMP.Hippo, TG-3390, ZipToken | 🇨🇳 | State-Sponsored | Finalized | EnergyMilitaryAerospaceManufactoringDiplomaticEducationTechnologicalTelecommunication | |
APT28 | IRON TWILIGHT, SNAKEMACKEREL, Swallowtail, Group 74, Sednit, Sofacy, Pawn Storm, Fancy Bear, STRONTIUM, Tsar Team, Threat Group-4127, TG-4127, Forest Blizzard, FROZENLAKE | 🇷🇺/GRU | State-Sponsored | Finalized | United States/North America | Federal agencies |
APT29 | APT29 (Mandiant), CozyBear (CS), NOBELIUM (MS), YTTRIUM (MS), UNC2452 (Mandiant), Midnight Blizzard (MS), ATK7, Blue Kitsune, BlueBravo, Cloaked Ursa, G0016, Grizzly Steppe, Group 100, IRON HEMLOCK, ITG11, Minidionis, Nobelium, SeaDuke, TA421, The Dukes, UAC-0029 | 🇷🇺/SVR | State-Sponsored | Finalized | United States/North America | MilitaryTelecommunicationTechnologicalHealthcare/MedicalDiplomatic |
APT31 | APT31 (Mandiant), Violet Typhoon (MS), Zirconium, Judgment Panda, Mustang Panda, Twill Typhoon | 🇨🇳 | State-Sponsored | Stub | Federal agenciesMilitary | |
APT34 | ATK40, Cobalt Gypsy, Crambus, EUROPIUM, Evasive Serpens, G0049, Hazel Sandstorm, Helix Kitten, IRN2, TA452, Twisted Kitten, OilRig | 🇮🇷 | Data Exfil.State-Sponsored | Stub | Middle East | GovernmentTelecommunicationEnergyFinance |
APT40 | BRONZE MOHAWK, FEVERDREAM, Leviathan, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, MUDCARP, Periscope, Temp.Periscope, Temp.Jumper | 🇨🇳 | State-SponsoredData Exfil. | Finalized | EducationGovernmentMaritimeAerospaceHealthcare/MedicalHealthcare/Medical | |
APT41 | Amoeba, BARIUM, BRONZE ATLAS, BRONZE EXPORT, Blackfly, Brass Typhoon, Earth Baku, G0044, G0096, Grayfly, HOODOO, LEAD, Red Kelpie, TA415, WICKED PANDA, WICKED SPIDER | 🇨🇳 | State-SponsoredData Exfil. | Stub | TelecommunicationHigh-techHealthcare/Medical | |
Atlas Lion | Storm-0539 (MS) | 💰Cybercrime | Stub | |||
Bapak | 🇮🇩 | Cryptojacking | Finalized | |||
Black Basta operator | 💰Cybercrime | RansomOps | Finalized | United States/North AmericaEurope | Healthcare/MedicalManufactoringFinanceEnergyEducation | |
BlackCat | 💰Cybercrime | RansomOps | Finalized | |||
Bling Libra | Not started | |||||
Bondnet | 💰Cybercrime | Botnet Operator | Stub | |||
Boolka | Stub | |||||
BrazenBamboo | Not started | |||||
C3RB3R operator | Cerber | Unknown | RansomOpsCryptojacking | Stub | ||
Charming Kitten | TA453 (Proofpoint), PHOSPHORUS, APT35 | 🇮🇷/IRGC | State-Sponsored | Finalized | United States/North AmericaEuropeMiddle East | MilitaryDiplomaticEnergyGovernment |
 | 💰Cybercrime | Botnet Operator | Stub | |||
Cl0p | RansomOps | Not started | ||||
Codefinger | Not started | |||||
CoinStomp operator | 💰Cybercrime | Cryptojacking | Stub | |||
Commando Cat | 💰Cybercrime | Cryptojacking | Stub | |||
CrazyHunter operator | Not started | |||||
Crimson Collective | Not started | |||||
CRYSTALRAY | 💰Cybercrime | Stub | ||||
Cyber Toufan | Unknown | Hacktivist | Stub | |||
DarkBit | 🇮🇷/MOIS | State-SponsoredRansomOps | Stub | |||
DarkRadiation operator | 💰Cybercrime | RansomOps | Stub | |||
Diicot | Mexals | 💰Cybercrime | Cryptojacking | Stub | ||
Doki operator | 💰Cybercrime | Botnet OperatorCryptojacking | Stub | |||
DragonForce | Not started | |||||
DragonRank | 🇨🇳 | Stub | ||||
Dreambus operator | 💰Cybercrime | Botnet OperatorCryptojacking | Featured | |||
Earth Kasha | 🇨🇳 | State-Sponsored | Finalized | AsiaEast Asia | ManufactoringHigh-techGovernmentAerospaceTechnological | |
Earth Krahang | 🇹🇷 | Stub | ||||
Earth Lamia | Not started | |||||
EC2 Grouper | Not started | |||||
EMERALDWHALE | Not started | |||||
FritzFrog operator | 💰Cybercrime | Botnet Operator | Stub | |||
Funnull | Unknown | Stub | ||||
Gafgyt operator | Botnet Operator | Finalized | ||||
GambleForce | Unknown | Data Exfil. | Stub | |||
Gelsemium | 🇨🇳 | State-Sponsored | Finalized | Middle EastEast AsiaAsia | GovernmentManufactoringEducation | |
Genesis Panda | 🇨🇳 | State-Sponsored | Finalized | TelecommunicationFinanceHigh-techTechnological | ||
Gitloker | 💰Cybercrime | Stub | ||||
GoBruteforcer operator | 💰Cybercrime | Botnet Operator | Stub | |||
GoTitan operator | 💰Cybercrime | Botnet Operator | Stub | |||
GUI-vil | p0-LUCR-1 (P0) | 💰Cybercrime | Stub | |||
Handala | HacktivistData Exfil. | Finalized | Middle East | EnergyGovernmentMilitaryEducation | ||
Hazy Hawk | Stub | |||||
HeadCrab operator | 💰Cybercrime | Botnet OperatorCryptojacking | Stub | |||
Horde Panda | Not started | |||||
IntelBroker | 💰Cybercrime | Data Exfil. | Stub | |||
JavaGhost | TGR-UNK-0011 | Not started | ||||
JINX-0126 | 💰Cybercrime | Cryptojacking | Stub | |||
JINX-0132 | Not started | |||||
JINX-2401 | 💰Cybercrime | Finalized | Unknown | Unknown | ||
Kinsing operator | 💰Cybercrime | Cryptojacking | Finalized | |||
Krasue operator | 💰Cybercrime | Stub | ||||
KryptonZambie | Barboza, robinhouse0xc4, krpzambie0xc4, robinFlexSnow, Robinhouse (telegram channel), @KryptonZambie (telegram channel), @Zshadow88606863 (Twitter account), CyberBlackMouse (Facebook account) | 💰Cybercrime | Mercenary | Finalized | United States/North AmericaIndia | |
Labrat operator | 💰Cybercrime | Cryptojacking | Stub | |||
LAPSUS$ | Strawberry Tempest (MS), DEV-0537 (MS) | 💰Cybercrime | Extortionist | Featured | ||
Lazarus Group | Labyrinth Chollima, HIDDEN COBRA, Guardians of Peace, ZINC, NICKEL ACADEMY, Diamond Sleet, APT38 | 🇰🇵 | State-Sponsored | Stub | United States/North America | AerospaceEntertainment |
LemonDuck | 💰Cybercrime | Botnet Operator | Stub | |||
Lucifer operator | 💰Cybercrime | Stub | ||||
Magnet Goblin | 💰Cybercrime | Stub | ||||
Manatee Tempest | 💰Cybercrime | Stub | ||||
Meow | 💰Cybercrime | Hacktivist | Stub | |||
Migo operator | 💰Cybercrime | Cryptojacking | Stub | |||
Mimo operator | 💰Cybercrime | Botnet OperatorCryptojacking | Stub | |||
Mirai | 💰Cybercrime | Stub | ||||
Mispadu operator | Mispadu stealer | 💰Cybercrime | Data Exfil. | Finalized | Latin America | |
Mozi Botnet operator | Botnet Operator | Stub | AsiaEast AsiaEastern Europe | |||
MuddyWater | MuddyWater (CHKP), Mango Sandstorm (MS), Mercury (MS) | 🇮🇷/MOIS | State-Sponsored | Finalized | Middle East | |
Muhstik operator | 💰Cybercrime | Botnet Operator | Stub | |||
Mustang Panda | BASIN, BRONZE PRESIDENT, Earth Preta, HoneyMyte, LuminousMoth, Polaris, Red Lich, Stately Taurus, TA416, TANTALUM, TEMP.HEX, Twill Typhoon | 🇨🇳 | State-Sponsored | Finalized | United States/North AmericaEuropeSoutheast Asia | GovernmentNon-governmental organizations (NGOs)Telecommunication |
MUT-1692 | Not started | |||||
Nickolas Sharp | 🥷Insider threat | Stub | ||||
NullBulge | Not started | |||||
P2PInfect | 💰Cybercrime | Botnet Operator | Finalized | |||
Paige Thompson | erratic | 💰Cybercrime | Stub | |||
Peach Sandstorm | APT33 (Mandiant), HOLMIUM (MS), Refined Kitten (CS), Elfin, Magic Hound | 🇮🇷/IRGC | State-Sponsored | Finalized | Middle East | PharmaceuticalMilitary |
Pioneer Kitten | Lemon Sandstorm, RUBIDIUM | 🇮🇷 | State-SponsoredRansomOps | Finalized | Middle EastUnited States/North America | FinanceHealthcare/MedicalMilitaryEducation |
Prometei operator | Botnet Operator | Not started | ||||
Prophet Spider | Gold Melody (SecureWorks) | 💰Cybercrime | RansomOps | Stub | ||
PyLoose operator | 💰Cybercrime | Cryptojacking | Stub | |||
Red Menshen | Not started | |||||
Redigo operator | 💰Cybercrime | Botnet Operator | Stub | |||
RedJuliett | Stub | |||||
RedTail operator | Stub | |||||
REF3927 | Not started | |||||
REF6138 | Not started | |||||
Rocke | 💰Cybercrime | Cryptojacking | Stub | |||
RomCom | Storm-0978 | 🇷🇺 | ExtortionistRansomOps | Stub | ||
RUBYCARP | 🇷🇴 | Botnet OperatorCryptojacking | Finalized | |||
Salt Typhoon | Earth Estries, FamousSparrow, GhostEmperor, UNC2286 | 🇨🇳 | State-Sponsored | Finalized | United States/North AmericaSoutheast AsiaAfrica | TechnologicalGovernmentTelecommunication |
Sandworm | 🇷🇺/GRU | State-Sponsored | Stub | |||
ScarletEel | 💰Cybercrime | Data Exfil.Cryptojacking | Finalized | |||
Seashell Blizzard | Not started | |||||
SeaTurtle | Cosmic Wolf (Talos), Teal Kurma, Silicon, UNC1326 | 🇹🇷 | State-Sponsored | Stub | ||
ShadowSyndicate | ShadowSyndicate (Group-IB), Infra Storm (Group-IB) | 💰Cybercrime | RansomOpsExtortionist | Finalized | ||
Silent Skimmer | Not started | |||||
SilentBob | SilentBob (Permiso) | 💰Cybercrime | Cryptojacking | Stub | ||
Silk Typhoon | HAFNIUM, Murky Panda | 🇨🇳 | State-SponsoredData Exfil. | Finalized | United States/North AmericaSoutheast AsiaLatin AmericaEurope | GovernmentNon-governmental organizations (NGOs)Telecommunication |
Siloscape operator | Unknown | Stub | ||||
SkidMap operator | 💰Cybercrime | Cryptojacking | Stub | |||
SmoothOperator | Labyrinth Chollima (CS), UNC4736 (Mandiant) | 🇰🇵 | State-Sponsored | Stub | ||
Storm-0501 | Not started | |||||
Storm-0506 | Stub | |||||
Storm-0558 | Storm-0558 (MS) | 🇨🇳 | State-Sponsored | Stub | ||
Storm-1175 | Stub | |||||
Storm-1283 | Storm-1283 (MS) | Unknown | Stub | |||
STORM-1849 | UAT4356 | 🇨🇳 | State-SponsoredData Exfil. | Finalized | Government | |
Storm-1977 | Not started | |||||
Sysrv botnet operator | Not started | |||||
TargetCompany | Mallox | 💰Cybercrime | RansomOps | Finalized | ||
TeamTNT | Adept Libra (PA) | 💰Cybercrime | Cryptojacking | Featured | ||
TellYouThePass Gang | 💰Cybercrime | RansomOps | Finalized | |||
TGR-CRI-0045 | Not started | |||||
TraderTraitor | UNC4899, Jade Sleet | 🇰🇵 | State-SponsoredCryptojacking | Finalized | FinanceCryptocurrency trade | |
Trigona operator | 💰Cybercrime | RansomOps | Finalized | |||
TRIPLESTRENGTH | Not started | |||||
UAT-7237 | 🇨🇳 | State-Sponsored | Stub | |||
UNC1860 | Scarred Manticore, HTTPSnoop | 🇮🇷/MOIS | State-Sponsored | Finalized | ||
UNC2165 | Not started | |||||
UNC2903 | UNC2903 (Mandiant) | 💰Cybercrime | Stub | |||
UNC2970 | UNC2970 (Mandiant) | 🇰🇵 | State-Sponsored | Stub | ||
UNC3379 | Cryptojacking | Stub | ||||
UNC3886 | UNC3886 (Mandiant) | 🇨🇳 | State-Sponsored | Stub | ||
UNC4841 | UNC4841 (Mandiant) | 🇨🇳 | Stub | |||
UNC5174 | Uteus | 🇨🇳 | State-SponsoredHacktivist | Finalized | ||
UNC5221 | 🇨🇳 | Stub | ||||
UNC5537 | Stub | |||||
UNC5820 | Stub | |||||
UNC6395 | Not started | |||||
UTG-Q-008 | Not started | |||||
UTG-Q-015 | Not started | |||||
Volt Typhoon | Insidious Taurus (PA), Vanguard Panda, DEV-0391 | 🇨🇳 | State-Sponsored | Finalized | United States/North America | TelecommunicationEnergy |
Warlock operator | Not started | |||||
WatchDog | 💰Cybercrime | Cryptojacking | Stub | |||
Water Hydra | DarkCasino | 💰Cybercrime | State-SponsoredData Exfil. | Finalized | ||
Weaver Ant | Not started | |||||
Windigo operator | Not started | |||||
Winnti | APT17 | 🇨🇳 | Stub | Gaming | ||
Xanthe operator | 💰Cybercrime | Cryptojacking | Stub | |||
z0miner | 💰Cybercrime | Cryptojacking | Stub | |||
Not started |