Actors

Threat actors pursuing cyber activity against cloud environments

Name	Aliases	Attribution	Tags	Status	Targeted geography	Targeted industries
🐙 0ktapus	ScatterSwine, UNC3944 (Mandiant), Octo Tempest (MSFT), Storm-0875 (MSFT), Scattered Spider, Muddled Libra (Unit42), LUCR-3 (Permiso)	💰Cybercrime	ExtortionistRansomOps	Finalized	United States/North AmericaEurope	AerospaceTelecommunicationTechnologicalFinanceGamingRetail
8️⃣ 8220 Gang		💰Cybercrime	Cryptojacking	Finalized
🔤 Abcbot operator		💰Cybercrime	Cryptojacking	Stub
📓 Agenda operator	Qilin, Water Galura	💰Cybercrime	RansomOps	Finalized	AfricaAsia	Healthcare/MedicalEducation
Albabat operator				Not started
🦑 AmberSquid		💰Cybercrime	Cryptojacking	Finalized
👿 Andariel	Silent Chollima, Andariel, GOP, Guardian of Peace, Onyx Sleet, OperationTroy, PLUTONIUM	🇰🇵	State-Sponsored	Finalized	South Korea
🫐 APT5	Mulberry Typhoon, MANGANESE, BRONZE FLEETWOOD, Keyhole Panda, UNC2630	🇨🇳	State-Sponsored	Finalized	United States/North AmericaEuropeAsia	TelecommunicationTechnological
🐯 APT27	APT27 (Mandiant), Iron Tiger (TrendMicro), Emissary Panda (CS), BRONZE UNION, Budworm, Earth Smilodon, G0027, GreedyTaotie, Group 35, Iron Taurus, Lucky Mouse, Red Phoenix, TEMP.Hippo, TG-3390, ZipToken	🇨🇳	State-Sponsored	Finalized		EnergyMilitaryAerospaceManufactoringDiplomaticEducationTechnologicalTelecommunication
🧸 APT28	IRON TWILIGHT, SNAKEMACKEREL, Swallowtail, Group 74, Sednit, Sofacy, Pawn Storm, Fancy Bear, STRONTIUM, Tsar Team, Threat Group-4127, TG-4127, Forest Blizzard, FROZENLAKE	🇷🇺/GRU	State-Sponsored	Finalized	United States/North America	Federal agencies
🐻 APT29	APT29 (Mandiant), CozyBear (CS), NOBELIUM (MS), YTTRIUM (MS), UNC2452 (Mandiant), Midnight Blizzard (MS), ATK7, Blue Kitsune, BlueBravo, Cloaked Ursa, G0016, Grizzly Steppe, Group 100, IRON HEMLOCK, ITG11, Minidionis, Nobelium, SeaDuke, TA421, The Dukes, UAC-0029	🇷🇺/SVR	State-Sponsored	Finalized	United States/North America	MilitaryTelecommunicationTechnologicalHealthcare/MedicalDiplomatic
⚖️ APT31	APT31 (Mandiant), Violet Typhoon (MS), Zirconium, Judgment Panda, Mustang Panda, Twill Typhoon	🇨🇳	State-Sponsored	Stub		Federal agenciesMilitary
🕵️ APT34	ATK40, Cobalt Gypsy, Crambus, EUROPIUM, Evasive Serpens, G0049, Hazel Sandstorm, Helix Kitten, IRN2, TA452, Twisted Kitten, OilRig	🇮🇷	Data Exfil.State-Sponsored	Stub	Middle East	GovernmentTelecommunicationEnergyFinance
🐋 APT40	BRONZE MOHAWK, FEVERDREAM, Leviathan, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, MUDCARP, Periscope, Temp.Periscope, Temp.Jumper	🇨🇳	State-SponsoredData Exfil.	Finalized		EducationGovernmentMaritimeAerospaceHealthcare/MedicalHealthcare/Medical
🦠 APT41	Amoeba, BARIUM, BRONZE ATLAS, BRONZE EXPORT, Blackfly, Brass Typhoon, Earth Baku, G0044, G0096, Grayfly, HOODOO, LEAD, Red Kelpie, TA415, WICKED PANDA, WICKED SPIDER	🇨🇳	State-SponsoredData Exfil.	Stub		TelecommunicationHigh-techHealthcare/Medical
🦁 Atlas Lion	Storm-0539 (MS)	💰Cybercrime		Stub
👨🏻 Bapak		🇮🇩	Cryptojacking	Finalized
Black Basta operator		💰Cybercrime	RansomOps	Finalized	United States/North AmericaEurope	Healthcare/MedicalManufactoringFinanceEnergyEducation
🐈‍⬛ BlackCat		💰Cybercrime	RansomOps	Finalized
🪙 Bling Libra				Not started
Bondnet		💰Cybercrime	Botnet Operator	Stub
Boolka				Stub
🎍 BrazenBamboo				Not started
🧸 C3RB3R operator	Cerber	Unknown	RansomOpsCryptojacking	Stub
🐱 Charming Kitten	TA453 (Proofpoint), PHOSPHORUS, APT35	🇮🇷/IRGC	State-Sponsored	Finalized	United States/North AmericaEuropeMiddle East	MilitaryDiplomaticEnergyGovernment
ChinaZ		💰Cybercrime	Botnet Operator	Stub
0️⃣ Cl0p			RansomOps	Not started
Codefinger				Not started
🪙 CoinStomp operator		💰Cybercrime	Cryptojacking	Stub
😼 Commando Cat		💰Cybercrime	Cryptojacking	Stub
CrazyHunter operator				Not started
Crimson Collective				Not started
💠 CRYSTALRAY		💰Cybercrime		Stub
🍬 Cyber Toufan		Unknown	Hacktivist	Stub
🕶️ DarkBit		🇮🇷/MOIS	State-SponsoredRansomOps	Stub
☢️ DarkRadiation operator		💰Cybercrime	RansomOps	Stub
Diicot	Mexals	💰Cybercrime	Cryptojacking	Stub
⛵ Doki operator		💰Cybercrime	Botnet OperatorCryptojacking	Stub
DragonForce				Not started
🐲 DragonRank		🇨🇳		Stub
🚌 Dreambus operator		💰Cybercrime	Botnet OperatorCryptojacking	Featured
🌏 Earth Kasha		🇨🇳	State-Sponsored	Finalized	AsiaEast Asia	ManufactoringHigh-techGovernmentAerospaceTechnological
🌍 Earth Krahang		🇹🇷		Stub
Earth Lamia				Not started
EC2 Grouper				Not started
EMERALDWHALE				Not started
🐸 FritzFrog operator		💰Cybercrime	Botnet Operator	Stub
FulcrumSec				Not started
🏓 Funnull		Unknown		Stub
🤖 Gafgyt operator			Botnet Operator	Finalized
🎲 GambleForce		Unknown	Data Exfil.	Stub
🌼 Gelsemium		🇨🇳	State-Sponsored	Finalized	Middle EastEast AsiaAsia	GovernmentManufactoringEducation
🧬 Genesis Panda		🇨🇳	State-Sponsored	Finalized		TelecommunicationFinanceHigh-techTechnological
Gitloker		💰Cybercrime		Stub
🚦 GoBruteforcer operator		💰Cybercrime	Botnet Operator	Stub
💢 GoTitan operator		💰Cybercrime	Botnet Operator	Stub
🖥️ GUI-vil	p0-LUCR-1 (P0)	💰Cybercrime		Stub
Handala			HacktivistData Exfil.	Finalized	Middle East	EnergyGovernmentMilitaryEducation
🦅 Hazy Hawk				Stub
🦀 HeadCrab operator		💰Cybercrime	Botnet OperatorCryptojacking	Stub
Hecker				Not started
🐼 Horde Panda				Not started
🕵️ IntelBroker		💰Cybercrime	Data Exfil.	Stub
🪙 IronErn440				Not started
JavaGhost	TGR-UNK-0011	💰Cybercrime		Stub
🐘 JINX-0126		💰Cybercrime	Cryptojacking	Stub
JINX-0132				Not started
🔮 JINX-2401		💰Cybercrime		Finalized	Unknown	Unknown
👑 Kinsing operator		💰Cybercrime	Cryptojacking	Finalized
👻 Krasue operator		💰Cybercrime		Stub
🧟‍♂️ KryptonZambie	Barboza, robinhouse0xc4, krpzambie0xc4, robinFlexSnow, Robinhouse (telegram channel), @KryptonZambie (telegram channel), @Zshadow88606863 (Twitter account), CyberBlackMouse (Facebook account)	💰Cybercrime	Mercenary	Finalized	United States/North AmericaIndia
🐀 Labrat operator		💰Cybercrime	Cryptojacking	Stub
🫗 LAPSUS$	Strawberry Tempest (MS), DEV-0537 (MS)	💰Cybercrime	Extortionist	Featured
⚰️ Lazarus Group	Labyrinth Chollima, HIDDEN COBRA, Guardians of Peace, ZINC, NICKEL ACADEMY, Diamond Sleet, APT38	🇰🇵	State-Sponsored	Stub	United States/North America	AerospaceEntertainment
🍋 LemonDuck		💰Cybercrime	Botnet Operator	Stub
😈 Lucifer operator		💰Cybercrime		Stub
👺 Magnet Goblin		💰Cybercrime		Stub
🦭 Manatee Tempest		💰Cybercrime		Stub
😿 Meow		💰Cybercrime	Hacktivist	Stub
🏁 Migo operator		💰Cybercrime	Cryptojacking	Stub
📝 Mimo operator		💰Cybercrime	Botnet OperatorCryptojacking	Stub
🪞 Mirai		💰Cybercrime		Stub
🏦 Mispadu operator	Mispadu stealer	💰Cybercrime	Data Exfil.	Finalized	Latin America
🦟 Mozi Botnet operator			Botnet Operator	Stub	AsiaEast AsiaEastern Europe
💧 MuddyWater	MuddyWater (CHKP), Mango Sandstorm (MS), Mercury (MS)	🇮🇷/MOIS	State-Sponsored	Finalized	Middle East
🍥 Muhstik operator		💰Cybercrime	Botnet Operator	Stub
🏎️ Mustang Panda	BASIN, BRONZE PRESIDENT, Earth Preta, HoneyMyte, LuminousMoth, Polaris, Red Lich, Stately Taurus, TA416, TANTALUM, TEMP.HEX, Twill Typhoon	🇨🇳	State-Sponsored	Finalized	United States/North AmericaEuropeSoutheast Asia	GovernmentNon-governmental organizations (NGOs)Telecommunication
MUT-1692				Not started
📄 Nickolas Sharp		🥷Insider threat		Stub
NullBulge				Not started
🦠 P2PInfect		💰Cybercrime	Botnet Operator	Finalized
📄 Paige Thompson	erratic	💰Cybercrime		Stub
🍑 Peach Sandstorm	APT33 (Mandiant), HOLMIUM (MS), Refined Kitten (CS), Elfin, Magic Hound	🇮🇷/IRGC	State-Sponsored	Finalized	Middle East	PharmaceuticalMilitary
🐱 Pioneer Kitten	Lemon Sandstorm, RUBIDIUM	🇮🇷	State-SponsoredRansomOps	Finalized	Middle EastUnited States/North America	FinanceHealthcare/MedicalMilitaryEducation
🔥 Prometei operator			Botnet Operator	Not started
🕷️ Prophet Spider	Gold Melody (SecureWorks)	💰Cybercrime	RansomOps	Stub
🧵 PyLoose operator		💰Cybercrime	Cryptojacking	Stub
Red Menshen				Not started
🍎 Redigo operator		💰Cybercrime	Botnet Operator	Stub
💃 RedJuliett				Stub
🍒 RedTail operator				Stub
REF3927				Not started
🎰 REF6138				Not started
🪨 Rocke		💰Cybercrime	Cryptojacking	Stub
💒 RomCom	Storm-0978	🇷🇺	ExtortionistRansomOps	Stub
🎏 RUBYCARP		🇷🇴	Botnet OperatorCryptojacking	Finalized
🌊 Salt Typhoon	Earth Estries, FamousSparrow, GhostEmperor, UNC2286	🇨🇳	State-Sponsored	Finalized	United States/North AmericaSoutheast AsiaAfrica	TechnologicalGovernmentTelecommunication
🐛 Sandworm		🇷🇺/GRU	State-Sponsored	Stub
🐍 ScarletEel		💰Cybercrime	Data Exfil.Cryptojacking	Finalized
Seashell Blizzard				Not started
🐢 SeaTurtle	Cosmic Wolf (Talos), Teal Kurma, Silicon, UNC1326	🇹🇷	State-Sponsored	Stub
🌒 ShadowSyndicate	ShadowSyndicate (Group-IB), Infra Storm (Group-IB)	💰Cybercrime	RansomOpsExtortionist	Finalized
🔇 Silent Skimmer				Not started
🔇 SilentBob	SilentBob (Permiso)	💰Cybercrime	Cryptojacking	Stub
🌀 Silk Typhoon	HAFNIUM, Murky Panda	🇨🇳	State-SponsoredData Exfil.	Finalized	United States/North AmericaSoutheast AsiaLatin AmericaEurope	GovernmentNon-governmental organizations (NGOs)Telecommunication
⛏️ Siloscape operator		Unknown		Stub
🗺️ SkidMap operator		💰Cybercrime	Cryptojacking	Stub
💿 SmoothOperator	Labyrinth Chollima (CS), UNC4736 (Mandiant)	🇰🇵	State-Sponsored	Stub
SSHStalker				Not started
🌩️ Storm-0501				Not started
🌩️ Storm-0506				Stub
🌩️ Storm-0558	Storm-0558 (MS)	🇨🇳	State-Sponsored	Stub
🌩️ Storm-1175				Stub
🌩️ Storm-1283	Storm-1283 (MS)	Unknown		Stub
🌩️ STORM-1849	UAT4356	🇨🇳	State-SponsoredData Exfil.	Finalized		Government
Storm-1977				Not started
Sysrv botnet operator				Not started
🏣 TargetCompany	Mallox	💰Cybercrime	RansomOps	Finalized
TeamPCP	PCPcat, ShellForce, DeadCatx3, CipherForce	💰Cybercrime		Stub
💣 TeamTNT	Adept Libra (PA)	💰Cybercrime	Cryptojacking	Featured
🎫 TellYouThePass Gang		💰Cybercrime	RansomOps	Finalized
TGR-CRI-0045				Not started
💰 TraderTraitor	UNC4899, Jade Sleet	🇰🇵	State-SponsoredCryptojacking	Finalized		FinanceCryptocurrency trade
📐 Trigona operator		💰Cybercrime	RansomOps	Finalized
TRIPLESTRENGTH				Not started
🧸 UAT-7237		🇨🇳	State-Sponsored	Stub
UAT-9686				Not started
UNC1069				Not started
💡 UNC1860	Scarred Manticore, HTTPSnoop	🇮🇷/MOIS	State-Sponsored	Finalized
UNC2165				Not started
💡 UNC2903	UNC2903 (Mandiant)	💰Cybercrime		Stub
💡 UNC2970	UNC2970 (Mandiant)	🇰🇵	State-Sponsored	Stub
💡 UNC3379			Cryptojacking	Stub
💡 UNC3886	UNC3886 (Mandiant)	🇨🇳	State-Sponsored	Stub
💡 UNC4841	UNC4841 (Mandiant)	🇨🇳		Stub
💡 UNC5174	Uteus	🇨🇳	State-SponsoredHacktivist	Finalized
💡 UNC5221		🇨🇳		Stub
💡 UNC5537				Stub
💡 UNC5820				Stub
💡 UNC6395				Not started
UNC6426				Not started
UNC6485				Not started
UTG-Q-008				Not started
UTG-Q-015				Not started
🔗 VoidLink operator				Not started
🌀 Volt Typhoon	Insidious Taurus (PA), Vanguard Panda, DEV-0391	🇨🇳	State-Sponsored	Finalized	United States/North America	TelecommunicationEnergy
Warlock operator				Not started
🐶 WatchDog		💰Cybercrime	Cryptojacking	Stub
🐉 Water Hydra	DarkCasino	💰Cybercrime	State-SponsoredData Exfil.	Finalized
Weaver Ant				Not started
Windigo operator				Not started
🏆 Winnti	APT17	🇨🇳		Stub		Gaming
👱‍♀️ Xanthe operator		💰Cybercrime	Cryptojacking	Stub
0️⃣ z0miner		💰Cybercrime	Cryptojacking	Stub
				Not started

Name

Aliases

Attribution

Tags

Status

Targeted geography

Targeted industries

🐙

0ktapus

ScatterSwine, UNC3944 (Mandiant), Octo Tempest (MSFT), Storm-0875 (MSFT), Scattered Spider, Muddled Libra (Unit42), LUCR-3 (Permiso)

💰Cybercrime

ExtortionistRansomOps

Finalized

United States/North AmericaEurope

AerospaceTelecommunicationTechnologicalFinanceGamingRetail

8️⃣

8220 Gang

💰Cybercrime

Cryptojacking

Finalized

🔤

Abcbot operator

💰Cybercrime

Cryptojacking

Stub

📓

Agenda operator

Qilin, Water Galura

💰Cybercrime

RansomOps

Finalized

AfricaAsia

Healthcare/MedicalEducation

Albabat operator

Not started

🦑

AmberSquid

💰Cybercrime

Cryptojacking

Finalized

👿

Andariel

Silent Chollima, Andariel, GOP, Guardian of Peace, Onyx Sleet, OperationTroy, PLUTONIUM

🇰🇵

State-Sponsored

Finalized

South Korea

🫐

APT5

Mulberry Typhoon, MANGANESE, BRONZE FLEETWOOD, Keyhole Panda, UNC2630

🇨🇳

State-Sponsored

Finalized

United States/North AmericaEuropeAsia

TelecommunicationTechnological

🐯

APT27

APT27 (Mandiant), Iron Tiger (TrendMicro), Emissary Panda (CS), BRONZE UNION, Budworm, Earth Smilodon, G0027, GreedyTaotie, Group 35, Iron Taurus, Lucky Mouse, Red Phoenix, TEMP.Hippo, TG-3390, ZipToken

🇨🇳

State-Sponsored

Finalized

EnergyMilitaryAerospaceManufactoringDiplomaticEducationTechnologicalTelecommunication

🧸

APT28

IRON TWILIGHT, SNAKEMACKEREL, Swallowtail, Group 74, Sednit, Sofacy, Pawn Storm, Fancy Bear, STRONTIUM, Tsar Team, Threat Group-4127, TG-4127, Forest Blizzard, FROZENLAKE

🇷🇺/GRU

State-Sponsored

Finalized

United States/North America

Federal agencies

🐻

APT29

APT29 (Mandiant), CozyBear (CS), NOBELIUM (MS), YTTRIUM (MS), UNC2452 (Mandiant), Midnight Blizzard (MS), ATK7, Blue Kitsune, BlueBravo, Cloaked Ursa, G0016, Grizzly Steppe, Group 100, IRON HEMLOCK, ITG11, Minidionis, Nobelium, SeaDuke, TA421, The Dukes, UAC-0029

🇷🇺/SVR

State-Sponsored

Finalized

United States/North America

MilitaryTelecommunicationTechnologicalHealthcare/MedicalDiplomatic

⚖️

APT31

APT31 (Mandiant), Violet Typhoon (MS), Zirconium, Judgment Panda, Mustang Panda, Twill Typhoon

🇨🇳

State-Sponsored

Stub

Federal agenciesMilitary

🕵️

APT34

ATK40, Cobalt Gypsy, Crambus, EUROPIUM, Evasive Serpens, G0049, Hazel Sandstorm, Helix Kitten, IRN2, TA452, Twisted Kitten, OilRig

🇮🇷

Data Exfil.State-Sponsored

Stub

Middle East

GovernmentTelecommunicationEnergyFinance

🐋

APT40

BRONZE MOHAWK, FEVERDREAM, Leviathan, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, MUDCARP, Periscope, Temp.Periscope, Temp.Jumper

🇨🇳

State-SponsoredData Exfil.

Finalized

EducationGovernmentMaritimeAerospaceHealthcare/MedicalHealthcare/Medical

🦠

APT41

Amoeba, BARIUM, BRONZE ATLAS, BRONZE EXPORT, Blackfly, Brass Typhoon, Earth Baku, G0044, G0096, Grayfly, HOODOO, LEAD, Red Kelpie, TA415, WICKED PANDA, WICKED SPIDER

🇨🇳

State-SponsoredData Exfil.

Stub

TelecommunicationHigh-techHealthcare/Medical

🦁

Atlas Lion

Storm-0539 (MS)

💰Cybercrime

Stub

👨🏻

Bapak

🇮🇩

Cryptojacking

Finalized

Black Basta operator

💰Cybercrime

RansomOps

Finalized

United States/North AmericaEurope

Healthcare/MedicalManufactoringFinanceEnergyEducation

🐈‍⬛

BlackCat

💰Cybercrime

RansomOps

Finalized

🪙

Bling Libra

Not started

Bondnet

💰Cybercrime

Botnet Operator

Stub

Stub

Not started

Cerber

Unknown

RansomOpsCryptojacking

Stub

🐱

Charming Kitten

TA453 (Proofpoint), PHOSPHORUS, APT35

🇮🇷/IRGC

State-Sponsored

Finalized

United States/North AmericaEuropeMiddle East

MilitaryDiplomaticEnergyGovernment

ChinaZ

💰Cybercrime

Botnet Operator

Stub

0️⃣

Cl0p

RansomOps

Not started

Codefinger

Not started

🪙

CoinStomp operator

💰Cybercrime

Cryptojacking

Stub

😼

Commando Cat

💰Cybercrime

Cryptojacking

Stub

Not started

Not started

💰Cybercrime

Stub

🍬

Cyber Toufan

Unknown

Hacktivist

Stub

🕶️

DarkBit

🇮🇷/MOIS

State-SponsoredRansomOps

Stub

☢️

DarkRadiation operator

💰Cybercrime

RansomOps

Stub

Diicot

Mexals

💰Cybercrime

Cryptojacking

Stub

⛵

Doki operator

💰Cybercrime

Botnet OperatorCryptojacking

Stub

DragonForce

Not started

🐲

DragonRank

🇨🇳

Stub

🚌

Dreambus operator

💰Cybercrime

Botnet OperatorCryptojacking

Featured

🌏

Earth Kasha

🇨🇳

State-Sponsored

Finalized

AsiaEast Asia

ManufactoringHigh-techGovernmentAerospaceTechnological

🌍

Earth Krahang

🇹🇷

Stub

Not started

Not started

Not started

💰Cybercrime

Botnet Operator

Stub

FulcrumSec

Not started

🏓

Funnull

Unknown

Stub

🤖

Gafgyt operator

Botnet Operator

Finalized

🎲

GambleForce

Unknown

Data Exfil.

Stub

🌼

Gelsemium

🇨🇳

State-Sponsored

Finalized

Middle EastEast AsiaAsia

GovernmentManufactoringEducation

🧬

Genesis Panda

🇨🇳

State-Sponsored

Finalized

TelecommunicationFinanceHigh-techTechnological

Gitloker

💰Cybercrime

Stub

🚦

GoBruteforcer operator

💰Cybercrime

Botnet Operator

Stub

💢

GoTitan operator

💰Cybercrime

Botnet Operator

Stub

🖥️

GUI-vil

p0-LUCR-1 (P0)

💰Cybercrime

Stub

Handala

HacktivistData Exfil.

Finalized

Middle East

EnergyGovernmentMilitaryEducation

Stub

💰Cybercrime

Botnet OperatorCryptojacking

Stub

Not started

Not started

💰Cybercrime

Data Exfil.

Stub

🪙

IronErn440

Not started

JavaGhost

TGR-UNK-0011

💰Cybercrime

Stub

🐘

JINX-0126

💰Cybercrime

Cryptojacking

Stub

JINX-0132

Not started

🔮

JINX-2401

💰Cybercrime

Finalized

Unknown

👑

Kinsing operator

💰Cybercrime

Cryptojacking

Finalized

👻

Krasue operator

💰Cybercrime

Stub

🧟‍♂️

KryptonZambie

Barboza, robinhouse0xc4, krpzambie0xc4, robinFlexSnow, Robinhouse (telegram channel), @KryptonZambie (telegram channel), @Zshadow88606863 (Twitter account), CyberBlackMouse (Facebook account)

💰Cybercrime

Mercenary

Finalized

United States/North AmericaIndia

🐀

Labrat operator

💰Cybercrime

Cryptojacking

Stub

🫗

LAPSUS$

Strawberry Tempest (MS), DEV-0537 (MS)

💰Cybercrime

Extortionist

Featured

⚰️

Lazarus Group

Labyrinth Chollima, HIDDEN COBRA, Guardians of Peace, ZINC, NICKEL ACADEMY, Diamond Sleet, APT38

🇰🇵

State-Sponsored

Stub

United States/North America

AerospaceEntertainment

🍋

LemonDuck

💰Cybercrime

Botnet Operator

Stub

😈

Lucifer operator

💰Cybercrime

Stub

👺

Magnet Goblin

💰Cybercrime

Stub

🦭

Manatee Tempest

💰Cybercrime

Stub

😿

Meow

💰Cybercrime

Hacktivist

Stub

🏁

Migo operator

💰Cybercrime

Cryptojacking

Stub

📝

Mimo operator

💰Cybercrime

Botnet OperatorCryptojacking

Stub

🪞

Mirai

💰Cybercrime

Stub

🏦

Mispadu operator

Mispadu stealer

💰Cybercrime

Data Exfil.

Finalized

Latin America

🦟

Mozi Botnet operator

Botnet Operator

Stub

AsiaEast AsiaEastern Europe

💧

MuddyWater

MuddyWater (CHKP), Mango Sandstorm (MS), Mercury (MS)

🇮🇷/MOIS

State-Sponsored

Finalized

Middle East

🍥

Muhstik operator

💰Cybercrime

Botnet Operator

Stub

🏎️

Mustang Panda

BASIN, BRONZE PRESIDENT, Earth Preta, HoneyMyte, LuminousMoth, Polaris, Red Lich, Stately Taurus, TA416, TANTALUM, TEMP.HEX, Twill Typhoon

🇨🇳

State-Sponsored

Finalized

United States/North AmericaEuropeSoutheast Asia

GovernmentNon-governmental organizations (NGOs)Telecommunication

MUT-1692

Not started

📄

Nickolas Sharp

🥷Insider threat

Stub

NullBulge

Not started

🦠

P2PInfect

💰Cybercrime

Botnet Operator

Finalized

📄

Paige Thompson

erratic

💰Cybercrime

Stub

🍑

Peach Sandstorm

APT33 (Mandiant), HOLMIUM (MS), Refined Kitten (CS), Elfin, Magic Hound

🇮🇷/IRGC

State-Sponsored

Finalized

Middle East

PharmaceuticalMilitary

🐱

Pioneer Kitten

Lemon Sandstorm, RUBIDIUM

🇮🇷

State-SponsoredRansomOps

Finalized

Middle EastUnited States/North America

FinanceHealthcare/MedicalMilitaryEducation

🔥

Prometei operator

Botnet Operator

Not started

🕷️

Prophet Spider

Gold Melody (SecureWorks)

💰Cybercrime

RansomOps

Stub

🧵

PyLoose operator

💰Cybercrime

Cryptojacking

Stub

Red Menshen

Not started

🍎

Redigo operator

💰Cybercrime

Botnet Operator

Stub

Stub

Stub

Not started

Not started

💰Cybercrime

Cryptojacking

Stub

💒

RomCom

Storm-0978

🇷🇺

ExtortionistRansomOps

Stub

🎏

RUBYCARP

🇷🇴

Botnet OperatorCryptojacking

Finalized

🌊

Salt Typhoon

Earth Estries, FamousSparrow, GhostEmperor, UNC2286

🇨🇳

State-Sponsored

Finalized

United States/North AmericaSoutheast AsiaAfrica

TechnologicalGovernmentTelecommunication

🐛

Sandworm

🇷🇺/GRU

State-Sponsored

Stub

🐍

ScarletEel

💰Cybercrime

Data Exfil.Cryptojacking

Finalized

Seashell Blizzard

Not started

🐢

SeaTurtle

Cosmic Wolf (Talos), Teal Kurma, Silicon, UNC1326

🇹🇷

State-Sponsored

Stub

🌒

ShadowSyndicate

ShadowSyndicate (Group-IB), Infra Storm (Group-IB)

💰Cybercrime

RansomOpsExtortionist

Finalized

Not started

SilentBob (Permiso)

💰Cybercrime

Cryptojacking

Stub

🌀

Silk Typhoon

HAFNIUM, Murky Panda

🇨🇳

State-SponsoredData Exfil.

Finalized

United States/North AmericaSoutheast AsiaLatin AmericaEurope

GovernmentNon-governmental organizations (NGOs)Telecommunication

⛏️

Siloscape operator

Unknown

Stub

🗺️

SkidMap operator

💰Cybercrime

Cryptojacking

Stub

💿

SmoothOperator

Labyrinth Chollima (CS), UNC4736 (Mandiant)

🇰🇵

State-Sponsored

Stub

Not started

Not started

Stub

Storm-0558 (MS)

🇨🇳

State-Sponsored

Stub

Stub

Storm-1283 (MS)

Unknown

Stub

🌩️

STORM-1849

UAT4356

🇨🇳

State-SponsoredData Exfil.

Finalized

Government

Storm-1977

Not started

Sysrv botnet operator

Not started

🏣

TargetCompany

Mallox

💰Cybercrime

RansomOps

Finalized

TeamPCP

PCPcat, ShellForce, DeadCatx3, CipherForce

💰Cybercrime

Stub

💣

TeamTNT

Adept Libra (PA)

💰Cybercrime

Cryptojacking

Featured

🎫

TellYouThePass Gang

💰Cybercrime

RansomOps

Finalized

TGR-CRI-0045

Not started

💰

TraderTraitor

UNC4899, Jade Sleet

🇰🇵

State-SponsoredCryptojacking

Finalized

FinanceCryptocurrency trade

📐

Trigona operator

💰Cybercrime

RansomOps

Finalized

TRIPLESTRENGTH

Not started

🧸

UAT-7237

🇨🇳

State-Sponsored

Stub

Not started

Not started

Scarred Manticore, HTTPSnoop

🇮🇷/MOIS

State-Sponsored

Finalized

UNC2165

Not started

💡

UNC2903

UNC2903 (Mandiant)

💰Cybercrime

Stub

💡

UNC2970

UNC2970 (Mandiant)

🇰🇵

State-Sponsored

Stub

💡

UNC3379

Cryptojacking

Stub

💡

UNC3886

UNC3886 (Mandiant)

🇨🇳

State-Sponsored

Stub

💡

UNC4841

UNC4841 (Mandiant)

🇨🇳

Stub

💡

UNC5174

Uteus

🇨🇳

State-SponsoredHacktivist

Finalized

💡

UNC5221

🇨🇳

Stub

Stub

Stub

Not started

Not started

Not started

Not started

Not started

Not started

Insidious Taurus (PA), Vanguard Panda, DEV-0391

🇨🇳

State-Sponsored

Finalized

United States/North America

TelecommunicationEnergy

Warlock operator

Not started

🐶

WatchDog

💰Cybercrime

Cryptojacking

Stub

🐉

Water Hydra

DarkCasino

💰Cybercrime

State-SponsoredData Exfil.

Finalized

Not started

Not started

APT17

🇨🇳

Stub

Gaming

👱‍♀️

Xanthe operator

💰Cybercrime

Cryptojacking

Stub

0️⃣

z0miner

💰Cybercrime

Cryptojacking

Stub

Not started