GROUP LIST  H  GROUP LIST  GROUP(214)


A B C D E F G H I J K L M N O P Q R S T U V W X Y Z  0 #


  -=TWELVE=      
21.03.2025 -=TWELVE= -=TWELVE=- is back GROUP GROUP
  8220 Mining Group      
07.03.2024 8220 Mining Group Returned Libra, also known as 8220 Mining Group, is a cloud threat actor group that has been active since at least 2017. Group Cryptocurrency
  Actor UNC3886      
13.03.2025 Actor UNC3886 Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers GROUP GROUP
Actor240524
15.08.2024 Actor240524 New APT Group Actor240524: A Closer Look at Its Cyber Tactics Against Azerbaijan and Israel GROUP APT
  Andariel      
20.03.2024 Andariel Andariel Group (MeshAgent) is attacking by abusing domestic asset management solutions Group Group
03.06.2024 Andariel  Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group) GROUP APT
  Andariel       
16.05.2024 APT GROUP123 Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. It is also tracked under other names such as APT37, Reaper, and ScarCruft by various cybersecurity firms. GROUP APT
19.07.2025 APT PROFILE – FANCY BEAR Fancy Bear, also known as APT28, is a notorious Russian cyberespionage group with a long history of targeting governments, military entities, and other high-value GROUP APT
  APT32      
06.03.2024 APT32 Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. Group APT
  APT37      
27.02.2026 APT37 APT37 Adds New Capabilities for Air-Gapped Networks GROUP GROUP
  APT45      
26.07.2024 APT45 APT45: North Korea’s Digital Military Machine GROUP APT
  APT-C-36      
14.03.2024 APT-C-36 Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.  Group APT
  AridViper      
12.12.2025 AridViper AridViper, an intrusion set allegedly associated with Hamas GROUP GROUP
  BatShadow      
08.10.2025 BatShadow BatShadow: Vietnamese Threat Actor Expands Its Digital Operations GROUP GROUP
27.03.2026 Bearlyfy  Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware GROUP GROUP
  BianLian      
11.03.2024 BianLian BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organizations in multiple U.S. critical infrastructure sectors since June 2022. Group Ransomware
  Billbug      
22.04.2025 Billbug Billbug: Intrusion Campaign Against Southeast Asia Continues GROUP Espionage group
  Bitter Group      
05.06.2025 Bitter Group Bitter Group Distributes CHM Malware to Chinese Organizations GROUP GROUP
  BlackJack      
26.09.2024 BlackJack BlackJack is a hacktivist group that emerged at the end of 2023, targeting companies based in Russia.  GROUP Hacktivist 
  BlackTech      
02.03.2024 BlackTech BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes and domain names of some of their C&C servers, BlackTech’s campaigns are likely designed to steal their target’s technology. Group CyberSpy
  Bloody Wolf      
28.11.2025 Bloody Wolf Bloody Wolf: A Blunt Crowbar Threat To Justice GROUP GROUP
11.04.2025 Bloody Wolf Bloody Wolf evolution: new targets, new tools GROUP GROUP
  Blue(Noroff)      
20.06.2025 Blue(Noroff) Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion GROUP GROUP
01.03.2024 Bohrium  Bohrium is an Iranian threat actor that has been involved in spear-phishing operations targeting organizations in the US, Middle East, and India. Group Group
  Bohrium       
  BrazenBamboo       
16.11.2024 BrazenBamboo  BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA GROUP GROUP
  BRONZE VINEWOOD      
27.03.2024 BRONZE VINEWOOD DETAILS ON BRONZE VINEWOOD, IMPLICATED IN TARGETING OF THE U.S. ELECTION CAMPAIGN Group APT
  Cloud Atlas      
12.09.2025 Cloud Atlas Cloud Atlas seen using a new tool in its attacks GROUP GROUP
14.03.2026 CL-STA-1087 Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia GROUP CLUSTER
26.09.2025 COLDRIVER COLDRIVER Updates Arsenal with BAITSWITCH and SIMPLEFIX GROUP GROUP
19.01.2024 COLDRIVER Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware Group Group
03.02.2024 COLDRIVER  The Coldriver Group, also known as Callisto and SEABORGIUM, is a threat actor known to attack government organizations, think tanks, and journalists in Europe and the Caucasus regions through spearphishing campaigns. Group Group
COLDRIVER 
  Commando Cat      
07.06.2024 Commando Cat Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers GROUP Cryptojacking
04.10.2025 Confucius  Confucius threat group evolves from document stealers to Python backdoors, showcasing the growing sophistication of state-aligned cyber campaigns  GROUP GROUP
  Confucius       
30.08.2025 COOKIE SPIDER Falcon Platform Prevents COOKIE SPIDER’s SHAMOS Delivery on macOS GROUP GROUP
01.03.2026 COOKIE SPIDER  COOKIE SPIDER (active since at least October 2018) develops and rents Atomic macOS Stealer (AMOS), an information stealer targeting macOS victims via multiple delivery methods, including search engine optimization (SEO) poisoning, fake job advertisements, and malicious VSCode extensions.  GROUP GROUP
  COOKIE SPIDER       
  CoralRaider      
05.04.2024 CoralRaider CoralRaider targets victims’ data and social media accounts Group Group
  Core Werewolf      
11.04.2025 Core Werewolf Core Werewolf hones its arsenal against Russia’s government organizations GROUP GROUP
11.09.2024 CosmicBeetle  CosmicBeetle steps up: Probation period at RansomHub GROUP RANSOMWARE
  CosmicBeetle       
  Crypt Ghouls      
28.10.2024 Crypt Ghouls Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia GROUP GROUP
  CryptoChameleon      
02.11.2025 CryptoChameleon CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack GROUP GROUP
  CRYSTALRAY      
14.07.2024 CRYSTALRAY CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools GROUP GROUP
  Cuckoo Spear      
02.08.2024 Cuckoo Spear Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies GROUP GROUP
27.07.2024 Cuckoo Spear Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation. GROUP GROUP
  Curly COMrades      
06.11.2025 Curly COMrades Curly COMrades: Evasion and Persistence via Hidden Hyper-V Virtual Machines GROUP GROUP
  Daggerfly      
24.07.2024 Daggerfly Daggerfly: Espionage Group Makes Major Update to Toolset GROUP Espionage
  Dark Caracal      
06.03.2025 Dark Caracal The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT GROUP APT
  DarkCasino      
14.03.2024 DarkCasino DarkCasino is an economically motivated APT group that targets online trading platforms, including cryptocurrencies, online casinos, network banks, and online credit platforms.  Group APT
  Detour Dog      
04.10.2025 Detour Dog GROUP GROUP GROUP
  Diesel Vortex      
01.03.2026 Diesel Vortex Diesel Vortex: Inside the Russian cybercrime group targeting US & EU freight GROUP GROUP
  Dire Wolf      
26.06.2025 Dire Wolf Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors GROUP GROUP
  DPRK      
17.10.2025 DPRK DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains GROUP GROUP
  DragonForce      
27.09.2024 DragonForce Inside the Dragon: DragonForce Ransomware Group GROUP RANSOMWARE
  DragonRank      
10.02.2025 DragonRank Trend Micro researchers observed an SEO manipulation campaign that highlights the need for organizations using Internet Information Services (IIS) to proactively update and patch systems to prevent exploitation by threat actors that use malware like BadIIS in their campaigns. GROUP Campaigns
13.09.2024 DragonRank DragonRank, a Chinese-speaking SEO manipulator service provider GROUP GROUP
  Earth Freybug      
02.04.2024 Earth Freybug This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.  Group Group
  Earth Krahang      
27.03.2024 Earth Krahang Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks Group APT
  Earth Lusca       
27.03.2024 Earth Lusca  Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections Group APT
  Elephant Beetle      
25.03.2025 Elephant Beetle Elephant Beetle: Uncovering an Organized Financial-Theft Operation GROUP GROUP
27.09.2024 Embargo  Embargo Ransomware Group Strikes DME Delivers in Cyber Attack GROUP RANSOMWARE
  Embargo       
  Evasive Panda      
07.03.2024 Evasive Panda Evasive Panda is an APT group that has been active since at least 2012, conducting cyberespionage targeting individuals, government institutions and organizations.  Group APT
  Everest Ransomware Group      
10.04.2025 Everest Ransomware Group Threat Actor Profile GROUP Ransomware
  ExCobalt      
26.06.2024 ExCobalt ExCobalt: GoRed, the hidden-tunnel technique GROUP Cyber Gang
  Famous Chollima      
17.10.2025 Famous Chollima Famous Chollima deploying Python version of GolangGhost RAT GROUP GROUP
27.03.2025 FamousSparrow  You will always remember this as the day you finally caught FamousSparrow GROUP APT
  FamousSparrow       
  FANCY BEAR      
  FIN6      
11.06.2025 FIN6 Eggs in a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery GROUP GROUP
  FIN7      
19.04.2024 FIN7 Threat Group FIN7 Targets the U.S. Automotive Industry Group APT
  FIN9      
26.06.2024 FIN9 Inside the DEA Tool Hackers Allegedly Used to Extort Targets GROUP APT
23.07.2024 FLUXROOT  A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity,... GROUP HACKING
  FLUXROOT       
31.05.2024 FlyingYeti  Cloudforce One is publishing the results of our investigation and real-time effort to detect, deny, degrade, disrupt, and delay threat activity by the Russia-aligned threat actor FlyingYeti during their latest phishing campaign targeting Ukraine. Group Group
  FlyingYeti       
  GamaCopy      
27.01.2025 GamaCopy Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia GROUP GROUP
Gamaredon 
12.12.2024 Gamaredon  Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware.  GROUP APT
  GambleForce      
06.02.2024 GambleForce Analysis of TTPs tied to GambleForce, which carried out SQL injection attacks against companies in the APAC region  Group Group
  Game of Emperor      
26.11.2024 Game of Emperor Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions GROUP GROUP
  Gelsemium       
21.11.2024 Gelsemium  Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine GROUP GROUP
  GhostSec      
06.03.2024 GhostSec GhostSec is a hacktivist group that emerged as an offshoot of Anonymous.  Group Ransomware
  GhostWriter      
07.06.2024 GhostWriter Ghostwriter is referred as an 'activity set', with various incidents tied together by overlapping behavioral characteristics and personas, rather than as an actor or group in itself.  GROUP GROUP
  GitCaught      
21.05.2024 GitCaught GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure Group Group
  GLOBAL GROUP      
16.07.2025 GLOBAL GROUP GLOBAL GROUP: Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates GROUP RANSOMWARE
11.04.2025 GOFFEE  GOFFEE continues to attack organizations in Russia GROUP GROUP
  GOFFEE       
  GROUP123      
  Gunra Ransomware      
09.05.2024 Gunra Ransomware At CYFIRMA, we are committed to delivering timely insights into emerging cyber threats and the evolving tactics of cybercriminals targeting individuals and organizations.  GROUP RANSOMWARE
14.03.2026 Handala Hack Handala Hack is an online persona operated by Void Manticore (aka Red Sandstorm, Banished Kitten), an actor affiliated with Iranian Ministry of Intelligence and Security (MOIS) GROUP GROUP
  Handala Hacking Team      
27.07.2024 Handala Hacking Team Handala Hack: What We Know About the Rising Threat Actor GROUP GROUP
  Hazy Hawk      
20.05.2025 Hazy Hawk From banks to battalions: SideWinder’s attacks on South Asia’s public sector GROUP APT
  Head Mare      
21.03.2025 Head Mare Head Mare: adventures of a unicorn in Russia and Belarus GROUP GROUP
05.09.2024 Head Mare Head Mare: adventures of a unicorn in Russia and Belarus GROUP GROUP
  Hezi Rash      
01.11.2025 Hezi Rash Hezi Rash: Rising Kurdish Hacktivist Group Targets Global Sites GROUP GROUP
  Hive0145      
04.10.2025 Hive0145 Hive0145 back in German inboxes with Strela Stealer and a backdoor GROUP GROUP
  Hive0154      
27.06.2025 Hive0154 Hive0154 aka Mustang Panda shifts focus on Tibetan community to deploy Pubload backdoor GROUP GROUP
  ChamelGang      
27.06.2024 ChamelGang ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware Group Gang
  ITG05       
18.03.2024 ITG05  Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns Group Group
  Jasper Sleet      
08.03.2026 Jasper Sleet Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations GROUP GROUP
  JavaGhost’s      
04.03.2025 JavaGhost’s JavaGhost’s Persistent Phishing Attacks From the Cloud GROUP GROUP
  JINX-0132      
03.06.2025 JINX-0132 The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul.  GROUP GROUP
  KADOKAWA      
30.06.2024 KADOKAWA Service Outages on Multiple Websites of the KADOKAWA Gro GROUP GROUP
  Kimsuky      
24.03.2024 Kimsuky The Updated APT Playbook: Tales from the Kimsuky threat actor group Group APT
06.03.2024 Kimsuky JOINT CYBERSECURITY ADVISORY North Korean Advanced Persistent Threat Focus: Kimsuky Group APT
  Kinsing      
18.05.2024 Kinsing Kinsing Demystified A Comprehensive Technical Guide Group Hacking
  LARVA-208      
08.03.2025 LARVA-208 (EncryptHub) is a threat actor that has come to the forefront with highly sophisticated spear-phishing attacks since 26 June 2024. GROUP GROUP
  Larva-24005      
22.04.2025 Larva-24005 During the breach investigation process, the AhnLab SEcurity intelligence Center (ASEC) discovered a new operation related to the Kimsuky group and named it Larva-24005.1  GROUP APT Group Profiles
  LightBasin      
02.03.2024 LightBasin UNC1945 is an APT group that has been targeting telecommunications companies globally. They use Linux-based implants to maintain long-term access in compromised networks. Group APT
  LilacSquid      
30.05.2024 LilacSquid The stealthy trilogy of PurpleInk, InkBox and InkLoader Group Group
  LIMINAL PANDA      
19.11.2024 LIMINAL PANDA Unveiling LIMINAL PANDA: A Closer Look at China's Cyber Threats to the Telecom Sector GROUP GROUP
  LitterDrifter      
03.02.2024 LitterDrifter Malware Spotlight – Into the Trash: Analyzing LitterDrifter Group Group
  Lord Nemesis Strikes      
26.03.2024 Lord Nemesis Strikes “Lord Nemesis Strikes: Supply Chain Attack on the Israeli Academic Sector  Group Hacktivism
  Lotus Panda      
06.03.2025 Lotus Panda Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools GROUP APT
  Marko Polo      
22.09.2024 Marko Polo “Marko Polo” Navigates Uncharted Waters With Infostealer Empire GROUP GROUP
10.01.2025 MirrorFace  China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. GROUP GROUP
  MirrorFace       
06.08.2024 Moonstone Sleet Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access GROUP GROUP
29.05.2024 Moonstone Sleet  Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks Group APT
  Moonstone Sleet       
  Muddled Libra      
16.04.2024 Muddled Libra Muddled Libra also uses the legitimate scalability and native functionality of CSP services to create new resources to assist with data exfiltration. Group Group
  MuddyWater      
16.07.2024 MuddyWater MuddyWater replaces Atera by custom MuddyRot implant in a recent campaign GROUP GROUP
  MURKY PANDA      
22.08.2025 MURKY PANDA MURKY PANDA: A Trusted-Relationship Threat in the Cloud GROUP GROUP
  MUT-1244      
14.12.2024 MUT-1244 Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials GROUP GROUP
  NARWHAL SPIDER      
28.03.2024 NARWHAL SPIDER NARWHAL SPIDER’s operation of Cutwail v2 was limited to country-specific spam campaigns, although late in 2019 there appeared to be an effort to expand by bringing in INDRIK SPIDER as a customer.  Group APT
  NICKEL TAPESTRY      
16.01.2025 NICKEL TAPESTRY NICKEL TAPESTRY Infrastructure Associated with Crowdfunding Scheme GROUP GROUP
  NOVA      
11.04.2025 NOVA Attackers use a fork of a popular stealer to target Russian companies GROUP GROUP
  Patchwork      
25.07.2024 Patchwork The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel C4 and an enhanced version of PGoShell GROUP GROUP
02.03.2024 Peach Sandstorm  Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government.  Group APT
  Peach Sandstorm       
  Phantom Taurus      
04.10.2025 Phantom Taurus Phantom Taurus is a previously undocumented nation-state actor whose espionage operations align with People’s Republic of China (PRC) state interests. Over the past two and a half years, Unit 42 researchers have observed Phantom Taurus targeting government and telecommunications organizations across Africa, the Middle East, and Asia.  GROUP GROUP
  PoisonSeed      
22.07.2025 PoisonSeed PoisonSeed downgrading FIDO key authentications to ‘fetch’ user accounts GROUP GROUP
  Prolific Puma      
23.07.2024 Prolific Puma Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma GROUP Ransomware
  Proton66      
22.04.2025 Proton66 Proton66 Part 1: Mass Scanning and Exploit Campaigns GROUP GROUP
04.04.2025 Proton66 Bulletproof Hosting Networks and Proton66 GROUP GROUP
  PurpleBravo      
22.01.2026 PurpleBravo PurpleBravo’s Targeting of the IT Software Supply Chain GROUP GROUP
  RedCurl      
26.03.2025 RedCurl In mid to late 2024, Huntress uncovered activity across several organizations in Canada, with similar infrastructure and TTPs used that can be associated with the APT group known as RedCurl (aka Earth Kapre and Red Wolf). GROUP APT
  RedDelta      
10.01.2025 RedDelta Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain GROUP GROUP
25.09.2025 RedNovember  RedNovember Targets Government, Defense, and Technology Organizations GROUP GROUP
  RedNovember       
  RomCom      
26.11.2024 RomCom RomCom exploits Firefox and Windows zero days in the wild GROUP GROUP
  Salt Typhoon      
22.02.2025 Salt Typhoon Weathering the storm: In the midst of a Typhoon GROUP APT
  Sapphire Slee      
23.11.2024 Sapphire Slee Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON GROUP GROUP
  Sapphire Werewolf      
11.04.2025 Sapphire Werewolf Sapphire Werewolf refines Amethyst stealer to attack energy companies GROUP GROUP
  Scattered LAPSUS$      
13.09.2025 Scattered LAPSUS$ The Cybercrime Group Redefining Threats GROUP GROUP
  Scattered LAPSUS$ Hunters      
26.02.2026 Scattered LAPSUS$ Hunters Cyber Intel Brief: Scattered Lapsus$ Hunters (SLH) Kicks Off Campaign to Recruit Women GROUP GROUP
  Scattered Spider      
02.03.2024 Scattered Spider Scattered Spider, a highly active hacking group, has made headlines by targeting more than 130 organizations, with the number of victims steadily increasing.  Group Hacking
  Secret Blizzard      
11.12.2024 Secret Blizzard Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine GROUP GROUP
10.03.2026 Sednit  Sednit reloaded: Back in the trenches GROUP GROUP
  ShadowSyndicate      
25.05.2024 ShadowSyndicate No sleep until the Cybercrime Fighters Club is done with finding the answer as to who is behind this new ransomware-as-a-service affiliate.  Group Group
  SHARP DRAGON      
24.05.2024 SHARP DRAGON SHARP DRAGON EXPANDS TOWARDS AFRICA AND THE CARIBBEAN Group APT  
  Shuckworm      
03.02.2024 Shuckworm Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine Group Group
  Silk Typhoon      
06.03.2025 Silk Typhoon Silk Typhoon targeting IT supply chain GROUP APT
  SloppyLemming      
03.03.2026 SloppyLemming SloppyLemming is an advanced actor that uses multiple cloud service providers to facilitate different aspects of their activities, such as credential harvesting, malware delivery and command and control (C2). This actor conducts extensive operations targeting Pakistani, Sri Lanka, Bangladesh, and China.  GROUP GROUP
  Slow Pisces      
15.04.2025 Slow Pisces Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware GROUP GROUP
  Space Pirates      
25.05.2024 Space Pirates Space Pirates: analyzing the tools and connections of a new hacker group Group Group
  Springtail      
24.03.2024 Springtail Springtail APT group abuses valid certificate of known Korean public entity Group APT
  Stan Ghouls      
09.02.2026 Stan Ghouls Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT GROUP GROUP
  Starry Addax      
09.04.2024 Starry Addax Starry Addax targets human rights defenders in North Africa with new malware Group Group
  Sticky Werewolf      
10.06.2024 Sticky Werewolf Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks GROUP GROUP
  Storm-0539      
27.05.2024 Storm-0539 Navigating cyberthreats and strengthening defenses in the era of AI Group Group
  Storm-1811      
16.05.2024 Storm-1811 Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Group Group
  Storm-2372      
15.02.2025 Storm-2372 Storm-2372 conducts device code phishing campaign GROUP Phishing
14.03.2026 Storm-2561 Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft GROUP GROUP
  Storm-2603      
15.02.2026 Storm-2603 Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware  GROUP GROUP
  TA397      
17.12.2024 TA397 Proofpoint observed advanced persistent threat (APT) TA397 targeting a Turkish defense sector organization with a lure about public infrastructure projects in Madagascar.   GROUP GROUP
  TA406      
13.05.2024 TA406 TA406 began targeting government entities in Ukraine, delivering both credential harvesting and malware in its phishing campaigns. The aim of these campaigns is likely to collect intelligence on the trajectory of the Russian invasion.  GROUP CAMPAIGN
05.04.2026 TA416  I’d come running back to EU again: TA416 resumes European government espionage campaigns GROUP GROUP
  TA450      
26.03.2024 TA450 Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign  Group APT
  TA453      
21.08.2024 TA453 Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset GROUP GROUP
  TA4903      
07.03.2024 TA4903 TA4903: Actor Spoofs U.S. Government, Small Businesses in Phishing, BEC Bids  Group Phishing
  TA547      
12.04.2024 TA547 Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer Group Group
  TA577      
05.03.2024 TA577 TA577’s Unusual Attack Chain Leads to NTLM Data Theft  Group Group
  TA585      
16.10.2025 TA585 When the monster bytes: tracking TA585 and its arsenal GROUP GROUP
  TAG-100      
18.07.2024 TAG-100 TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies GROUP GROUP
  TAG-110      
27.05.2025 TAG-110 Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents GROUP GROUP
22.11.2024 TAG-110 Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY GROUP GROUP
  TAG-112      
22.11.2024 TAG-112 China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike GROUP GROUP
  TAG-124      
04.10.2025 TAG-124 TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base  GROUP GROUP
  TAG-144      
27.08.2025 TAG-144 TAG-144’s Persistent Grip on South American Organizations GROUP GROUP
  TAG-70      
19.02.2024 TAG-70 Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign Group Group
  ToddyCat      
25.11.2025 ToddyCat ToddyCat: your hidden email assistant. Part 1 GROUP GROUP
  Tortoiseshell      
01.03.2024 Tortoiseshell A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. Group Group
26.04.2025 ToyMaker  Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs GROUP IAB
  ToyMaker       
  TraderTraitor      
27.02.2025 TraderTraitor TraderTraitor: North Korean State-Sponsored GROUP GROUP
  TWELVE      
21.09.2024 TWELVE -=TWELVE=- is back GROUP GROUP
  UAC-0006      
31.05.2024 UAC-0006 UAC-0006 is a financially motivated threat actor that has been active since at least 2013.  Group Group
  UAC-0027      
03.02.2024 UAC-0027 UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware Group Group
  UAC-0063      
25.01.2025 UAC-0063 UAC-0063: Cyber Espionage Operation Expanding from Central Asia GROUP GROUP
14.01.2025 UAC-0063 Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations GROUP GROUP
07.01.2026 UAC-0184  UAC-0184 GROUP GROUP
  UAC-0184       
  UAC-0218      
10.10.2025 UAC-0218 UAC-0218 Attack Detection: Adversaries Steal Files Using HOMESTEEL Malware GROUP GROUP
  UAC-0219      
10.10.2025 UAC-0219 UAC-0219 is a hacking group observed conducting cyber-espionage operations targeting Ukrainian critical sectors, primarily utilising WRECKSTEEL malware for file exfiltration in both VBScript and PowerShell variants. GROUP GROUP
  UAC-0226      
10.10.2025 UAC-0226 UAC-0226 is a cyber-espionage group targeting Ukrainian military, law enforcement, and local government entities—particularly near the eastern border—since February 2025. GROUP GROUP
28.06.2025 UAC-0226 UAC-0226 is a cyber-espionage group targeting Ukrainian military, law enforcement, and local government entities—particularly near the eastern border—since February 2025. GROUP GROUP
03.04.2026 UAT-10608 UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications GROUP GROUP
  UAT-5647      
27.10.2024 UAT-5647 UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants GROUP APT
  UAT-5918      
21.03.2025 UAT-5918 UAT-5918 targets critical infrastructure entities in Taiwan GROUP GROUP
  UAT-6382      
22.05.2025 UAT-6382 UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware GROUP GROUP
  UAT-7237      
17.08.2025 UAT-7237 UAT-7237 targets Taiwanese web hosting infrastructure GROUP GROUP
  UAT-7290      
08.01.2026 UAT-7290 UAT-7290 targets high value telecommunications infrastructure in South Asia GROUP GROUP
  UAT-8099      
02.02.2026 UAT-8099 Dissecting UAT-8099: New persistence mechanisms and regional focus GROUP GROUP
04.10.2025 UAT-8099 UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud GROUP GROUP
  UAT-8837      
16.01.2026 UAT-8837 UAT-8837 targets critical infrastructure sectors in North America GROUP GROUP
  UAT-9244      
06.03.2026 UAT-9244 UAT-9244 targets South American telecommunication providers with three new malware implants GROUP GROUP
  UAT-9686      
25.01.2026 UAT-9686 UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager GROUP GROUP
  UAT-9921      
14.02.2026 UAT-9921 New threat actor, UAT-9921, leverages VoidLink framework in campaigns GROUP GROUP
  UNC1069      
01.04.2026 UNC1069 North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack GROUP GROUP
11.02.2026 UNC1069 UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering GROUP GROUP
24.04.2025 UNC1069 (Active since at least April 2018), which targets diverse industries for financial gain using social engineering ploys by sending fake meeting invites and posing as investors from reputable companies on Telegram to gain access to victims' digital assets and cryptocurrency GROUP GROUP
  UNC1151      
11.10.2025 UNC1151 UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests GROUP GROUP
26.02.2025 UNC1151 UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence GROUP GROUP
01.03.2024 UNC1549  When Cats Fly: Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors BigBrother CyberSpy
  UNC1549       
  UNC1945      
06.03.2024 UNC1945 UNC1945 is an APT group that has been targeting telecommunications companies globally.  Group APT
  UNC2814      
26.02.2026 UNC2814 Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign GROUP GROUP
  UNC302      
22.03.2024 UNC302 BRONZE SPRING is a threat group that CTU researchers assess with high confidence operates on behalf of China in the theft of intellectual property from defense, engineering, pharmaceutical and technology companies Group Group
  UNC3886      
10.02.2026 UNC3886 Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector GROUP GROUP
19.06.2024 UNC3886 Cloaked and Covert: Uncovering UNC3886 Espionage Operations GROUP CAMPAIGN
22.03.2024 UNC3886 UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns. Group Group
01.03.2024 UNC3886 UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns. UNC3886 has been observed targeting firewall and virtualization technologies which lack EDR support. Group Group
  UNC4736      
24.04.2025 UNC4736 UNC4736 is a North Korean threat actor that has been involved in supply chain attacks targeting software chains of 3CX and X_TRADER. They have used malware strains such as TAXHAUL, Coldcat, and VEILEDSIGNAL to compromise Windows and macOS systems.  GROUP GROUP
  UNC4899      
24.04.2025 UNC4899 (Active since 2022), which is known for orchestrating job-themed campaigns that deliver malware as part of a supposed coding assignment and has previously staged supply chain compromises for financial gain (Overlaps with Jade Sleet, PUKCHONG, Slow Pisces, and TraderTraitor) GROUP GROUP
14.06.2024 UNC4899 Insights on Cyber Threats Targeting Users and Enterprises in Brazil GROUP GROUP
  UNC4990      
01.02.2024 UNC4990 Evolution of UNC4990: Uncovering USB Malware's Hidden Depths Group Group
  UNC5142      
17.10.2025 UNC5142 New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware GROUP GROUP
  UNC5174      
16.04.2025 UNC5174 UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell GROUP GROUP
05.10.2025 UNC5174  UNC5174, a Chinese state-sponsored threat actor, has been identified by Mandiant for exploiting critical vulnerabilities in F5 BIG-IP and ScreenConnect. They have been linked to targeting research and education institutions, businesses, charities, NGOs, and government organizations in Southeast Asia, the U.S., and the UK GROUP GROUP
  UNC5174       
  UNC5221      
22.03.2024 UNC5221 While Volexity largely observed the attacker essentially living off the land, they still deployed a handful of malware files and tools during the course of the incident which primarily consisted of webshells, proxy utilities, and file modifications to allow credential harvesting. Group Group
02.02.2024 UNC5221 UNC5221: Unreported and Undetected WIREFIRE Web Shell Variant Group CyberSpy
  UNC5342      
24.04.2025 UNC5342 (Active since at least December 2022), which is also known for employing job-related lures to trick developers into running malware-laced projects (Overlaps with Contagious Interview, DeceptiveDevelopment, DEV#POPPER, and Famous Chollima) GROUP GROUP
  UNC5537      
19.07.2024 UNC5537 UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion GROUP GROUP
11.06.2024 UNC5537 UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion GROUP GROUP
  UNC5812      
28.10.2024 UNC5812 Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives GROUP GROUP
  UNC6040      
05.06.2025 UNC6040 The Cost of a Call: From Voice Phishing to Data Extortion GROUP GROUP
  UNC6384      
01.11.2025 UNC6384 UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities GROUP GROUP
  UNC6395      
27.08.2025 UNC6395 Widespread Data Theft Targets Salesforce Instances via Salesloft Drift GROUP GROUP
  Unfading Sea Haze      
23.05.2024 Unfading Sea Haze Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea Group Group
  Unfurling Hemlock      
30.06.2024 Unfurling Hemlock Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware  GROUP GROUP
  UNG0002      
19.07.2025 UNG0002 UNG0002: Regional Threat Operations Tracked Across Multiple Asian Jurisdictions GROUP APT
  UNG0801      
27.12.2025 UNG0801 Key Targets. Industries Affected. Geographical Focus. Infection Chain – Operation IconCat. Infection Chain – I. Infection Chain – II. Campaign-Analysis – Operation IconCat. Campaign-I Initial Findings. Looking into the malicious PDF File. Technical Analysis. Malicious PyInstaller implant – PYTRIC... GROUP GROUP
  Unit 29155      
09.09.2024 Unit 29155 Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure GROUP Military group
  UNK_SmudgedSerpent      
05.11.2025 UNK_SmudgedSerpent Crossed wires: a case study of Iranian espionage and attribution GROUP GROUP
  UTA0178      
05.04.2024 UTA0178 While Volexity largely observed the attacker essentially living off the land, they still deployed a handful of malware files and tools during the course of the incident which primarily consisted of webshells, proxy utilities, and file modifications to allow credential harvesting. Group Group
  UTG-Q-010      
30.10.2025 UTG-Q-010 Cyber ​​Warfare Amidst Gold's Skyrocketing Price: UTG-Q-010 Group's Supply Chain Attack Strike Directly at the Heart of HongKong's Financial Market GROUP GROUP
21.08.2024 UTG-Q-010 UTG-Q-010: Targeted Attack Campaign Against the AI and Gaming Industry GROUP GROUP
  Vane Viper      
26.09.2025 Vane Viper DNS-Driven Insights into a Malicious Ad Network GROUP GROUP
  Vanilla Tempest      
17.10.2025 Vanilla Tempest Vice Society is a ransomware group that has been active since at least June 2021.  GROUP RANSOMWARE
  Venture Wolf      
11.04.2025 Venture Wolf Venture Wolf attempts to disrupt Russian businesses with MetaStealer GROUP GROUP
  VIGORISH VIPER      
23.07.2024 VIGORISH VIPER GAMBLING IS NO GAME: DNS LINKS BETWEEN CHINESE ORGANIZED CRIME AND SPORTS SPONSORSHIPS GROUP GROUP
  Virtual Invaders      
11.04.2024 Virtual Invaders There is no indication that this campaign is linked to any known group; however, we are tracking the threat actors behind it under the moniker Virtual Invaders. Group Group
  Void Banshee      
16.07.2024 Void Banshee CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks GROUP GROUP
  Void Blizzard      
27.05.2025 Void Blizzard New Russia-affiliated actor Void Blizzard targets critical sectors for espionage GROUP GROUP
  Void Manticore      
21.05.2024 Void Manticore BAD KARMA, NO JUSTICE: VOID MANTICORE DESTRUCTIVE ACTIVITIES IN ISRAEL Group Group
  Volt Typhoon      
02.02.2024 Volt Typhoon [Microsoft] Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.  Group Group
  Warlock      
12.10.2025 Warlock Warlock: Professional Development, China Ties, and the Multiple Variants it Planned from the Start GROUP RANSOMWARE
  Water Makara      
27.10.2024 Water Makara Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware GROUP GROUP
  Weaver Ant      
25.03.2025 Weaver Ant Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation GROUP GROUP
13.11.2024 WIRTE Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity GROUP GROUP
  WIRTE       
    APT Targets Blockchain Companies