List of groups

APT-C-36
APT-C-36 is a suspected South America espionage group that has been active since at least 2018. The...

APT1
APT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation...

APT12
APT12 is a threat group that has been attributed to China. The group has targeted a variety of victims...

APT16
APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and...

APT17
APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities,...

APT18
APT18 is a threat group that has operated since at least 2009 and has targeted a range of industries,...

APT19
APT19 is a Chinese-based threat group that has targeted a variety of industries, including defense,...

APT28
APT28 is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate...

APT29
APT29 is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR). They...

APT3
APT3 is a China-based threat group that researchers have attributed to China's Ministry of State Security....

APT30
APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares...

APT32
APT32 is a suspected Vietnam-based threat group that has been active since at least 2014. The group...

APT33
APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group...

APT37
APT37 is a North Korean state-sponsored cyber espionage group that has been active since at least 2012....

APT38
APT38 is a North Korean state-sponsored threat group that specializes in financial cyber operations;...

APT39
APT39 is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence...

APT41
APT41 is a threat group that researchers have assessed as Chinese state-sponsored espionage group that...

APT5
APT5 is a China-based espionage actor that has been active since at least 2007 primarily targeting the...

Agrius
Agrius is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations...

Ajax Security Team
Ajax Security Team is a group that has been active since at least 2010 and believed to be operating...

Akira
Akira is a ransomware variant and ransomware deployment entity active since at least March 2023. Akira...

Andariel
Andariel is a North Korean state-sponsored threat group that has been active since at least 2009. Andariel...

Aoqin Dragon
Aoqin Dragon is a suspected Chinese cyber espionage threat group that has been active since at least...

Aquatic Panda
Aquatic Panda is a suspected China-based threat group with a dual mission of intelligence collection...

Axiom
Axiom is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government,...

BITTER
BITTER is a suspected South Asian cyber espionage threat group that has been active since at least 2013....

BRONZE BUTLER
BRONZE BUTLER is a cyber espionage group with likely Chinese origins that has been active since at least...

BackdoorDiplomacy
BackdoorDiplomacy is a cyber espionage threat group that has been active since at least 2017. BackdoorDiplomacy...

BlackOasis
BlackOasis is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group...

BlackTech
BlackTech is a suspected Chinese cyber espionage group that has primarily targeted organizations in...

Blue Mockingbird
Blue Mockingbird is a cluster of observed activity involving Monero cryptocurrency-mining payloads in...

CURIUM
CURIUM is an Iranian threat group, first reported in September 2019 and active since at least July 2018,...

Carbanak
Carbanak is a cybercriminal group that has used Carbanak malware to target financial institutions since...

Chimera
Chimera is a suspected China-based threat group that has been active since at least 2018 targeting the...

Cinnamon Tempest
Cinnamon Tempest is a China-based threat group that has been active since at least 2021 deploying multiple...

Cleaver
Cleaver is a threat group that has been attributed to Iranian actors and is responsible for activity...

Cobalt Group
Cobalt Group is a financially motivated threat group that has primarily targeted financial institutions...

Confucius
Confucius is a cyber espionage group that has primarily targeted military personnel, high-profile personalities,...

CopyKittens
CopyKittens is an Iranian cyber espionage group that has been operating since at least 2013. It has...

Daggerfly
Daggerfly is a People's Republic of China-linked APT entity active since at least 2012. Daggerfly has...

Dark Caracal
Dark Caracal is threat group that has been attributed to the Lebanese General Directorate of General...

DarkHydrus
DarkHydrus is a threat group that has targeted government agencies and educational institutions in the...

DarkVishnya
DarkVishnya is a financially motivated threat actor targeting financial institutions in Eastern Europe....

Darkhotel
Darkhotel is a suspected South Korean threat group that has targeted victims primarily in East Asia...

Deep Panda
Deep Panda is a suspected Chinese threat group known to target many industries, including government,...

Dragonfly
Dragonfly is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB)...

EXOTIC LILY
EXOTIC LILY is a financially motivated group that has been closely linked with Wizard Spider and the...

Earth Lusca
Earth Lusca is a suspected China-based cyber espionage group that has been active since at least April...

Elderwood
Elderwood is a suspected Chinese cyber espionage group that was reportedly responsible for the 2009...

Ember Bear
Ember Bear is a Russian state-sponsored cyber espionage group that has been active since at least 2020,...

Equation
Equation is a sophisticated threat group that employs multiple remote access tools. The group is known...

Evilnum
Evilnum is a financially motivated threat group that has been active since at least 2018.

FIN10
FIN10 is a financially motivated threat group that has targeted organizations in North America since...

FIN13
FIN13 is a financially motivated cyber threat group that has targeted the financial, retail, and hospitality...

FIN4
FIN4 is a financially-motivated threat group that has targeted confidential information related to the...

FIN5
FIN5 is a financially motivated threat group that has targeted personally identifiable information and...

FIN6
FIN6 is a cyber crime group that has stolen payment card data and sold it for profit on underground...

FIN7
FIN7 is a financially-motivated threat group that has been active since 2013. FIN7 has primarily targeted...

FIN8
FIN8 is a financially motivated threat group that has been active since at least January 2016, and known...

Ferocious Kitten
Ferocious Kitten is a threat group that has primarily targeted Persian-speaking individuals in Iran...

Fox Kitten
Fox Kitten is threat actor with a suspected nexus to the Iranian government that has been active since...

GALLIUM
GALLIUM is a cyberespionage group that has been active since at least 2012, primarily targeting telecommunications...

GCMAN
GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency...

GOLD SOUTHFIELD
GOLD SOUTHFIELD is a financially motivated threat group active since at least 2018 that operates the...

Gallmaker
Gallmaker is a cyberespionage group that has targeted victims in the Middle East and has been active...

Gamaredon Group
Gamaredon Group is a suspected Russian cyber espionage threat group that has targeted military, NGO,...

Gorgon Group
Gorgon Group is a threat group consisting of members who are suspected to be Pakistan-based or have...

Group5
Group5 is a threat group with a suspected Iranian nexus, though this attribution is not definite. The...

HAFNIUM
HAFNIUM is a likely state-sponsored cyber espionage group operating out of China that has been active...

HEXANE
HEXANE is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation,...

Higaisa
Higaisa is a threat group suspected to have South Korean origins. Higaisa has targeted government, public,...

INC Ransom
INC Ransom is a ransomware and data extortion threat group associated with the deployment of INC Ransomware...

Inception
Inception is a cyber espionage group active since at least 2014. The group has targeted multiple industries...

IndigoZebra
IndigoZebra is a suspected Chinese cyber espionage group that has been targeting Central Asian governments...

Indrik Spider
Indrik Spider is a Russia-based cybercriminal group that has been active since at least 2014. Indrik...

Ke3chang
Ke3chang is a threat group attributed to actors operating out of China. Ke3chang has targeted oil, government,...

Kimsuky
Kimsuky is a North Korea-based cyber espionage group that has been active since at least 2012. The group...

LAPSUS$
LAPSUS$ is cyber criminal threat group that has been active since at least mid-2021. LAPSUS$ specializes...

Lazarus Group
Lazarus Group is a North Korean state-sponsored cyber threat group that has been attributed to the Reconnaissance...

LazyScripter
LazyScripter is threat group that has mainly targeted the airlines industry since at least 2018, primarily...

Leafminer
Leafminer is an Iranian threat group that has targeted government organizations and business entities...

Leviathan
Leviathan is a Chinese state-sponsored cyber espionage group that has been attributed to the Ministry...

LuminousMoth
LuminousMoth is a Chinese-speaking cyber espionage group that has been active since at least October...

Machete
Machete is a suspected Spanish-speaking cyber espionage group that has been active since at least 2010....

Magic Hound
Magic Hound is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage...

Malteiro
Malteiro is a financially motivated criminal group that is likely based in Brazil and has been active...

Metador
Metador is a suspected cyber espionage group that was first reported in September 2022. Metador has...

Moafee
Moafee is a threat group that appears to operate from the Guandong Province of China. Due to overlapping...

Mofang
Mofang is a likely China-based cyber espionage group, named for its frequent practice of imitating a...

Molerats
Molerats is an Arabic-speaking, politically-motivated threat group that has been operating since 2012....

Moonstone Sleet
Moonstone Sleet is a North Korean-linked threat actor executing both financially motivated attacks and...

Moses Staff
Moses Staff is a suspected Iranian threat group that has primarily targeted Israeli companies since...

MoustachedBouncer
MoustachedBouncer is a cyberespionage group that has been active since at least 2014 targeting foreign...

MuddyWater
MuddyWater is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of...

Mustang Panda
Mustang Panda is a China-based cyber espionage threat actor that was first observed in 2017 but may...

Mustard Tempest
Mustard Tempest is an initial access broker that has operated the SocGholish distribution network since...

Naikon
Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s...

Nomadic Octopus
Nomadic Octopus is a Russian-speaking cyber espionage threat group that has primarily targeted Central...

OilRig
OilRig is a suspected Iranian threat group that has targeted Middle Eastern and international victims...

Orangeworm
Orangeworm is a group that has targeted organizations in the healthcare sector in the United States,...

PLATINUM
PLATINUM is an activity group that has targeted victims since at least 2009. The group has focused on...

POLONIUM
POLONIUM is a Lebanon-based group that has primarily targeted Israeli organizations, including critical...

PROMETHIUM
PROMETHIUM is an activity group focused on espionage that has been active since at least 2012. The group...

Patchwork
Patchwork is a cyber espionage group that was first observed in December 2015. While the group has not...

PittyTiger
PittyTiger is a threat group believed to operate out of China that uses multiple different types of...

Play
Play is a ransomware group that has been active since at least 2022 deploying Playcrypt ransomware...

Poseidon Group
Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group...

Putter Panda
Putter Panda is a Chinese threat group that has been attributed to Unit 61486 of the 12th Bureau of...

RTM
RTM is a cybercriminal group that has been active since at least 2015 and is primarily interested in...

Rancor
Rancor is a threat group that has led targeted campaigns against the South East Asia region. Rancor...

RedCurl
RedCurl is a threat actor active since 2018 notable for corporate espionage targeting a variety of locations,...

Rocke
Rocke is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking,...

Saint Bear
Saint Bear is a Russian-nexus threat actor active since early 2021, primarily targeting entities in...

Sandworm Team
Sandworm Team is a destructive threat group that has been attributed to Russia's General Staff Main...

Scarlet Mimic
Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been...

Scattered Spider
Scattered Spider is a native English-speaking cybercriminal group that has been active since at least...

SideCopy
SideCopy is a Pakistani threat group that has primarily targeted South Asian countries, including Indian...

Sidewinder
Sidewinder is a suspected Indian threat actor group that has been active since at least 2012. They have...

Silence
Silence is a financially motivated threat actor targeting financial institutions in different countries....

Silent Librarian
Silent Librarian is a group that has targeted research and proprietary data at universities, government...

SilverTerrier
SilverTerrier is a Nigerian threat group that has been seen active since 2014. SilverTerrier mainly...

Sowbug
Sowbug is a threat group that has conducted targeted attacks against organizations in South America...

Star Blizzard
Star Blizzard is a cyber espionage and influence group originating in Russia that has been active since...

Stealth Falcon
Stealth Falcon is a threat group that has conducted targeted spyware attacks against Emirati journalists,...

Strider
Strider is a threat group that has been active since at least 2011 and has targeted victims in Russia,...

Suckfly
Suckfly is a China-based threat group that has been active since at least 2014.

TA2541
TA2541 is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing,...

TA459
TA459 is a threat group believed to operate out of China that has targeted countries including Russia,...

TA505
TA505 is a cyber criminal group that has been active since at least 2014. TA505 is known for frequently...

TA551
TA551 is a financially-motivated threat group that has been active since at least 2018. The group has...

TA577
TA577 is an initial access broker (IAB) that has distributed QakBot and Pikabot, and was among the first...

TA578
TA578 is a threat actor that has used contact forms and email to initiate communications with victims...

TeamTNT
TeamTNT is a threat group that has primarily targeted cloud and containerized environments. The group...

The White Company
The White Company is a likely state-sponsored threat actor with advanced capabilities. From 2017 through...

Threat Group-1314
Threat Group-1314 is an unattributed threat group that has used compromised credentials to log into...

Threat Group-3390
Threat Group-3390 is a Chinese threat group that has extensively used strategic Web compromises to target...

Thrip
Thrip is an espionage group that has targeted satellite communications, telecoms, and defense contractor...

ToddyCat
ToddyCat is a sophisticated threat group that has been active since at least 2020 using custom loaders...

Tonto Team
Tonto Team is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted...

Transparent Tribe
Transparent Tribe is a suspected Pakistan-based threat group that has been active since at least 2013,...

Tropic Trooper
Tropic Trooper is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan,...

Turla
Turla is a cyber espionage threat group that has been attributed to Russia's Federal Security Service...

Volatile Cedar
Volatile Cedar is a Lebanese threat group that has targeted individuals, companies, and institutions...

Volt Typhoon
Volt Typhoon is a People's Republic of China (PRC) state-sponsored actor that has been active since...

WIRTE
WIRTE is a threat group that has been active since at least August 2018. WIRTE has targeted government,...

Whitefly
Whitefly is a cyber espionage group that has been operating since at least 2017. The group has targeted...

Windigo
The Windigo group has been operating since at least 2011, compromising thousands of Linux and Unix servers...

Windshift
Windshift is a threat group that has been active since at least 2017, targeting specific individuals...

Winnti Group
Winnti Group is a threat group with Chinese origins that has been active since at least 2010. The group...

Winter Vivern
Winter Vivern is a group linked to Russian and Belorussian interests active since at least 2020 targeting...

Wizard Spider
Wizard Spider is a Russia-based financially motivated threat group originally known for the creation...

ZIRCONIUM
ZIRCONIUM is a threat group operating out of China, active since at least 2017, that has targeted individuals...

admin@338
admin@338 is a China-based cyber threat group. It has previously used newsworthy events as lures to...

menuPass
menuPass is a threat group that has been active since at least 2006. Individual members of menuPass...