List of groups


APT-C-36
APT-C-36 is a suspected South America espionage group that has been active since at least 2018. The...

More

APT1
APT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation...

More

APT12
APT12 is a threat group that has been attributed to China. The group has targeted a variety of victims...

More

APT16
APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and...

More

APT17
APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities,...

More

APT18
APT18 is a threat group that has operated since at least 2009 and has targeted a range of industries,...

More

APT19
APT19 is a Chinese-based threat group that has targeted a variety of industries, including defense,...

More

APT28
APT28 is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate...

More

APT29
APT29 is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR). They...

More

APT3
APT3 is a China-based threat group that researchers have attributed to China's Ministry of State Security....

More

APT30
APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares...

More

APT32
APT32 is a suspected Vietnam-based threat group that has been active since at least 2014. The group...

More

APT33
APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group...

More

APT37
APT37 is a North Korean state-sponsored cyber espionage group that has been active since at least 2012....

More

APT38
APT38 is a North Korean state-sponsored threat group that specializes in financial cyber operations;...

More

APT39
APT39 is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence...

More

APT41
APT41 is a threat group that researchers have assessed as Chinese state-sponsored espionage group that...

More

APT5
APT5 is a China-based espionage actor that has been active since at least 2007 primarily targeting the...

More

Ajax Security Team
Ajax Security Team is a group that has been active since at least 2010 and believed to be operating...

More

Akira
Akira is a ransomware variant and ransomware deployment entity active since at least March 2023. Akira...

More

Andariel
Andariel is a North Korean state-sponsored threat group that has been active since at least 2009. Andariel...

More

Aoqin Dragon
Aoqin Dragon is a suspected Chinese cyber espionage threat group that has been active since at least...

More

Aquatic Panda
Aquatic Panda is a suspected China-based threat group with a dual mission of intelligence collection...

More

Axiom
Axiom is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government,...

More

BITTER
BITTER is a suspected South Asian cyber espionage threat group that has been active since at least 2013....

More

BRONZE BUTLER
BRONZE BUTLER is a cyber espionage group with likely Chinese origins that has been active since at least...

More

BackdoorDiplomacy
BackdoorDiplomacy is a cyber espionage threat group that has been active since at least 2017. BackdoorDiplomacy...

More

BlackOasis
BlackOasis is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group...

More

BlackTech
BlackTech is a suspected Chinese cyber espionage group that has primarily targeted organizations in...

More

Blue Mockingbird
Blue Mockingbird is a cluster of observed activity involving Monero cryptocurrency-mining payloads in...

More

CURIUM
CURIUM is an Iranian threat group first reported in November 2021 that has invested in building a relationship...

More

Carbanak
Carbanak is a cybercriminal group that has used Carbanak malware to target financial institutions since...

More

Chimera
Chimera is a suspected China-based threat group that has been active since at least 2018 targeting the...

More

Cinnamon Tempest
Cinnamon Tempest is a China-based threat group that has been active since at least 2021 deploying multiple...

More

Cleaver
Cleaver is a threat group that has been attributed to Iranian actors and is responsible for activity...

More

Cobalt Group
Cobalt Group is a financially motivated threat group that has primarily targeted financial institutions...

More

Confucius
Confucius is a cyber espionage group that has primarily targeted military personnel, high-profile personalities,...

More

CopyKittens
CopyKittens is an Iranian cyber espionage group that has been operating since at least 2013. It has...

More

Dark Caracal
Dark Caracal is threat group that has been attributed to the Lebanese General Directorate of General...

More

DarkHydrus
DarkHydrus is a threat group that has targeted government agencies and educational institutions in the...

More

DarkVishnya
DarkVishnya is a financially motivated threat actor targeting financial institutions in Eastern Europe....

More

Darkhotel
Darkhotel is a suspected South Korean threat group that has targeted victims primarily in East Asia...

More

Deep Panda
Deep Panda is a suspected Chinese threat group known to target many industries, including government,...

More

Dragonfly
Dragonfly is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB)...

More

EXOTIC LILY
EXOTIC LILY is a financially motivated group that has been closely linked with Wizard Spider and the...

More

Earth Lusca
Earth Lusca is a suspected China-based cyber espionage group that has been active since at least April...

More

Elderwood
Elderwood is a suspected Chinese cyber espionage group that was reportedly responsible for the 2009...

More

Ember Bear
Ember Bear is a suspected Russian state-sponsored cyber espionage group that has been active since at...

More

Equation
Equation is a sophisticated threat group that employs multiple remote access tools. The group is known...

More

Evilnum
Evilnum is a financially motivated threat group that has been active since at least 2018.

More

FIN10
FIN10 is a financially motivated threat group that has targeted organizations in North America since...

More

FIN13
FIN13 is a financially motivated cyber threat group that has targeted the financial, retail, and hospitality...

More

FIN4
FIN4 is a financially-motivated threat group that has targeted confidential information related to the...

More

FIN5
FIN5 is a financially motivated threat group that has targeted personally identifiable information and...

More

FIN6
FIN6 is a cyber crime group that has stolen payment card data and sold it for profit on underground...

More

FIN7
FIN7 is a financially-motivated threat group that has been active since 2013. FIN7 has primarily targeted...

More

FIN8
FIN8 is a financially motivated threat group that has been active since at least January 2016, and known...

More

Ferocious Kitten
Ferocious Kitten is a threat group that has primarily targeted Persian-speaking individuals in Iran...

More

Fox Kitten
Fox Kitten is threat actor with a suspected nexus to the Iranian government that has been active since...

More

GALLIUM
GALLIUM is a cyberespionage group that has been active since at least 2012, primarily targeting telecommunications...

More

GCMAN
GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency...

More

GOLD SOUTHFIELD
GOLD SOUTHFIELD is a financially motivated threat group active since at least 2018 that operates the...

More

Gallmaker
Gallmaker is a cyberespionage group that has targeted victims in the Middle East and has been active...

More

Gamaredon Group
Gamaredon Group is a suspected Russian cyber espionage threat group that has targeted military, NGO,...

More

Gorgon Group
Gorgon Group is a threat group consisting of members who are suspected to be Pakistan-based or have...

More

Group5
Group5 is a threat group with a suspected Iranian nexus, though this attribution is not definite. The...

More

HAFNIUM
HAFNIUM is a likely state-sponsored cyber espionage group operating out of China that has been active...

More

HEXANE
HEXANE is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation,...

More

Higaisa
Higaisa is a threat group suspected to have South Korean origins. Higaisa has targeted government, public,...

More

Inception
Inception is a cyber espionage group active since at least 2014. The group has targeted multiple industries...

More

IndigoZebra
IndigoZebra is a suspected Chinese cyber espionage group that has been targeting Central Asian governments...

More

Indrik Spider
Indrik Spider is a Russia-based cybercriminal group that has been active since at least 2014. Indrik...

More

Ke3chang
Ke3chang is a threat group attributed to actors operating out of China. Ke3chang has targeted oil, government,...

More

Kimsuky
Kimsuky is a North Korea-based cyber espionage group that has been active since at least 2012. The group...

More

LAPSUS$
LAPSUS$ is cyber criminal threat group that has been active since at least mid-2021. LAPSUS$ specializes...

More

Lazarus Group
Lazarus Group is a North Korean state-sponsored cyber threat group that has been attributed to the Reconnaissance...

More

LazyScripter
LazyScripter is threat group that has mainly targeted the airlines industry since at least 2018, primarily...

More

Leafminer
Leafminer is an Iranian threat group that has targeted government organizations and business entities...

More

Leviathan
Leviathan is a Chinese state-sponsored cyber espionage group that has been attributed to the Ministry...

More

LuminousMoth
LuminousMoth is a Chinese-speaking cyber espionage group that has been active since at least October...

More

Machete
Machete is a suspected Spanish-speaking cyber espionage group that has been active since at least 2010....

More

Magic Hound
Magic Hound is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage...

More

Malteiro
Malteiro is a financially motivated criminal group that is likely based in Brazil and has been active...

More

Metador
Metador is a suspected cyber espionage group that was first reported in September 2022. Metador has...

More

Moafee
Moafee is a threat group that appears to operate from the Guandong Province of China. Due to overlapping...

More

Mofang
Mofang is a likely China-based cyber espionage group, named for its frequent practice of imitating a...

More

Molerats
Molerats is an Arabic-speaking, politically-motivated threat group that has been operating since 2012....

More

Moses Staff
Moses Staff is a suspected Iranian threat group that has primarily targeted Israeli companies since...

More

MoustachedBouncer
MoustachedBouncer is a cyberespionage group that has been active since at least 2014 targeting foreign...

More

MuddyWater
MuddyWater is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of...

More

Mustang Panda
Mustang Panda is a China-based cyber espionage threat actor that was first observed in 2017 but may...

More

Mustard Tempest
Mustard Tempest is an initial access broker that has operated the SocGholish distribution network since...

More

Naikon
Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s...

More

Nomadic Octopus
Nomadic Octopus is a Russian-speaking cyber espionage threat group that has primarily targeted Central...

More

OilRig
OilRig is a suspected Iranian threat group that has targeted Middle Eastern and international victims...

More

Orangeworm
Orangeworm is a group that has targeted organizations in the healthcare sector in the United States,...

More

PLATINUM
PLATINUM is an activity group that has targeted victims since at least 2009. The group has focused on...

More

POLONIUM
POLONIUM is a Lebanon-based group that has primarily targeted Israeli organizations, including critical...

More

PROMETHIUM
PROMETHIUM is an activity group focused on espionage that has been active since at least 2012. The group...

More

Patchwork
Patchwork is a cyber espionage group that was first observed in December 2015. While the group has not...

More

PittyTiger
PittyTiger is a threat group believed to operate out of China that uses multiple different types of...

More

Poseidon Group
Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group...

More

Putter Panda
Putter Panda is a Chinese threat group that has been attributed to Unit 61486 of the 12th Bureau of...

More

RTM
RTM is a cybercriminal group that has been active since at least 2015 and is primarily interested in...

More

Rancor
Rancor is a threat group that has led targeted campaigns against the South East Asia region. Rancor...

More

Rocke
Rocke is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking,...

More

Sandworm Team
Sandworm Team is a destructive threat group that has been attributed to Russia's General Staff Main...

More

Scarlet Mimic
Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been...

More

Scattered Spider
Scattered Spider is a native English-speaking cybercriminal group that has been active since at least...

More

SideCopy
SideCopy is a Pakistani threat group that has primarily targeted South Asian countries, including Indian...

More

Sidewinder
Sidewinder is a suspected Indian threat actor group that has been active since at least 2012. They have...

More

Silence
Silence is a financially motivated threat actor targeting financial institutions in different countries....

More

Silent Librarian
Silent Librarian is a group that has targeted research and proprietary data at universities, government...

More

SilverTerrier
SilverTerrier is a Nigerian threat group that has been seen active since 2014. SilverTerrier mainly...

More

Sowbug
Sowbug is a threat group that has conducted targeted attacks against organizations in South America...

More

Stealth Falcon
Stealth Falcon is a threat group that has conducted targeted spyware attacks against Emirati journalists,...

More

Strider
Strider is a threat group that has been active since at least 2011 and has targeted victims in Russia,...

More

Suckfly
Suckfly is a China-based threat group that has been active since at least 2014.

More

TA2541
TA2541 is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing,...

More

TA459
TA459 is a threat group believed to operate out of China that has targeted countries including Russia,...

More

TA505
TA505 is a cyber criminal group that has been active since at least 2014. TA505 is known for frequently...

More

TA551
TA551 is a financially-motivated threat group that has been active since at least 2018. The group has...

More

TeamTNT
TeamTNT is a threat group that has primarily targeted cloud and containerized environments. The group...

More

The White Company
The White Company is a likely state-sponsored threat actor with advanced capabilities. From 2017 through...

More

Threat Group-1314
Threat Group-1314 is an unattributed threat group that has used compromised credentials to log into...

More

Threat Group-3390
Threat Group-3390 is a Chinese threat group that has extensively used strategic Web compromises to target...

More

Thrip
Thrip is an espionage group that has targeted satellite communications, telecoms, and defense contractor...

More

ToddyCat
ToddyCat is a sophisticated threat group that has been active since at least 2020 using custom loaders...

More

Tonto Team
Tonto Team is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted...

More

Transparent Tribe
Transparent Tribe is a suspected Pakistan-based threat group that has been active since at least 2013,...

More

Tropic Trooper
Tropic Trooper is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan,...

More

Turla
Turla is a cyber espionage threat group that has been attributed to Russia's Federal Security Service...

More

Volatile Cedar
Volatile Cedar is a Lebanese threat group that has targeted individuals, companies, and institutions...

More

Volt Typhoon
Volt Typhoon is a People's Republic of China (PRC) state-sponsored actor that has been active since...

More

WIRTE
WIRTE is a threat group that has been active since at least August 2018. WIRTE has targeted government,...

More

Whitefly
Whitefly is a cyber espionage group that has been operating since at least 2017. The group has targeted...

More

Windigo
The Windigo group has been operating since at least 2011, compromising thousands of Linux and Unix servers...

More

Windshift
Windshift is a threat group that has been active since at least 2017, targeting specific individuals...

More

Winnti Group
Winnti Group is a threat group with Chinese origins that has been active since at least 2010. The group...

More

Wizard Spider
Wizard Spider is a Russia-based financially motivated threat group originally known for the creation...

More

ZIRCONIUM
ZIRCONIUM is a threat group operating out of China, active since at least 2017, that has targeted individuals...

More

admin@338
admin@338 is a China-based cyber threat group. It has previously used newsworthy events as lures to...

More

menuPass
menuPass is a threat group that has been active since at least 2006. Individual members of menuPass...

More