Threat Intelligence
Know your adversary
Profiles of documented threat actor groups — who they are, how they operate, and what they've been observed doing.
Strider (ProjectSauron): A Profile of a Sophisticated Cyber Espionage Group
An in-depth profile of Strider (G0041), also known as ProjectSauron, a highly sophisticated, likely nation-state sponsored cyber espionage group.
Storm-1811: Financially Motivated Ransomware Affiliate
Storm-1811 (G1046) is an active, financially motivated threat actor known for sophisticated social engineering, leading to Black Basta ransomware deployment.
Storm-0501: An Evolving Hybrid Cloud Ransomware Threat
Storm-0501, a financially motivated group active since 2021, has evolved from traditional ransomware to sophisticated hybrid and cloud-native attacks.
Stealth Falcon: A Persistent Espionage Threat
Stealth Falcon (G0038) is an active APT group, linked to the UAE government, conducting cyber espionage against targets in the Middle East and Africa.
Star Blizzard: Russia's Persistent Cyber Espionage Engine
Star Blizzard, a highly active Russian state-sponsored cyber espionage group, employs sophisticated spear-phishing and social engineering to target critical…
Sowbug (G0054) Threat Profile: Cyber Espionage in South America & Southeast Asia
Sowbug (G0054) is a sophisticated cyber espionage group targeting government entities in South America and Southeast Asia, active since at least 2015.
Nigerian BEC Syndicate: SilverTerrier (G0083) Threat Profile
A detailed security profile of SilverTerrier (G0083), a Nigerian cybercrime group specializing in sophisticated Business Email Compromise (BEC) scams.
Silent Librarian: Iran's Relentless Academic Espionage Arm
Silent Librarian (G0122) is an Iranian state-sponsored APT group focused on intellectual property theft from academic and research institutions worldwide.
Silence (G0091): A Persistent Financial Threat to Global Banking
Profile of Silence (G0091), a financially motivated threat actor targeting financial institutions worldwide with sophisticated tactics.
Sidewinder (G0121): Agile Cyber-Espionage Targeting Critical Sectors
SideWinder is a sophisticated, India-linked APT group active since 2012, primarily conducting cyber-espionage against South Asian governmental, military, and…
Scarlet Mimic (G0029): Persistent Cyber Espionage Against Activists
Scarlet Mimic is an espionage threat group known for targeting minority rights activists and related government entities, notably using custom malware for…
Salt Typhoon (G1045): Persistent PRC State-Backed Espionage Threat
Salt Typhoon (G1045) is a highly sophisticated, PRC state-backed APT group conducting extensive cyber espionage and pre-positioning in global critical…
SideCopy Threat Actor Profile: Persistent Espionage in South Asia
A detailed security professional's profile of SideCopy (G1008), a Pakistan-linked threat group known for persistent cyber espionage against South Asian…
Sea Turtle (G1041): Persistent State-Aligned Espionage
Profile of Sea Turtle (G1041), a Türkiye-linked APT focused on espionage via DNS hijacking, vulnerability exploitation, and cloud compromise.
Scattered Spider: Masters of Deception and Identity Abuse
Scattered Spider is a financially motivated, native English-speaking cybercriminal group known for sophisticated social engineering, identity-based attacks,…
Rocke (G0106): Evolution of a Persistent Cryptojacking Adversary
Profile of Rocke (G0106), a Chinese-speaking threat actor focused on cryptojacking, its evolving tactics, tools, and persistent operations.
RedCurl: Espionage Evolving, Ransomware Emerging
RedCurl (G1039) is a Russian-speaking threat actor initially focused on corporate espionage, recently evolving to deploy novel QWCrypt ransomware in targeted…
Sandworm Team (G0034) Threat Profile: Russia's Destructive Cyber Arm
A deep dive into Sandworm Team (APT44), a highly destructive Russian GRU-backed cyber threat actor known for targeting critical infrastructure and global…
Saint Bear (G1031): Russian-Nexus Threat Actor Profile
Saint Bear (G1031) is a Russian-nexus threat actor active since early 2021, primarily conducting cyber espionage against Ukraine and Georgia using custom…
RTM (G0048): A Financially Motivated Cybercriminal Evolution
RTM is a long-standing cybercriminal group, initially focused on banking Trojans, that has evolved into a Ransomware-as-a-Service provider, targeting…
RedEcho: China-Linked Threat Actor Targeting Indian Critical Infrastructure
An in-depth profile of RedEcho (G1042), a China-linked threat actor primarily targeting Indian critical infrastructure, particularly the power sector, for…
Rancor: Persistent Espionage in Southeast Asia
Rancor (G0075) is a China-linked cyber espionage group targeting government and political entities in Southeast Asia since 2017, employing evolving custom…
Poseidon Group: The Extortion-as-a-Service Cyber Mercenaries
A profile of the Poseidon Group (G0033), a Brazilian cyber mercenary gang known for its unique data exfiltration and extortion model.
Play Ransomware (G1040) Threat Profile: Evolving Tactics and Global Impact
A detailed security professional's analysis of the Play ransomware group (G1040), its evolving tactics, global targeting, and current active status.
Putter Panda: Persistent Chinese Cyber Espionage
A detailed profile of Putter Panda (G0024), a Chinese state-sponsored threat group linked to the PLA's Unit 61486, focusing on its espionage motivations,…
PROMETHIUM (StrongPity): A Resilient Espionage Threat
Profile of PROMETHIUM (StrongPity), an espionage-focused APT group active since 2012, known for using trojanized software to target diverse regions and sectors.
POLONIUM (G1005): Persistent Cyber Espionage Targeting Israel
POLONIUM is a Lebanon-based, Iran-affiliated cyber espionage group actively targeting critical sectors in Israel with custom backdoors and cloud-based C2.
PLATINUM (G0068) Threat Actor Profile: Stealthy Cyber Espionage in APAC
A deep dive into PLATINUM (G0068), an advanced, state-sponsored cyber espionage group targeting governments and critical infrastructure in South and Southeast…
MuddyWater (G0069) - Iran's Persistent Cyber Espionage Group
A deep dive into MuddyWater (G0069), an Iranian state-sponsored APT group known for persistent cyber espionage and evolving tactics.
PittyTiger: Persistent Espionage from the Far East
A detailed profile of PittyTiger (G0011), a suspected Chinese state-sponsored threat actor focused on cyber espionage.
Patchwork (G0040): A Persistent Indian Cyber Espionage Threat
An in-depth profile of Patchwork (G0040), a pro-Indian cyber espionage group actively targeting government, diplomatic, and defense sectors globally.
Orangeworm: Healthcare's Silent Threat
Orangeworm (G0071) is a sophisticated threat actor primarily targeting the global healthcare sector for corporate espionage.
OilRig (G0049) - Iran's Persistent Cyber Espionage Arm
OilRig, an Iranian state-sponsored APT group (G0049), actively targets Middle Eastern and international entities for cyber espionage, leveraging advanced TTPs.
Nomadic Octopus: Persistent Cyber Espionage in Central Asia
A profile of Nomadic Octopus (G0133), a Russia-linked cyber espionage group targeting Central Asian governments, diplomatic entities, and critical…
NEODYMIUM (G0055): A Cyber Espionage Threat Targeting Turkey
A profile of NEODYMIUM (G0055), a cyber espionage threat actor with suspected Iranian links, known for targeting Turkish individuals and organizations.
Naikon (G0019) Threat Profile: Persistent Chinese Cyber Espionage
Naikon is a state-sponsored Chinese cyber espionage group (G0019) primarily targeting government, military, and civil organizations in Southeast Asia for…
Threat Profile: Mustard Tempest (G1020)
An in-depth profile of Mustard Tempest (G1020), a financially motivated initial access broker known for distributing SocGholish malware.
Mustang Panda (G0129): China-Aligned Cyber Espionage Group Profile
A detailed threat actor profile of Mustang Panda (G0129), a China-aligned cyber espionage group known for its persistent and adaptive operations.
MoustachedBouncer (G1019) Threat Profile: Belarusian Cyberespionage Group
An in-depth profile of MoustachedBouncer, a Belarusian-aligned cyberespionage group targeting foreign embassies through sophisticated ISP-level attacks and…
Moses Staff (G1009) Threat Actor Profile
Moses Staff (G1009), also known as DEV-0500 and Marigold Sandstorm, is an Iranian-backed threat group primarily focused on politically motivated destructive…
Moonstone Sleet (G1036) Threat Actor Profile
Moonstone Sleet is a North Korean-linked threat actor conducting financially motivated and espionage operations, notable for social engineering and custom…
Molerats (G0021): Persistent Cyber Espionage in the Middle East
A profile of Molerats (G0021), a politically-motivated, Hamas-aligned APT group active since 2012, known for cyber espionage in the Middle East and beyond.
Mofang (G0103): Persistent Cyber Espionage Operations
A detailed profile of Mofang (G0103), a likely China-based, government-affiliated cyber espionage group known for its sophisticated TTPs.
Moafee (G0002): Profile of a Chinese Espionage Threat Actor
Moafee (G0002) is a China-linked threat group primarily focused on information theft and espionage against government and military targets.
MirrorFace (G1054) - PRC-Aligned Cyberespionage Group with Evolving TTPs
MirrorFace, also known as Earth Kasha, is a sophisticated PRC-aligned cyberespionage group actively targeting government, critical infrastructure, and…
Metador (G1013): An Elusive Cyber Espionage Group
Metador (G1013) is a sophisticated and highly-aware cyber espionage group targeting telecommunication companies, ISPs, and universities in the Middle East and…
menuPass (G0045): China's Enduring Cyber Espionage Arm
menuPass, also known as APT10, is a highly sophisticated Chinese state-sponsored cyber espionage group primarily focused on intellectual property theft and…
Medusa Group: An Aggressive RaaS with Evolving Extortion Tactics
Medusa Group is an aggressive Ransomware-as-a-Service (RaaS) operation known for double and triple extortion, targeting critical sectors globally with a focus…
Malteiro (G1026) Threat Profile: Mispadu MaaS and Latin American Banking Threats
A profile of Malteiro (G1026), a Brazilian cybercrime group known for distributing the Mispadu banking trojan via a Malware-as-a-Service model.
Magic Hound (G0059) Threat Profile: Iran's Persistent Cyber Espionage
A detailed threat profile for Magic Hound (G0059), an Iranian-sponsored cyber espionage group, outlining their operations, targets, TTPs, and current status.
Machete (G0095): Persistent Cyber Espionage in Latin America and Beyond
Machete (G0095) is a long-standing, Spanish-speaking cyber espionage group targeting government, military, and critical infrastructure, primarily in Latin…
LuminousMoth (G1014): Chinese Cyber Espionage Targeting Southeast Asia
LuminousMoth is a Chinese-speaking cyber espionage group (G1014) active since 2020, targeting government entities in Southeast Asia for intelligence gathering.
Lotus Blossom (G0030): A Persistent Regional Espionage Threat
Lotus Blossom is a China-aligned APT group focused on long-term intelligence collection against government, telecom, and critical infrastructure in Asia.
Leviathan (APT40): China's Persistent Maritime Espionage Group
A profile of Leviathan (APT40), a Chinese state-sponsored cyber espionage group targeting critical sectors for intelligence and IP theft.
Threat Profile: Leafminer (G0077) – Iranian Espionage Group
Leafminer (G0077), also known as Raspite, is an Iranian-nexus threat group primarily focused on intelligence collection against critical sectors in the Middle…
LazyScripter Threat Profile: Targeting Airlines and Global Workforce
LazyScripter (G0140) is a persistent threat group active since 2018, primarily targeting the airline industry and individuals seeking immigration, using…
Lazarus Group: DPRK's Evolving Hybrid Threat
A detailed profile of the Lazarus Group (G0032), North Korea's state-sponsored cyber threat, covering its origin, motivations, tactics, and recent activities.
LAPSUS$ (G1004): High-Tempo Social Engineering and Extortion
LAPSUS$ is a cybercriminal group specializing in social engineering and extortion, often without ransomware, targeting global organizations.
Kimsuky (G0094): North Korea's Relentless Cyber Espionage Arm
A profile of Kimsuky, a North Korean state-sponsored APT group focused on intelligence gathering through sophisticated spear-phishing and evolving malware.
Ke3chang (G0004): A Persistent Cyberespionage Threat
Ke3chang, also known as APT15 and NICKEL, is a sophisticated Chinese state-sponsored threat group focused on long-term cyberespionage against global…
Indrik Spider (Evil Corp): A Persistent Russian Cybercriminal Threat
A profile of Indrik Spider, a Russia-based cybercriminal group known for sophisticated banking trojans and evolving ransomware operations.
IndigoZebra (G0136) Threat Profile: Persistent Cyber Espionage in Central Asia
IndigoZebra (G0136) is a suspected Chinese state-sponsored APT group active since 2014, primarily targeting Central Asian governments for cyber espionage.
INC Ransom (G1032) Threat Actor Profile: Operations, Tactics, and Evolution
INC Ransom (G1032), also known as GOLD IONIC, is a prolific RaaS group active since mid-2023, primarily targeting healthcare, education, and manufacturing…
Higaisa (G0126) Threat Actor Profile
An in-depth profile of Higaisa, a South Korean-suspected APT group targeting government, public, and trade organizations primarily in North Korea and Asia.
HEXANE: Persistent Espionage Targeting Critical Infrastructure
A profile of HEXANE (G1001), an Iranian cyber espionage group targeting oil & gas, telecom, aviation, and ISPs in the Middle East and Africa.
Inception (G0100): A Persistent and Stealthy Cyber Espionage Threat
An in-depth profile of Inception (G0100), a long-running, state-aligned cyber espionage group known for its sophisticated TTPs and global intelligence…
HAFNIUM (G0125): A Profile of China's Elite Cyber Espionage Group
An in-depth analysis of HAFNIUM, a state-sponsored Chinese APT group known for sophisticated cyber espionage and rapid exploitation of zero-day vulnerabilities.
Group5 (G0043): Persistent Iranian-Linked Espionage Targeting Syrian Opposition
Group5 (G0043) is an Iranian-linked threat actor engaged in cyber espionage, primarily targeting individuals associated with the Syrian opposition.
Gorgon Group (G0078): Hybrid Threat Actor Profile
A detailed profile of Gorgon Group (G0078), a Pakistan-linked threat actor known for its dual-pronged approach to cyber espionage and financially motivated…
GOLD SOUTHFIELD: The Rise and Fall of the REvil Ransomware Empire
A deep dive into GOLD SOUTHFIELD (G0115), the Russian-linked cybercriminal group behind the infamous REvil and GandCrab ransomware-as-a-service operations,…
GCMAN: A Profile of Financially Motivated Bank Robbers
GCMAN (G0036) is a financially motivated threat group known for targeting financial institutions globally, employing sophisticated APT techniques and…
Gamaredon Group: Russia's Persistent Espionage Arm in Ukraine and Beyond
Profile of Gamaredon Group (G0047), a Russia-aligned APT linked to the FSB, known for relentless cyber espionage against Ukraine and NATO members.
Gallmaker (G0084): A Profile of Persistent Cyberespionage
A detailed profile of Gallmaker (G0084), a nation-state sponsored cyberespionage group targeting government, military, and defense sectors in the Middle East.
GALLIUM: Persistent Chinese Cyberespionage Targeting Global Critical Infrastructure
GALLIUM (G0093), also known as Granite Typhoon, is a Chinese state-sponsored APT group focused on long-term cyberespionage against global telecommunications,…
Fox Kitten: An Iranian Hybrid Threat Actor
Fox Kitten (G0117) is an Iranian state-sponsored threat actor active since 2017, engaged in espionage and ransomware facilitation.
FIN8: Adapting from POS Breaches to Ransomware Dominance
FIN8, also known as Syssphinx, is a financially motivated cybercrime group that has evolved from targeting POS systems to deploying sophisticated ransomware…
FIN7: From Point-of-Sale Theft to Ransomware Kingpins
A deep dive into FIN7, a financially motivated cybercrime group known for evolving from POS attacks to sophisticated ransomware operations.
FIN6: From POS Skimming to Ransomware and Enterprise Infiltration
A detailed profile of FIN6 (G0037), a financially motivated cybercrime group known for evolving from PoS compromises to ransomware and sophisticated social…
FIN5 Threat Actor Profile: Persistent Point-of-Sale Scraper
A profile of FIN5 (G0053), a financially motivated threat group known for targeting hospitality, gaming, and restaurant sectors for payment card data.
FIN4: The Insider Threat to Market Confidentiality
FIN4 is a financially-motivated threat group focused on stealing market-moving confidential information, primarily through credential theft and email…
FIN13 (Elephant Beetle): Mexico-Focused Financial Threat Group
FIN13, also known as Elephant Beetle, is a patient, financially motivated threat actor primarily targeting Mexico and Latin America's financial, retail, and…
FIN10: The North American Extortionist Cybercrime Group
Profile of FIN10 (G0051), a financially motivated threat group that operated in North America, primarily Canada, known for data exfiltration and extortion of…
EXOTIC LILY: Premier Initial Access Broker Fueling Ransomware Operations
EXOTIC LILY (G1011) is a financially motivated initial access broker known for sophisticated spear phishing campaigns and ties to Russian cybercrime.
Evilnum (G0120): Persistent Financial Threat and Evolving Espionage Actor
Evilnum (G0120) is a financially motivated threat group active since 2018, primarily targeting financial technology companies and other entities for extensive…
Equation: Apex Predator of Cyber Espionage
A profile of the Equation Group, a highly sophisticated threat actor widely attributed to the NSA, known for zero-days, firmware exploits, and deep cyber…
Ember Bear (G1003): Russian Cyber Espionage and Destructive Operations
Profile of Ember Bear (G1003), a Russian state-sponsored cyber espionage group linked to GRU Unit 29155, detailing their origins, motivations, targets, TTPs,…
Ferocious Kitten: Persistent Iranian Cyberespionage
A profile of Ferocious Kitten (G0137), an Iranian cyberespionage group targeting Persian-speaking individuals, active since at least 2015.
Threat Actor Profile: Elderwood (G0066)
An in-depth profile of Elderwood (G0066), a sophisticated suspected Chinese cyber espionage group known for zero-day exploits and supply chain attacks.
Earth Lusca (G1006): Persistent and Evolving Threat Profile
A detailed profile of Earth Lusca, a China-linked APT group known for cyberespionage and financially motivated attacks across diverse global targets.
DragonOK: China-Linked APT Group Targeting Asian & European Organizations
DragonOK (G0017) is a China-linked APT group known for corporate espionage against high-tech and manufacturing firms, primarily in Japan.
Threat Actor Profile: Dragonfly (G0035) – Russia’s Critical Infrastructure Espionage Group
An in-depth profile of Dragonfly (G0035), a Russian state-sponsored cyber espionage group targeting global critical infrastructure.
Deep Panda (G0009) Threat Actor Profile: A Persistent Chinese Espionage Group
A profile of Deep Panda (G0009), a sophisticated China-aligned threat group known for cyber espionage and credential theft.
DarkVishnya (G0105) Threat Actor Profile
DarkVishnya is a financially motivated threat actor known for physically breaching Eastern European financial institutions using stealthy hardware.
DarkHydrus: Persistent Middle Eastern Espionage Group
DarkHydrus (G0079) is a state-sponsored threat group primarily targeting government and educational institutions in the Middle East for cyber espionage.
Darkhotel: An Enduring Cyber Espionage Threat
Darkhotel is a sophisticated, suspected South Korean cyber espionage group known for evolving from hotel Wi-Fi attacks to advanced cloud-based operations.
Dark Caracal (G0070) Threat Profile: Mobile-Focused Espionage
Dark Caracal is a state-aligned threat group (G0070) attributed to Lebanese security services, focusing on global mobile and desktop surveillance for espionage.
Daggerfly (G1034): An Adaptive PRC-Linked Espionage Group
This profile details Daggerfly (G1034), a sophisticated China-linked APT group engaged in long-term cyber espionage against diverse targets across Asia and…
CURIUM: Patient Iranian Espionage Group
An Iranian state-sponsored threat actor, CURIUM (G1012), known for its patient social engineering and espionage against Middle Eastern IT service providers.
CopyKittens: Persistent Iranian Cyber Espionage Group
A profile of CopyKittens (G0052), an Iranian state-sponsored cyber espionage group targeting governments, defense, and IT sectors.
Threat Profile: Contagious Interview (G1052)
Contagious Interview (G1052) is a North Korea-aligned threat group focused on cyberespionage and financially motivated operations targeting developers and…
Confucius APT: Persistent Espionage in South Asia
Confucius APT is an India-linked cyber espionage group active since 2013, primarily targeting military, government, and high-profile individuals in South Asia…
Cobalt Group: A Relentless Financial Cybercrime Syndicate
A profile of the Cobalt Group (G0080), a highly sophisticated and persistent threat actor targeting financial institutions globally for illicit financial gain.
Cleaver (G0003): Iranian APT Targeting Critical Infrastructure
Cleaver (G0003) is an Iranian state-sponsored threat group notorious for espionage and sabotage against global critical infrastructure.
Cinnamon Tempest: The Espionage Group Cloaked in Ransomware
Cinnamon Tempest (G1021), a China-based threat group, uses ransomware as a smokescreen for cyberespionage and intellectual property theft.
Chimera (G0114): Enduring Espionage in High-Tech and Aviation
Chimera (G0114) is a suspected China-based APT group active since 2018, known for persistent cyber espionage targeting semiconductor intellectual property and…
Carbanak Threat Profile: Financial Apex Predators
A deep dive into Carbanak (G0008), a financially motivated cybercrime group known for sophisticated attacks against global financial institutions.
BRONZE BUTLER (G0060) Threat Profile: Persistent Chinese Cyber Espionage
A detailed profile of BRONZE BUTLER (G0060), a Chinese state-sponsored cyber espionage group primarily targeting Japanese organizations for intellectual…
Blue Mockingbird (G0108): Persistent Cryptomining Threat
Blue Mockingbird (G0108) is a financially motivated threat actor group focused on deploying Monero cryptocurrency miners on Windows systems.
BlackTech (G0098) Threat Profile: Chinese Cyber Espionage Group
An in-depth profile of BlackTech (G0098), a sophisticated Chinese state-sponsored cyber espionage group targeting government, military, and critical…
BlackOasis (G0063): A Persistent Cyber-Espionage Threat
BlackOasis (G0063) is a sophisticated Middle Eastern threat group known for cyber-espionage against high-profile targets using zero-day exploits and FinSpy…
BlackByte Ransomware: A Persistent Double Extortion Threat
Profile of BlackByte (G1043), a ransomware-as-a-service (RaaS) group active since 2021, known for double extortion and targeting critical infrastructure…
BITTER (G1002): An Enduring South Asian Cyber Espionage Threat
A detailed profile of BITTER (G1002), a persistent South Asian cyber espionage group, outlining their origins, motivations, targets, TTPs, and current…
BackdoorDiplomacy (G0135) Threat Profile: Persistent Chinese Cyber Espionage
A detailed threat profile of BackdoorDiplomacy, a China-linked APT group known for cyber espionage against diplomatic and telecommunication targets.
Axiom (G0001): Profile of a Sophisticated Chinese Cyber Espionage Group
A detailed profile of Axiom (G0001), a sophisticated, state-sponsored Chinese cyber espionage group targeting high-value intellectual property and sensitive…
Aquatic Panda (G0143) Threat Profile: Persistent Cyber Espionage Operations
Aquatic Panda (G0143) is a China-linked APT conducting intelligence collection and industrial espionage, targeting diverse global sectors with advanced…
APT5 (Mulberry Typhoon): Profile of a Sophisticated China-Based Espionage Actor
APT5, also known as Mulberry Typhoon, is a China-based state-sponsored cyber espionage group targeting telecommunications, aerospace, and defense sectors…
APT42: Iran's Premier Human-Targeting Cyber Espionage Unit
Iranian state-sponsored APT42 conducts cyber espionage and surveillance, primarily using sophisticated social engineering and credential harvesting to target…
APT41: China's Dual-Threat Cyber Powerhouse
APT41 is a prolific Chinese state-sponsored threat group notorious for blending sophisticated cyber espionage with financially motivated operations globally.
APT39: Iran's Relentless Surveillance Threat
APT39, also known as Chafer and Remix Kitten, is an Iranian state-sponsored cyber espionage group focused on collecting personal information for surveillance.
APT38: North Korea's Relentless Financial Cyber Offensive
Profile of APT38, a North Korean state-sponsored threat group specializing in global financial cyber operations, destructive attacks, and cryptocurrency theft.
APT37 (ScarCruft): North Korea's Evolving Cyber Espionage Group
APT37, a North Korean state-sponsored cyber espionage group, targets South Korea and global entities with sophisticated tactics and diverse custom malware.
APT33: Iran's Evolving Cyber Espionage and Destructive Capabilities
A detailed profile of APT33 (G0064), an Iranian state-sponsored threat group known for cyber espionage against critical infrastructure and a recent shift to…
APT32 (OceanLotus): A Persistent Threat to Southeast Asian Interests
APT32, also known as OceanLotus, is a sophisticated, Vietnam-aligned cyber espionage group targeting governments, dissidents, and industries in Southeast Asia…
APT30: Persistent Chinese Cyber Espionage in Southeast Asia and Beyond
A deep dive into APT30 (G0013), a Chinese state-sponsored cyber espionage group known for its decade-long operations targeting strategic intelligence.
APT3 Profile: A Legacy of Chinese Cyber Espionage
A deep dive into APT3 (G0022), a China-nexus cyber espionage group, detailing its origins, motivations, targets, TTPs, and evolution.
APT29 (Midnight Blizzard / Cozy Bear): Russian SVR's Elite Cyber Espionage Unit
APT29, also known as Midnight Blizzard and Cozy Bear, is a highly sophisticated, state-sponsored Russian threat actor (SVR) focused on long-term cyber…
APT28: Russia's Enduring Cyber Espionage Arm
A detailed profile of APT28 (Fancy Bear, Forest Blizzard), a Russian state-sponsored threat actor, detailing their origins, motivations, tactics, malware, and…
APT19: Persistent Chinese Cyber Espionage and Credential Theft
A detailed profile of APT19 (G0073), a China-aligned threat group known for cyber espionage, credential harvesting, and targeting diverse sectors globally.
APT18 Threat Profile: Chinese Cyber Espionage Group
APT18 (G0026), also known as Dynamite Panda, is a Chinese state-sponsored cyber espionage group targeting diverse sectors for intellectual property theft and…
APT17 (Deputy Dog): A Persistent Chinese Cyber Espionage Threat
Profile of APT17 (Deputy Dog), a China-based state-sponsored threat group known for cyber espionage, targeting various sectors.
APT16: A Persistent Chinese Cyber Espionage Threat
APT16 is a China-based threat group known for cyber espionage, primarily targeting organizations in Japan and Taiwan using spearphishing.
APT12 (Numbered Panda) Profile: Persistent Chinese Cyber Espionage
A deep dive into APT12, a sophisticated Chinese state-sponsored cyber espionage group known for its adaptive tactics and targeting of East Asian governments,…
APT1 Threat Profile: China's Pioneering Cyber Espionage Unit
APT1, also known as Comment Crew (G0006), is a state-sponsored Chinese cyber espionage group attributed to PLA Unit 61398, infamous for vast intellectual…
APT-C-36 (Blind Eagle): A Persistent Threat to Latin America
Profile of APT-C-36 (Blind Eagle), a South American threat group engaging in espionage and financial operations since 2018.
APT-C-23 (Arid Viper): Persistent Cyber Espionage in the Middle East
APT-C-23, also known as Arid Viper, is a sophisticated, likely state-sponsored group primarily targeting the Middle East with advanced mobile and Windows…
North Korea-linked AppleJeus: A Profile of G1049, a State-Sponsored Cybercrime Group
AppleJeus (G1049) is a North Korean state-sponsored threat group primarily focused on financial gain through sophisticated cryptocurrency theft and supply…
Aoqin Dragon: Persistent Cyber Espionage Targeting APAC
A profile of Aoqin Dragon (G1007), a suspected Chinese cyber espionage group actively targeting government, education, and telecom entities since 2013.
Andariel (G0138): North Korea's Dual-Threat Cyber Espionage and Ransomware Group
A profile of Andariel (G0138), a North Korean state-sponsored threat group known for cyber espionage, destructive attacks, and financially motivated…
Akira Ransomware: A Persistent and Evolving Global Threat
Akira is a financially motivated ransomware-as-a-service (RaaS) group employing double extortion tactics against diverse sectors worldwide.
Ajax Security Team (G0130): An Iranian Cyber Espionage Group
An in-depth profile of the Iranian-nexus threat actor known as Ajax Security Team (G0130) or Rocket Kitten, detailing their origins, motivations, targets,…
Agrius (G1030): Iran's Destructive Cyber Arm Targeting Israel
Agrius (G1030), an Iranian state-sponsored APT, specializes in destructive wiper and pseudo-ransomware attacks, primarily targeting Israeli sectors since 2020.
Threat Actor Profile: admin@338 (G0018)
In-depth profile of admin@338, a China-based threat group known for cyber espionage against financial, economic, and media organizations.