Threat Actor Intelligence

Track and profile known threat actors, their campaigns, and associated indicators

186
Threat Actors
+12
Last 24 hours
2,847
Events
+156
Last 24 hours
4,291
IoCs
+312
Last 24 hours
Events
137
Events
Trending up by 5.2% this month
Top Suspected Victims
USA
92%
Germany
68%
China
54%
France
42%
Other
28%
Trending up by 5.2% this month
TA
TA505
Rank: 1
Events
8
IoCs
89
Known aliases and alternative names used by this threat actor across different threat intelligence platforms and security vendor reports.
Synonyms
SectorJ04 SectorJ04 Group GRACFUL SPIDER Dudear +12
Suspected Victims
🇦🇺 Australia 🇨🇦 Canada 🇨🇿 Czech Republic 🇩🇪 Germany 🇺🇸 United States +34
MW
Muddy Water
Rank: 2
Events
6
IoCs
41
Associated aliases attributed to this actor by various threat intelligence vendors and government advisories.
Synonyms
TEMP.Zagros Statick Kitten Seedworm MERCURY +12
Suspected Victims
🇦🇺 Australia 🇨🇦 Canada 🇨🇿 Czech Republic 🇩🇪 Germany 🇺🇸 United States +34
CA
Callisto
Rank: 3
Events
3
IoCs
81
Multiple names used across platforms — this actor is tracked under several overlapping designations.
Synonyms
COLD RIVER SEABORGIUM TA446 IRON FRONTIER +12
Suspected Victims
🇦🇺 Australia 🇨🇦 Canada 🇨🇿 Czech Republic 🇩🇪 Germany 🇺🇸 United States +34
LG
Lazarus Group
Rank: 4
Events
24
IoCs
312
North Korean state-sponsored group tracked under multiple names by security vendors globally.
Synonyms
APT38 ZINC OFFICE MONKEY BYZANTINE HADES +18
Suspected Victims
🇰🇷 South Korea 🇯🇵 Japan 🇺🇸 United States +28
SW
Sandworm
Rank: 5
Events
18
IoCs
196
Russian military intelligence-linked group responsible for destructive cyber operations and wiper attacks.
Synonyms
Voodoo Bear IRIDIUM SEDESTROYER +8
Suspected Victims
🇺🇦 Ukraine 🇬🇪 Georgia 🇫🇷 France +14
29
APT29
Rank: 6
Events
14
IoCs
178
Russian foreign intelligence-linked group known for sophisticated supply chain and credential harvesting attacks.
Synonyms
Cozy Bear The Dukes NOBELIUM Dark Halo +15
Suspected Victims
🇺🇸 United States 🇩🇪 Germany 🇬🇧 United Kingdom +22
41
APT41
Rank: 7
Events
21
IoCs
267
Dual-motivated group conducting both state-sponsored espionage and financially motivated cybercrime operations.
Synonyms
Winnti Double Dragon Jolly Roger +9
Suspected Victims
🇮🇳 India 🇯🇵 Japan 🇧🇷 Brazil +19
TU
Turla
Rank: 8
Events
11
IoCs
143
Highly sophisticated espionage group leveraging custom malware frameworks and satellite-based C2 channels.
Synonyms
Snake Waterbug Venomous Bear Krypton Monkey +11
Suspected Victims
🇩🇪 Germany 🇬🇧 United Kingdom 🇺🇸 United States +17
OL
OceanLotus
Rank: 9
Events
9
IoCs
102
Vietnamese-linked APT group targeting government and media organizations across Southeast Asia.
Synonyms
APT32 Cobalt Kitty SeaLotus +5
Suspected Victims
🇹🇼 Taiwan 🇵🇭 Philippines 🇮🇩 Indonesia +6
CB
Carbanak
Rank: 10
Events
16
IoCs
204
Financially motivated cybercrime group primarily targeting banking institutions and payment systems worldwide.
Synonyms
FIN7 Cobalt Group Anunak +7
Suspected Victims
🇺🇸 United States 🇪🇸 Spain 🇮🇹 Italy +31
DS
DarkSide
Rank: 11
Events
13
IoCs
156
Ransomware-as-a-service operation responsible for critical infrastructure attacks including Colonial Pipeline.
Synonyms
PHOBOS Carbon Spider +3
Suspected Victims
🇺🇸 United States 🇫🇷 France +8
F7
FIN7
Rank: 12
Events
7
IoCs
89
Cybercrime syndicate specializing in point-of-sale malware and targeted ransomware campaigns against retailers.
Synonyms
Navigator Group ITG14 +2
Suspected Victims
🇺🇸 United States 🇬🇧 United Kingdom +12
VT
Volt Typhoon
Rank: 13
Events
15
IoCs
187
Chinese state-sponsored group conducting living-off-the-land attacks against US critical infrastructure.
Synonyms
Insidious Taurus Bronze Butler BRONZE BUTLER +4
Suspected Victims
🇺🇸 United States 🇬🇺 Guam +5
SS
Scattered Spider
Rank: 14
Events
19
IoCs
231
Young English-speaking hackers using social engineering and SIM swapping to breach major corporations.
Synonyms
0ktapus Octo Tempest +3
Suspected Victims
🇺🇸 United States 🇬🇧 United Kingdom +9
WS
Wizard Spider
Rank: 15
Events
10
IoCs
118
Russia-based cybercrime group operating Conti and TrickBot ransomware against healthcare and government targets.
Synonyms
UNC1878 TRICKBOT TEMP.MixMaster +5
Suspected Victims
🇺🇸 United States 🇮🇪 Ireland +14
33
APT33
Rank: 16
Events
8
IoCs
95
Iranian-linked group targeting aviation and energy sectors with wiper malware and credential theft.
Synonyms
Elfin Rockets Kitten APT33 +3
Suspected Victims
🇸🇦 Saudi Arabia 🇺🇸 United States +4
CK
Charming Kitten
Rank: 17
Events
12
IoCs
134
Iranian APT group conducting credential harvesting and surveillance operations against dissidents and journalists.
Synonyms
APT35 Phosphorus Newscaster +4
Suspected Victims
🇺🇸 United States 🇬🇧 United Kingdom +11
PS
Pawn Storm
Rank: 18
Events
22
IoCs
278
Russian-linked group known for large-scale credential harvesting and espionage campaigns against government agencies.
Synonyms
Fancy Bear APT28 Sofacy +6
Suspected Victims
🇩🇪 Germany 🇫🇷 France 🇺🇸 United States +26