| ID | Votes | Profile Description |
|---|---|---|
| Pistachio Tempest | 3 | Pistachio Tempest, also known as FIN12, is a threat actor that has been identified as a significant cybersecurity risk, particularly to the healthcare industry. According to a report by the U.S. Department of Health and Human Services (HHS) in 2022, this group has specifically targeted healthcare en |
| Wizard Spider | 2 | Wizard Spider, also known as ITG23, DEV-0193, Trickbot Group, Fin12, and Grimspider, is a significant threat actor in the cybercrime landscape. This group has been continually analyzed by IBM Security X-Force researchers for its use of several crypters and is credited with creating the notorious, ev |
| EXOTIC LILY | 2 | Exotic Lily, an initial access broker (IAB), has been active since at least September 2021. The entity conducts highly sophisticated phishing campaigns to gain initial access to organizations and then sells this access to other threat actors, including ransomware groups. A notable example of their m |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Conti | Unspecified | 2 | Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in |
| Systembc | Unspecified | 2 | SystemBC is a malicious software (malware) that has been used in various cyber attacks to exploit and damage computer systems. This malware was observed in 2023, being heavily used with BlackBasta and Quicksand. It has been deployed by teams using BlackBasta during their attacks. Play ransomware act |
| Bazarloader | Unspecified | 1 | BazarLoader is a form of malware that has been utilized extensively by ITG23, a cybercriminal group. This harmful software infiltrates systems via suspicious downloads, emails, or websites, potentially stealing personal information, disrupting operations, or holding data for ransom. ITG23 has used B |
| KONNI | Unspecified | 1 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| Hive | Unspecified | 1 | Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef |
| Diceloader | Unspecified | 1 | Diceloader is a type of malware, short for malicious software, that is designed to infiltrate and damage computer systems. It can infect systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal in |
| Ryuk | Unspecified | 1 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| BITTER | Unspecified | 1 | Bitter, also known as T-APT-17, is a suspected South Asian threat actor that has been involved in various cyber campaigns. The group has been active since at least August 2021, with its operations primarily targeting government personnel in Bangladesh through spear-phishing emails. The similarities |
| Bluenoroff | Unspecified | 1 | BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software, |
| TA505 | Unspecified | 1 | TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec |
| APT33 | Unspecified | 1 | APT33, an Iran-linked threat actor, has been identified as a significant cyber threat to the Defense Industrial Base sector. The group is known for its sophisticated and malicious activities, which primarily involve executing actions with harmful intent. APT33, like other threat actors, could be a s |
| OceanLotus | Unspecified | 1 | OceanLotus, also known as APT32, is a threat actor suspected to be linked with Vietnam. It primarily targets foreign companies involved in manufacturing, consumer products, consulting, and hospitality sectors that are investing or planning to invest in Vietnam. The group's recent activities indicate |
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| APT10 | Unspecified | 1 | APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted |
| APT34 | Unspecified | 1 | APT34, also known as OilRig, EUROPIUM, Hazel Sandstorm, and Crambus among other names, is a threat actor believed to be operating on behalf of the Iranian government. Operational since at least 2014, APT34 has been involved in long-term cyber espionage operations primarily focused on reconnaissance |
| Kimsuky | Unspecified | 1 | Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi |
| Lazarus Group | Unspecified | 1 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| APT36 | Unspecified | 1 | APT36, also known as Transparent Tribe and Earth Karkaddan, is a notorious threat actor believed to be based in Pakistan. The group has been involved in cyberespionage activities primarily targeting India, with a focus on government, military, defense, aerospace, and education sectors. Their campaig |
| Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| Evil Corp | Unspecified | 1 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| Sidewinder | Unspecified | 1 | The Sidewinder threat actor group, also known as Rattlesnake, BabyElephant, APT Q4, APT Q39, Hardcore Nationalist, HN2, RAZOR Tiger, and GroupA21, is a significant cybersecurity concern with a history of malicious activities dating back to 2012. This report investigates a recent campaign by Sidewind |
| Passcv | Unspecified | 1 | PassCV is a threat actor, or hacking team, that has been identified as part of the Chinese intelligence apparatus. This group has operated under various names including Winnti, APT17, Axiom, LEAD, BARIUM, Wicked Panda, and GREF, indicating a broad and complex network of cyber operations. The group i |
| FIN7 | Unspecified | 1 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| BankInfoSecurity | a month ago | European Union Sanctions Russian State Hackers |
| BankInfoSecurity | 7 months ago | Sizing Up the Worst Healthcare Hacks of 2023 |
| MITRE | 7 months ago | FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 |
| MITRE | 7 months ago | The many lives of BlackCat ransomware | Microsoft Security Blog |
| CERT-EU | 10 months ago | Southern African power generator targeted with DroxiDat malware | #daitngscams | #lovescams | #datingscams | #love | #relationships | #scams | #pof | #match.com | #dating | National Cyber Security Consulting |
| CERT-EU | a year ago | US internet hosting company appears to facilitate global cybercrime, researchers say |
| CERT-EU | a year ago | Iranian ISP suspected of aiding cybercriminals and nation-state hackers |
| CERT-EU | a year ago | US internet hosting company appears to facilitate global cybercrime, researchers say |
| CERT-EU | a year ago | Focus on DroxiDat/SystemBC – GIXtools |
| CERT-EU | a year ago | Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers |
| InfoSecurity-magazine | a year ago | DroxiDat-Cobalt Strike Duo Targets Power Generator Network |
| Securityaffairs | a year ago | Power Generator in South Africa hit with DroxiDat and Cobalt Strike |
| CERT-EU | a year ago | Focus on DroxiDat/SystemBC |
| MITRE | a year ago | Exposing initial access broker with ties to Conti |