Intrusion sets
APT groups and intrusion sets — goals, aliases, sectors, and related campaigns.
-
Confidence 100 5 MITREs 2 Malwares 1 Tool
[APT12](https://attack.mitre.org/groups/G0005) is a threat group that has been attributed to China. The group has targeted a variety of victims including but not limited to media outlets, high-tech companies,…
-
Confidence 100 19 MITREs 5 Malwares 32 IOCs
[Dark Caracal](https://attack.mitre.org/groups/G0070) is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012. (Citation: Lookout Dark…
-
Axiom Group 72Confidence 100 16 MITREs 8 Malwares
[Axiom](https://attack.mitre.org/groups/G0001) is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government, manufacturing, and media sectors since at least 2008. Some reporting suggests a degree…
-
Confidence 100 8 CVEs 78 MITREs 6 Malwares 65 IOCs
[Salt Typhoon](https://attack.mitre.org/groups/G1045) is a People's Republic of China (PRC) state-backed actor that has been active since at least 2019 and responsible for numerous compromises of network infrastructure at…
-
Confidence 100 40 MITREs 5 Malwares 15 IOCs 1 Tool
[TA551](https://attack.mitre.org/groups/G0127) is a financially-motivated threat group that has been active since at least 2018. (Citation: Secureworks GOLD CABIN) The group has primarily targeted English, German, Italian, and Japanese…
-
Moonstone Sleet Storm-1789Confidence 100 1 CVE 42 MITREs 6 Malwares 20 IOCs
[Moonstone Sleet](https://attack.mitre.org/groups/G1036) is a North Korean-linked threat actor executing both financially motivated attacks and espionage operations. The group previously overlapped significantly with another North Korean-linked entity, [Lazarus Group](https://attack.mitre.org/groups/G0032),…
-
Confidence 100 3 CVEs 59 MITREs 6 Malwares 44 IOCs
[Sea Turtle](https://attack.mitre.org/groups/G1041) is a Türkiye-linked threat actor active since at least 2017 performing espionage and service provider compromise operations against victims in Asia, Europe, and North America. [Sea…
-
Confidence 100 9 MITREs 2 Malwares 2 Tools
[Rancor](https://attack.mitre.org/groups/G0075) is a threat group that has led targeted campaigns against the South East Asia region. [Rancor](https://attack.mitre.org/groups/G0075) uses politically-motivated lures to entice victims to open malicious documents. (Citation:…
-
Confidence 100 50 MITREs 11 Malwares 22 IOCs 2 Tools
[Agrius](https://attack.mitre.org/groups/G1030) is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middle East, with an emphasis on Israeli targets.(Citation:…
-
Confidence 100 1 CVE 38 MITREs 6 Malwares 29 IOCs 4 Tools
[Tonto Team](https://attack.mitre.org/groups/G0131) is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted South Korea, Japan, Taiwan, and the United States since at least 2009; by…
-
Confidence 100 5 CVEs 84 MITREs 21 Malwares 39 IOCs 12 Tools
[Threat Group-3390](https://attack.mitre.org/groups/G0027) is a Chinese threat group that has extensively used strategic Web compromises to target victims.(Citation: Dell TG-3390) The group has been active since at least 2010…
-
Confucius Confucius APTConfidence 100 30 MITREs 5 Malwares 26 IOCs
[Confucius](https://attack.mitre.org/groups/G0142) is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers…