threatintel
actor tracker
70 actors · 153 eventsFilter
102 edges shown
RURussia — 21 outbound, 2 inboundUSUnited States — 1 outbound, 46 inboundDEGermany — 0 outbound, 27 inboundGBUnited Kingdom — 0 outbound, 38 inboundCNChina — 17 outbound, 1 inboundFRFrance — 0 outbound, 17 inboundPLPoland — 0 outbound, 10 inboundUAUkraine — 1 outbound, 10 inboundIRIran — 10 outbound, 2 inboundILIsrael — 1 outbound, 9 inboundAEUnited Arab Emirates — 0 outbound, 7 inboundAUAustralia — 0 outbound, 8 inboundJPJapan — 0 outbound, 13 inboundCACanada — 0 outbound, 10 inboundITItaly — 0 outbound, 6 inboundSASaudi Arabia — 0 outbound, 6 inboundKPDPRK — 5 outbound, 0 inboundKRSouth Korea — 0 outbound, 9 inboundTWTaiwan — 0 outbound, 4 inboundVNVietnam — 0 outbound, 7 inboundLVLatvia — 0 outbound, 4 inboundKHCambodia — 0 outbound, 3 inboundMYMalaysia — 0 outbound, 3 inboundPHPhilippines — 0 outbound, 3 inboundSGSingapore — 0 outbound, 4 inboundBRBrazil — 0 outbound, 4 inboundEEEstonia — 0 outbound, 3 inboundGEGeorgia — 0 outbound, 3 inboundLTLithuania — 0 outbound, 3 inboundBEBelgium — 0 outbound, 4 inboundHKHong Kong — 0 outbound, 2 inboundINIndia — 0 outbound, 6 inboundMMMyanmar — 0 outbound, 2 inboundTHThailand — 0 outbound, 2 inboundJOJordan — 0 outbound, 2 inboundTRTurkey — 0 outbound, 3 inboundCHSwitzerland — 0 outbound, 2 inboundCZCzechia — 0 outbound, 3 inboundESSpain — 0 outbound, 3 inboundNONorway — 0 outbound, 3 inboundRORomania — 0 outbound, 3 inboundFIFinland — 0 outbound, 2 inboundGUGuam — 0 outbound, 1 inboundMNMongolia — 0 outbound, 1 inboundIEIreland — 0 outbound, 1 inboundKWKuwait — 0 outbound, 2 inboundARArgentina — 0 outbound, 1 inboundBDBangladesh — 0 outbound, 1 inboundBHBahrain — 0 outbound, 1 inboundMXMexico — 0 outbound, 2 inboundATAustria — 0 outbound, 1 inboundBYBelarus — 0 outbound, 2 inboundDKDenmark — 0 outbound, 1 inboundNLNetherlands — 0 outbound, 1 inboundSESweden — 0 outbound, 1 inboundPKPakistan — 0 outbound, 1 inboundSYSyria — 0 outbound, 1 inbound
Edge colorState-sponsoredRansomwareCybercrimeHacktivistMultiple kindsCtrl + wheel to zoom · drag to pan · or use the +/− buttons

indications & warnings

9 actors moved in the last 365 days
  1. KP · DPRKLazarus Group
    1 eventlast Apr 17

    Lazarus / TraderTraitor steals $577M from Drift + KelpDAO inside three weeks

    watch your
    financialcryptocurrencydefensemedia+1
  2. ?? · UnknownShinyHunters
    2 eventslast Apr 15

    ShinyHunters extorts McGraw Hill via Salesforce misconfiguration

    watch your
    technologyfinancialeducationretail+1
  3. ?? · UnknownQilin
    1 eventlast Mar 31

    Qilin emerges as the most-active healthcare ransomware brand of Q1 2026

    watch your
    healthcaremanufacturingeducationprofessional services
  4. IR · IranHandala
    1 eventlast Mar 10

    Handala wipes 200,000+ Stryker devices via Microsoft Intune abuse

    watch your
    defensetechnologyhealthcaregovernment+2
  5. RU · RussiaOperation Zero
    1 eventlast Feb 23

    OFAC sanctions Operation Zero and Sergey Zelenyuk for exploit-broker activity

    watch your
    technologyresearch
  6. ?? · UnknownALPHV/BlackCat
    1 eventlast Nov 18

    Two U.S. cybersecurity workers plead guilty to ALPHV BlackCat affiliate scheme

    watch your
    healthcarefinancialprofessional servicesmanufacturing+1
  7. ?? · UnknownAkira
    1 eventlast Nov 12

    Updated joint advisory: Akira tied to ~$244M in proceeds, now hitting Nutanix AHV

    watch your
    manufacturingprofessional serviceseducationhealthcare
  8. CN · ChinaGTG-1002
    1 eventlast Nov 12

    Anthropic discloses GTG-1002 — first AI-orchestrated cyber espionage

    watch your
    technologyfinancialchemicalgovernment
  9. ?? · UnknownCl0p
    1 eventlast Sep 28

    Cl0p mass-exfiltrates Oracle E-Business Suite via CVE-2025-61882 zero-day

    watch your
    financialhealthcareeducationgovernment+1

Pure aggregation over the cited timeline — sectors are the actor's publicly attributed targeting profile, not a prediction. Hover an actor to open their page for the full cited record.

defender playbook · 12 categories

Defending an LLM application against real attacks

For AI startups and teams training their own models. Each category maps an attack class (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF) to example prompts, documented incidents, and concrete defenses grouped by lifecycle phase.

Open playbook

chronological activity

showing 25 of 153 events
  1. Lazarus / TraderTraitor steals $577M from Drift + KelpDAO inside three weeks
    Lazarus Group · TRM Labs
    Compromise
  2. ShinyHunters extorts McGraw Hill via Salesforce misconfiguration
    ShinyHunters · The Register
    Compromise
  3. Qilin emerges as the most-active healthcare ransomware brand of Q1 2026
    Qilin · Comparitech / Paubox aggregated tracking
    Report
  4. Handala wipes 200,000+ Stryker devices via Microsoft Intune abuse
    Handala · Krebs on Security
    Compromise
  5. OFAC sanctions Operation Zero and Sergey Zelenyuk for exploit-broker activity
    Operation Zero · U.S. Department of the Treasury
    Sanction
  6. Two U.S. cybersecurity workers plead guilty to ALPHV BlackCat affiliate scheme
    ALPHV/BlackCat · U.S. Department of Justice
    Indictment
  7. Anthropic discloses GTG-1002 — first AI-orchestrated cyber espionage
    GTG-1002 · Anthropic
    Report
  8. Updated joint advisory: Akira tied to ~$244M in proceeds, now hitting Nutanix AHV
    Akira · CISA
    Advisory
  9. ShinyHunters launches 'Trinity of Chaos' Salesforce leak site, 39 victims listed
    ShinyHunters · BleepingComputer
    Announcement
  10. Cl0p mass-exfiltrates Oracle E-Business Suite via CVE-2025-61882 zero-day
    Cl0p · Google Cloud / Mandiant
    Compromise
  11. 13-nation joint advisory AA25-239A on PRC global telecom espionage
    Salt Typhoon · CISA
    Advisory
  12. RomCom exploits WinRAR zero-day in spear-phishing against EU + Canada
    RomCom · ESET Research
    Compromise
  13. Eurojust and Europol announce Operation Eastwood takedown of NoName057(16)
    NoName057(16) · Eurojust
    Indictment
  14. Scattered Spider summer-2025 airline-sector wave: WestJet, Hawaiian, Qantas
    Scattered Spider · FBI Internet Crime Complaint Center (IC3)
    Compromise
  15. Predatory Sparrow attacks Bank Sepah and Nobitex crypto exchange
    Predatory Sparrow · TechCrunch
    Compromise
  16. CISA documents Play ESXi variant and per-victim recompilation
    Play · CISA
    Report
  17. Google GTIG disrupts APT41 TOUGHPROGRESS Google-Calendar-C2 campaign
    APT41 · Google Cloud / Mandiant
    Report
  18. Czech Republic publicly attributes multi-year MFA intrusion to APT31
    APT31 · NUKIB (National Cyber and Information Security Agency, Czech Republic)
    Announcement
  19. Scattered Spider compromises Marks & Spencer, Co-op, Harrods
    Scattered Spider · UK National Crime Agency / National Cyber Security Centre
    Compromise
  20. Shuckworm targets foreign military mission in Ukraine with updated GammaSteel
    Gamaredon · Symantec (Broadcom)
    Compromise
  21. Lazarus / TraderTraitor executes $1.5B Bybit heist — largest crypto theft in history
    Lazarus Group · U.S. Federal Bureau of Investigation
    Compromise
  22. Microsoft details Seashell Blizzard 'BadPilot' subgroup multi-year access ops
    Sandworm · Microsoft Threat Intelligence
    Report
  23. Black Basta internal chat logs leaked (BlackBastaGPT dataset)
    Black Basta · Hudson Rock / open-source
    Report
  24. Operation Phobos Aetor takes down 8Base; Russian operators arrested in Phuket
    8Base · Europol
    Sanction
  25. FBI attributes $308M DMM Bitcoin theft to DPRK TraderTraitor
    Lazarus Group · U.S. Federal Bureau of Investigation
    Announcement