One actor, many names.

A tracker for named threat actors — state-sponsored, ransomware, cybercrime, and hacktivist crews. Each actor has one canonical record regardless of how many names the industry has assigned. MITRE calls it APT29, CrowdStrike calls it Cozy Bear, Microsoft calls it Midnight Blizzard, Mandiant used to call it NOBELIUM. Same actor. One page. Every claim cites a primary source — read the methodology for the curation rules.

What you'll find here

• Actor pages — aliases by source taxonomy, attribution, motivations, target sectors, MITRE ATT&CK techniques, a sourced timeline of major publicly-reported events, related actors, and indicators of compromise.
• Briefs — long-form analysis of specific intrusions: Salt Typhoon, VersaMem, Stryker / Handala, ShinyHunters Snowflake pivot.
• Map — origin-to-target flows for tracked actors, with per-country deep links.
• Detections — Sigma, YARA, and Suricata rules authored for techniques and malware families used by tracked actors.
• AI misuse defense playbook — for AI startups and teams training their own models: every OWASP LLM Top 10 / MITRE ATLAS / NIST AI RMF category mapped to example attacker prompts, documented incidents, and concrete defenses grouped by lifecycle phase.
• Vendor naming Rosetta Stone — every alias mapped back to its canonical actor record.
• IOC pivot — paste a hash, domain, IP, file name or mutex; see which tracked actor it's cataloged against, with citation.

What this isn't

• Not a feed reader. The goal is synthesis — one canonical actor record across vendor naming — not a chronological dump of every CTI post.
• Not authoritative. Every claim cites the original publisher. If we're wrong, the citation tells you exactly where to verify and dispute.
• No fabricated content. No invented IOCs, no hallucinated indictments, no AI-flavored filler.

Built on

• MITRE ATT&CK for technique vocabulary and primary group attribution.
• CISA Cybersecurity Advisories RSS, Microsoft Threat Intelligence, and Google Cloud Threat Intelligence (Mandiant) for ongoing reporting. See the full intel-source bibliography in the side panel.
• FastAPI · Pydantic · aiosqlite · Anthropic API (for ingestion summarization) on the backend. Next.js · React · Framer Motion · Tailwind on the frontend. STIX 2.1 export at /api/export/stix2.