PRC state-sponsored intrusion set publicly attributed by the U.S. DOJ to the Ministry of State Security's Tianjin State Security Bureau, operating through Huaying Haitai. Best known for the Cloud Hop…
PRC state-sponsored intrusion set publicly attributed to the Ministry of State Security's Hubei State Security Department, operating through the front company Wuhan Xiaoruizhi Science and Technology…
Iranian state-sponsored actor with strategic intelligence interest in the global energy supply chain. Long-running password-spray and credential-theft campaigns against aviation and defense industria…
Iranian state-sponsored actor publicly assessed to operate on behalf of the Iranian government, with persistent targeting of Middle East government, financial, energy, and telecommunications organiza…
Chinese state-sponsored cyberespionage actor publicly attributed to the Ministry of State Security (MSS) Hainan State Security Department. Targets maritime industries, defense, government, and resear…
DPRK state-sponsored intrusion set treated by most vendors as the financial-operations subgroup of Lazarus, attributed to the Reconnaissance General Bureau. Responsible for the major SWIFT-network ba…
Russian state-sponsored intrusion set publicly assessed by the UK NCSC and Five Eyes partners as 'almost certainly subordinate to FSB Centre 18'. Conducts targeted credential-phishing operations agai…
PRC state-backed actor responsible for the 2024 intrusions into U.S. commercial telecommunications providers — among the most consequential telecom-targeted operations on the public record. Operates…
Native-English-speaking financially-motivated crew, assessed to include members in the United States, United Kingdom, and Canada. Tradecraft centers on SIM-swap and voice-phishing of IT helpdesks to…
PRC-attributed intrusion set identified by Microsoft in July 2023 after it forged authentication tokens using a stolen Microsoft MSA consumer signing key, enabling access to the Exchange Online mailb…