Iranian state-sponsored actor publicly assessed to operate on behalf of the Iranian government, with persistent targeting of Middle East government, financial, energy, and telecommunications organiza…
DPRK state-sponsored actor publicly attributed to North Korea's Ministry of State Security (MSS). Conducts espionage against South Korean public and private sector targets and, to a lesser extent, Ja…
Iranian state-affiliated intrusion set publicly attributed to Rana Intelligence Computing — an MOIS (Ministry of Intelligence and Security) front company sanctioned by the U.S. Treasury OFAC in Septe…
Russian-speaking ransomware-as-a-service operation operating under the Royal brand from September 2022 to June 2023, then rebranding as BlackSuit. Confirmed as a direct continuation by FBI/CISA in jo…
Russian state-sponsored intrusion set publicly assessed by the UK NCSC and Five Eyes partners as 'almost certainly subordinate to FSB Centre 18'. Conducts targeted credential-phishing operations agai…
Russian state-sponsored intrusion set publicly attributed by the U.S. DOJ and Treasury OFAC to FSB Center 16 (Military Unit 71330). Long-running targeting of the energy, nuclear, water, aviation, and…
Chinese cyberespionage intrusion set publicly attributed to a Beijing-based group and best known for Operation Aurora — a mid-2009 to January 2010 campaign against Google, Adobe, Juniper Networks, an…
Russian cybercrime syndicate publicly attributed by the U.S. Treasury OFAC in December 2019, which sanctioned founder Maksim Yakubets. Operators of the Dridex banking trojan, the BitPaymer and Wasted…
Long-running financially-motivated crew historically tied to the Carbanak intrusion set. Initially targeted point-of-sale systems in the U.S. hospitality and retail sectors (300+ companies, 1,000+ lo…
Russian state-sponsored intrusion set publicly attributed by the Security Service of Ukraine (SBU) to FSB officers based in Russian-occupied Crimea. The longest-running publicly-documented intrusion…
DPRK state-sponsored actor focused on intelligence collection against South Korean and Western policy targets — diplomats, academics, journalists, and think-tank researchers working on Korean Peninsu…
DPRK state-sponsored umbrella set associated with the Reconnaissance General Bureau. Mixes financially-motivated operations (including major cryptocurrency exchange thefts and SWIFT-network bank intr…
Iranian state-sponsored actor publicly attributed in 2022 by U.S. Cyber Command to subordinates of the Ministry of Intelligence and Security (MOIS). Conducts espionage and access operations against t…
PRC state-aligned intrusion set focused on espionage against European government and NGO targets, Southeast Asian government and military targets (especially around the South China Sea), Mongolia, Ta…
PRC state-sponsored intrusion set publicly attributed by ThreatConnect and Defense Group Inc. to the People's Liberation Army Unit 78020 (Chengdu Military Region Second Technical Reconnaissance Burea…
Russia-aligned intrusion set conducting hybrid espionage and financially-motivated operations — ESET, Microsoft, and Unit 42 track it as a single actor straddling state-objective targeting (Ukrainian…