Strobes VIStrobes VI
CVE DatabaseThreat ActorsResearchAPI Docs
Visit Strobes.coSign Up for Strobes
CVE DatabaseThreat ActorsResearchAPI Docs
Tools
KB Lookup
Visit Strobes.coSign Up for Strobes

Do you like the insights?

Strobes vulnerability intelligence is a key component of their Exposure Management platform that helps organizations understand, prioritize, and address security vulnerabilities more effectively.

© 2026 Strobes Security. All rights reserved.
HomeThreat Actors

Threat Actors Database

Track APT groups, cybercriminal organizations, and the vulnerabilities they exploit

906
Total Threat Actors
TA459
CN

aka: G0062

Cyber Berkut
RU
Danti
Dancing Salome

Dancing Salome is the Kaspersky codename for an APT actor with a primary focus on ministries of foreign affairs, think tanks, and Ukraine. What makes Dancing Salome interesting and relevant is the attacker’s penchant for leveraging HackingTeam RCS implants compiled after the public breach.

APT26
CN

aka: TECHNETIUM, TURBINE PANDA, JerseyMikes +2 more

SABRE PANDA
CN
BIG PANDA
CN
POISONUS PANDA
CN
Ghost Jackal
ELECTRIC PANDA
CN
GIBBERISH PANDA
CN
OnionDog
KP

This threat actor targets the South Korean government, transportation, and energy sectors.

Clever Kitten
IR

aka: Group 41

Unit 8200
IL

aka: Duqu Group

PALE PANDA
CN
UNC5174

aka: Uteus

UNC5174, a Chinese state-sponsored threat actor, has been identified by Mandiant for exploiting critical vulnerabilities in F5 BIG-IP and ScreenConnect. They have been linked to targeting research and education institutions, businesses, charities, NGOs, and government organizations in Southeast Asia, the U.S., and the UK. UNC5174 is believed to have connections to China's Ministry of State Security and has been observed using custom tooling and the SUPERSHELL framework in their operations. The actor has shown indications of transitioning from hacktivist collectives to working as a contractor for Chinese intelligence agencies.

CyberNiggers

CyberNiggers is a threat group known for breaching various organizations, including the US military, federal contractors, and multinational corporations like General Electric. Led by the prominent member IntelBroker, they specialize in selling access to compromised systems and stealing sensitive data, such as military files and personally identifiable information. The group has targeted a diverse portfolio of organizations, showcasing their strategic approach to gathering varied sets of information. Their activities raise concerns about national security, individual privacy, and the need for robust cybersecurity measures to mitigate the impact of cyber adversaries.

Mana Team
CN
TempTick
CN

This threat actor targets organizations in the finance, defense, aerospace, technology, health-care, and automotive sectors and media organizations in East Asia for the purpose of espionage. Believed to be responsible for the targeting of South Korean actors prior to the meeting of Donald J. Trump and Kim Jong-un

MoneyTaker

In less than two years, this group has conducted over 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia. The group has primarily been targeting card processing systems, including the AWS CBR (Russian Interbank System) and purportedly SWIFT (US). Given the wide usage of STAR in LATAM, financial institutions in LATAM could have particular exposure to a potential interest from the MoneyTaker group.

Showing 41 - 60 of 906
PreviousNext