Overview
This page lists all known threat actors that have been observed using CyberGate.
Threat Actors
- 1937CN (China)
- 5ss5c Ransomware
- [Vault 7/8]
- Ababil of Minab (Iran)
- Adrastea
- AeroBlade
- Altahrea Team (Iraq)
- Anonymous (Collective)
- Anonymous KSA
- Anonymous Sudan (Russia)
- Anonymous64 (Taiwan)
- Anubis Ransomware Group
- APT-C-12
- APT-C-34
- APT28 (Russia) - High
- APT29 (Russia) - High
- APT3 (China) - High
- APT32 (Vietnam) - High
- APT33 (Iran) - High
- APT4 (China) - High
- APT41 (China) - High
- APT42 (Iran) - High
- APT43
- APT45 (North Korea)
- APT9 (China)
- AzzaSec (Italy)
- Bart ransomware
- Bearlyfy (Ukraine)
- BianLian Ransomware Group
- Bignosa (Kenya)
- BlackByte
- BlackJack (Ukraine)
- Blackmeta
- Blacktail
- BlackTech (China)
- Blackwood (China)
- BladedFeline (Iran)
- Blue Mockingbird
- Blue Tsunami (Israel)
- BlueBottle
- BOSON SPIDER
- br0k3r
- BreachLaboratory
- ByteToBreach
- Calypso
- CardinalLizard (China)
- Careto (Spain) - High
- Cat Scientist Actor
- CHATTY SPIDER
- Chaya_004 (China)
- Chimera (China)
- CHRYSENE (Unknown) - High
- Cleaver (Iran) - High
- ComicForm
- Confucious (India)
- Confucius
- Contagious Interview
- Conti (Russia) - Critical
- CopyKittens (Iran) - High
- Cosmic Lynx
- CostaRicto
- CoughingDown
- Crimson Collective
- crosslock
- CryptoChameleon
- ctblocker
- Cyber Alliance (Ukraine)
- Cyber Army of Russia (Russia)
- Cyber Av3ngers (Iran)
- Cyber Islamic Resistance (Iran)
- Cyber Partisans (Belarus)
- Cyber Serp (Russia)
- Cyber Toufan (Iran)
- Cyber.Anarchy.Squad (Ukraine)
- CyberNiggers
- CyberVolk
- Daixin Team
- DarkPink (China)
- Deadeye Jackal (Syria) - High
- Desorden Group
- DEV-0147 (China)
- DiceyF (China)
- DieNet
- Dragonforce (Malaysia)
- DustSquad (Russia)
- Earth Alux (China)
- Earth Freybug (China)
- Earth Kapre
- Earth Krahang (China)
- Eldorado Ransomware Operators
- Ember Bear (Russia)
- Equation
- Equation Group (United States) - High
- Evasive Panda (China) - High
- Evil Corp
- Evilbyte
- ExCobalt
- EXOTIC LILY
- FASTCash
- Femwar02 (Russia)
- FIN13 (Russia)
- FIN5
- FrostyNeighbor (Belarus)
- Gallmaker
- GamaCopy
- GCMAN (Russia) - High
- ghost
- GhostNet
- GlobeImposter
- GOLD CABIN
- GOLD DUPONT
- GOLD EVERGREEN
- GOLD FAIRFAX
- GOLD GALLEON
- GOLD GARDEN
- GOLD MANSARD
- GOLD NORTHFIELD
- GOLD PRELUDE
- GOLD REBELLION
- GOLD RIVERVIEW
- GOLD SKYLINE
- GOLD SOUTHFIELD
- GOLD SYMPHONY
- GOLD WATERFALL
- GoldFactory (China)
- Groove
- GTG-1002 (China)
- GXC Team
- Hive0117
- holyghost
- HomeLand Justice (Iran)
- Hunt3r Kill3rs (Russia)
- Inception (Russia)
- Indrik Spider (Russia)
- IRIDIUM (Iran) - Low
- IRLeaks
- Jabaroot
- Joint Cyberspace Command (Spain)
- Joint Sigint Cyber Unit (Netherlands)
- Kairos
- Kasablanka (Morocco)
- Keymous+
- Killsec
- KromSec
- LAPSUS$
- LazyScripter
- leaknet
- LinkC Pub
- LockBit Ransomware Actors & Affiliates
- LongNosedGoblin (China)
- LulzSec Black
- LYCEUM (Iran) - High
- Magic Kitten (Iran) - High
- MalKamak (Iran)
- Malteiro (Brazil)
- Medusa (Unknown) - High
- MedusaLocker Ransomware Actors
- menuPass (China)
- MirrorFace (China)
- Mofang (China) - High
- Moonstone Sleet (North Korea)
- MORH4x (Morocco)
- Moses Staff (Iran)
- Moshen Dragon (China)
- MoustachedBouncer (Belarus) - High
- Mustard Tempest
- National Cyber and Crypto Agency (Indonesia)
- NetRunnerPR
- Nullbulge
- Opal Sleet (North Korea)
- Operation Comando
- Operation DRBControl (China)
- Operation ForumTroll
- Operation Parliament (Unknown) - High
- Operation Soft Cell
- OurMine
- OverFlame
- Pearl Sleet (North Korea)
- Phlox Tempest (Israel)
- PirateJack Actor
- Play (Unknown) - High
- PLUMP SPIDER
- PlushDaemon (China)
- POLONIUM (Lebanon) - Critical
- Predatory Sparrow (Iran)
- Princess Evolution
- ProjectSauron (United States) - High
- PurpleHaze (China)
- Quantum Ransomware Actors
- R00tK1T (Israel)
- RaHDit (Russia)
- Razor
- Red Charon
- RedAlpha (China)
- RedEcho (China)
- REF5961
- REF7707 (China)
- RevengeHotels
- Rocke
- Royal Ransomware Actors
- RTM
- Ruby Sleet (North Korea)
- SafePay Ransomware Actors
- Salt Typhoon (China)
- Salt Typhoon (Deprecated) (China)
- Sandman APT (China) - High
- Sandworm Team (Russia)
- Seashell Blizzard Subgroup (Russia)
- SGL Actor
- Shadow Network
- SHADOW-AETHER-015
- Shadow-Earth-053 (China)
- SHADOW-VOID-042
- Shahid Hemmat (Iran)
- SharpPanda (China)
- ShinyHunters
- ShurL0ckr
- SideCopy (Pakistan)
- Siesta
- Silence group
- Silent Librarian (Iran)
- SilitNetwork
- SilverFish
- Smishing Triad (China)
- SNOWGLOBE (France) - High
- Solntsepek (Russia)
- SongXY
- Sowbug (Unknown) - High
- SpaceBears (Russia)
- Star Blizzard (Russia)
- Storm-0062 (China)
- Storm-0381 (Russia)
- Storm-0501
- Storm-0506
- Storm-0826
- Storm-0835
- Storm-1044
- Storm-1101
- Storm-1152 (Vietnam)
- Storm-1175 (China)
- Storm-1811 (Deprecated)
- Storm-2077 (China)
- Storm-2139
- TA2541
- TA505 (Russia)
- TA558
- TA570 (Russia)
- TA577 (Russia)
- TA829 (Russia)
- TAG-112 (China)
- TAG-140 (Pakistan)
- TeamSpy Crew (Russia) - High
- Telecrypt Ransomware
- TEMPER PANDA (China) - High
- The National Cyber Security Commission[25] (NCSC) – الهيئة الوطنية للأمن السيبراني (Saudi Arabia)
- The White Company
- Threat Group-1314
- Threat Group-3390 (China)
- Threatsec
- Tick (China) - High
- TOXCAR CYBER TEAM
- Trojan Dz
- UAC-0020 (Russia)
- UAC-0063
- UAC-0094 (Russia)
- UAC-0215
- UAC-0219
- UAC-0226
- UAT-8099 (China)
- UAT-8616
- Ukrainian Cyber Alliance (Ukraine)
- UNC2452 (Russia) - Critical
- UNC2630 (China)
- UNC2814 (China)
- UNC3886 (China)
- UNC4191 (China)
- UNC4540 (China)
- UNC4736 (North Korea)
- UNC5291
- UNC5325 (China)
- UNC6485
- UNC6619
- UNG0002
- UNG0901
- UserSec (Russia)
- UTA0178 (China)
- vanhelsing
- Velvet Ant (China)
- Void Balaur
- Void Blizzard (Russia)
- VulzSecTeam (Indonesia)
- Water Bakunawa
- Water Barghest
- Water Kurita
- Water Saci (Brazil)
- Webworm (China)
- WeRedEvils (Israel)
- WildNeutron
- Windigo
- Winter Vivern (Russia)
- WIRTE
- Witchetty (China)
- Worok (China) - High
- XakNet (Russia)
- Xiaoqiying (China)
- ZOMBIE SPIDER
- ZooPark