Category: APT Groups

Dark Caracal (G0070) is a Lebanon-linked APT conducting long-term mobile surveillance operations targeting government, military, journalists, and activists across MENA.

Liminal Panda is an emerging China-linked cyber-espionage actor targeting semiconductor, AI, and defense sectors through cloud-native intrusion and identity abuse techniques.

Winter Vivern (TAG-70 / UAC-0114 / TA473) is a state-aligned cyber-espionage group targeting NATO and EU entities via credential harvesting, Zimbra exploitation, and persistent phishing operations.

APT-C-36, also known as Blind Eagle, is a Colombia-linked cyber-espionage group active since 2018. Primarily targeting government and financial sectors in Latin America, the actor leverages phishing, commodity RATs, and evolving post-compromise techniques to sustain regional campaigns.

Inception Framework is a long-running Russian-speaking cyberespionage group focused on government, diplomatic, and defense targets using stealthy spearphishing and cloud-based intrusion techniques.

APT27 is a long-running China-aligned cyber espionage group targeting governments, defense contractors, and critical infrastructure through stealthy, high-impact operations.

APT3 (BORON) is one of the earliest China-aligned APT groups, known for exploit-driven espionage campaigns targeting defense, advanced manufacturing, and government sectors.

FIN11 is a globally active, financially motivated cybercrime group known for large-scale phishing campaigns, malware distribution, and ransomware ecosystem enablement.

APT35, also known as Charming Kitten, is an Iranian state-linked cyber espionage group active since 2011, conducting phishing, credential theft, and influence operations against political, academic, media, and NGO targets worldwide.

APT15 is a long-running, China-aligned cyber espionage group linked to the MSS, targeting governments, defense organizations, NGOs, and technology sectors globally with sustained operations through 2025.