APT Groups Data

Know your adversary

An intelligence database on Advanced Persistent Threat actors and their tactics, techniques & procedures.

APT28

Fancy Bear · Sofacy · Sednit

A prolific espionage group known for targeting political and military organizations across NATO countries.

RussiaFirst seen 2007

Primary targets

GovernmentMilitaryMedia

TTPs

  • Spear phishing
  • Zero-day exploitation
  • Credential harvesting

APT29

Cozy Bear · The Dukes · Nobelium

A sophisticated actor linked to major supply-chain intrusions and stealthy, long-term espionage campaigns.

RussiaFirst seen 2008

Primary targets

GovernmentThink TanksHealthcare

TTPs

  • Supply chain attacks
  • Custom malware
  • Living off the land

APT41

Double Dragon · Winnti · Barium

A dual espionage-and-cybercrime group conducting both state-sponsored operations and financially motivated attacks.

ChinaFirst seen 2012

Primary targets

HealthcareTelecomGaming

TTPs

  • Supply chain compromise
  • Code signing abuse
  • Financial fraud

Lazarus Group

Hidden Cobra · APT38 · Zinc

A state-sponsored group notorious for destructive attacks and high-value financial and cryptocurrency theft.

North KoreaFirst seen 2009

Primary targets

FinanceCryptocurrencyDefense

TTPs

  • Destructive malware
  • Bank heists
  • Crypto theft

APT34

OilRig · Helix Kitten

A Middle East–focused espionage actor known for creative DNS-based command-and-control techniques.

IranFirst seen 2014

Primary targets

EnergyFinancialGovernment

TTPs

  • DNS tunneling
  • Web shells
  • Social engineering

APT33

Elfin · Refined Kitten

An actor targeting aviation and energy sectors, associated with destructive wiper malware campaigns.

IranFirst seen 2013

Primary targets

AviationEnergyPetrochemical

TTPs

  • Password spraying
  • Wiper malware
  • Phishing

FIN7

Carbanak · Carbon Spider

A financially motivated cybercrime syndicate responsible for large-scale payment-card and ransomware operations.

Financially motivatedFirst seen 2013

Primary targets

RetailHospitalityFinancial

TTPs

  • Point-of-sale malware
  • Phishing
  • Ransomware

Sandworm

Voodoo Bear · Telebots · Iron Viking

A destructive actor linked to attacks on critical infrastructure and industrial control systems.

RussiaFirst seen 2009

Primary targets

Critical InfrastructureEnergy GridsGovernment

TTPs

  • Destructive malware
  • ICS/SCADA attacks
  • Supply chain

Start your SOC analyst journey today

Create a free account, investigate your first live alert, and get instant feedback from the AI Senior Analyst.