Threat Actor Profiles
Named threat actors in the dataset, their state nexus, attributed operations, and behavioural patterns.
Sandworm Team (GRU Unit 74455)
Russia — GRU (Main Intelligence Directorate), assessed to be Unit 74455
DestructiveEnergyTelecommunicationsCritical Infrastructure2015–2023
Lazarus Group (RGB, North Korea)
North Korea — Reconnaissance General Bureau (RGB)
DestructiveFinanceMediaHealthcare2014–2017
SVR / APT29 / Cozy Bear
Russia — SVR (Foreign Intelligence Service)
EspionageGovernmentTechnologyDefense2020–2024
Hafnium / PRC-Linked Groups
China — Ministry of State Security (MSS) and affiliated entities
EspionageGovernmentTechnologyTelecommunications2021–2024
Scattered Spider
Non-state: loosely organized English-speaking individuals (US/UK)
RansomwareTechnologyFinanceMultiple2023
Iranian State-Linked Actors (IRGC/MOIS)
Iran — Islamic Revolutionary Guard Corps (IRGC) and Ministry of Intelligence and Security (MOIS)
DestructiveEnergyGovernment2012–2022
Unknown / Contested Attribution
Various — includes cases where attribution is contested, unconfirmed, or points to non-state or negligence-based incidents
EspionageMultiple2010–2024