← Home·Three-Card Spread·Daily Card·Techniques·Defenses·Sectors·Compare

The Adversary Archive

78 adversary profiles across Major and Minor Arcana.

Origin:
Sector:
0Nation-State
The Ghost
Equation Group
USA (NSA-linked)
1Nation-State
The Phantom
APT28
Russia (GRU Unit 26165)
2Nation-State
The Shadow Court
APT29
Russia (SVR)
3Nation-State
The Destroyer
Sandworm
Russia (GRU Unit 74455)
4Nation-State
The Serpent
Turla
Russia (FSB)
5Nation-State
The Archivist
APT1
China (PLA Unit 61398)
6Nation-State
The Ten Thousand
APT41
China (MSS-affiliated)
7Nation-State
The Silent Dragon
Volt Typhoon
China (PLA-linked)
8Nation-State
The Specter
Lazarus Group
North Korea (Reconnaissance General Bureau)
9Nation-State
The Alchemist
APT38
North Korea (Reconnaissance General Bureau, financial unit)
10Nation-State
The Whisperer
Kimsuky
North Korea (RGB)
11Nation-State
The Flame Keeper
APT33
Iran (IRGC-affiliated)
12Nation-State
The Oracle
APT34
Iran (Ministry of Intelligence)
13Nation-State
The Charmed One
APT35
Iran (IRGC)
14Criminal
The Merchant
FIN7
Criminal (Eastern Europe)
15Criminal
The Reaper
REvil
Criminal (Russia, CIS-based)
16Criminal
The Locked Tower
LockBit
Criminal (Russia-linked, global affiliates)
17Criminal
The Plague
Conti
Criminal (Russia, St. Petersburg-linked)
18Criminal
The Shape Shifter
Scattered Spider
Criminal (Anglophone, primarily US/UK teens)
19Criminal
The Void
BlackCat / ALPHV
Criminal (Russia-linked, RaaS)
20Hacktivist
The Thousand Masks
Anonymous
Hacktivist (decentralized, global)
21Hacktivist
The Storm
KillNet
Russia (pro-Kremlin hacktivist)
S1Nation-State
The Thousand Hands
APT10
China (MSS - Tianjin Bureau)
S2Nation-State
The Tidal Current
APT40
China (MSS - Hainan State Security)
S3Nation-State
The Hidden Key
Hafnium
China (MSS-linked)
S4Nation-State
The Patient Archivist
Bronze Butler
China (PLA-linked)
S5Nation-State
The Nomadic Eye
Mustang Panda
China (MSS-linked)
S6Nation-State
The Wire
Salt Typhoon
China (MSS-linked)
S7Nation-State
The Hunger
Gamaredon
Russia (FSB - Crimean officers)
S8Nation-State
The Confessor
Callisto Group
Russia (FSB Centre 18)
S9Nation-State
The Grudge
Bitter
South Asia (India-linked, suspected)
S10Nation-State
The Viper
SideWinder
India (suspected)
S11Nation-State
The Collage
Patchwork
India (suspected)
S12Nation-State
The Long Shadow
Transparent Tribe
Pakistan (ISI-linked, suspected)
S13Nation-State
The Lotus Eye
TA413
China (MSS - Tibet-focused)
S14Nation-State
The Marsh
MuddyWater
Iran (MOIS - Ministry of Intelligence)
W1Nation-State
The Arsonist
Predatory Sparrow
Israel (suspected)
W2Nation-State
The Flood
Moses Staff
Iran (IRGC-linked)
W3Nation-State
The Wrench
Cyber Av3ngers
Iran (IRGC - Islamic Revolutionary Guard Corps)
W4Nation-State
The Invisible Chain
UNC2452
Russia (SVR-linked)
W5Nation-State
The Saboteur
Stuxnet Operators
USA / Israel (joint NSA–Unit 8200)
W6Hacktivist
The Thunderhead
Anonymous Sudan
Sudan / Russia (disputed - possible Russian front)
W7Hacktivist
The Volunteer Corps
IT Army of Ukraine
Ukraine (government-coordinated volunteer collective)
W8Hacktivist
The Fractured Flag
GhostSec
Hacktivist (international collective)
W9Hacktivist
The Red Star
RedHack
Turkey (Marxist-Leninist hacktivist group)
W10Hacktivist
The Jungle Eye
Guacamaya
Latin America (environmental/political hacktivist)
W11Hacktivist
The Affiliate
UserSec
Russia (pro-Kremlin hacktivist affiliate)
W12Nation-State
The Blind Eagle
APT-C-36
South America (Colombia-linked, suspected)
W13Nation-State
The Mercenary Wing
Yellow Garuda
Unknown (Southeast Asia region, suspected state-linked)
W14Nation-State
The Breach of Trust
Operation Aurora
China (PLA Unit 61398 adjacent)
C1Criminal
The Jester
Lapsus$
Criminal (UK/Brazil, mostly teenagers)
C2Criminal
The Sim Swap
UNC3944
Criminal (English-speaking, Western)
C3Criminal
The Insider
FIN4
Criminal (financially motivated, suspected Western)
C4Criminal
The Hospitality Thief
FIN8
Criminal (Eastern European, suspected)
C5Criminal
The Broker
TA505
Criminal (Russian-speaking, suspected)
C6Criminal
The False Itinerary
TA558
Criminal (Latin America focused)
C7Nation-State
The Watering Hole
Tortoiseshell
Iran (IRGC-linked)
C8Nation-State
The Gaza Whisper
Molerats
Palestine (Hamas-affiliated, suspected)
C9Nation-State
The Persona Collective
Bahamut
Private sector (suspected Gulf state contractor)
C10Criminal
The False KYC
Evilnum
Private sector (mercenary, suspected European)
C11Nation-State
The Ghostwriter
UNC1151
Belarus (KGB-linked)
C12Nation-State
The Supply Chain Reader
SilverFish
Russia (SVR-linked)
C13Criminal
The Petty Face
Gorgon Group
Pakistan (suspected)
C14Nation-State
The Latin Blade
Machete
Venezuela / Latin America (suspected state-linked)
P1Criminal
The Silent Toll
Cl0p
Criminal (Russian-speaking)
P2Criminal
The Dark Dividend
DarkSide
Criminal (Russian-speaking)
P3Criminal
The Hospital Ward
Hive
Criminal (Eastern European)
P4Criminal
The Rebrand
BlackMatter
Criminal (Russian-speaking, DarkSide successor)
P5Criminal
The Schoolyard
Vice Society
Criminal (suspected Russian-speaking)
P6Criminal
The Dark Counter
FIN6
Criminal (Eastern European, suspected)
P7Criminal
The Banker
Carbanak
Criminal (Eastern European - Ukraine/Russia)
P8Criminal
The Second Stage
TrickBot / Ryuk
Criminal (Russian-speaking - likely Saint Petersburg)
P9Criminal
The Delivery Service
Emotet / Mealybug
Criminal (Eastern European)
P10Criminal
The Payment Card Ghost
FIN5
Criminal (Eastern European, suspected)
P11Criminal
The Invisible Skimmer
Magecart
Criminal (multiple groups, decentralized)
P12Criminal
The Frozen Account
IcedID / Bokbot
Criminal (Eastern European)
P13Criminal
The Side Door
BazaLoader
Criminal (TrickBot operators - Russian-speaking)
P14Criminal
The False Tax
TA2101
Criminal (suspected Eastern European)
Data sourced from MITRE ATT&CK. For educational purposes.