The Adversary Archive

USA (NSA-linked)

Russia (GRU Unit 26165)

Russia (SVR)

Russia (GRU Unit 74455)

Russia (FSB)

China (PLA Unit 61398)

China (MSS-affiliated)

China (PLA-linked)

North Korea (Reconnaissance General Bureau)

North Korea (Reconnaissance General Bureau, financial unit)

North Korea (RGB)

Iran (IRGC-affiliated)

Iran (Ministry of Intelligence)

Iran (IRGC)

Criminal (Eastern Europe)

Criminal (Russia, CIS-based)

Criminal (Russia-linked, global affiliates)

Criminal (Russia, St. Petersburg-linked)

Criminal (Anglophone, primarily US/UK teens)

Criminal (Russia-linked, RaaS)

Hacktivist (decentralized, global)

Russia (pro-Kremlin hacktivist)

China (MSS - Tianjin Bureau)

China (MSS - Hainan State Security)

China (MSS-linked)

China (PLA-linked)

China (MSS-linked)

China (MSS-linked)

Russia (FSB - Crimean officers)

Russia (FSB Centre 18)

South Asia (India-linked, suspected)

India (suspected)

India (suspected)

Pakistan (ISI-linked, suspected)

China (MSS - Tibet-focused)

Iran (MOIS - Ministry of Intelligence)

Israel (suspected)

Iran (IRGC-linked)

Iran (IRGC - Islamic Revolutionary Guard Corps)

Russia (SVR-linked)

USA / Israel (joint NSA–Unit 8200)

Sudan / Russia (disputed - possible Russian front)

Ukraine (government-coordinated volunteer collective)

Hacktivist (international collective)

Turkey (Marxist-Leninist hacktivist group)

Latin America (environmental/political hacktivist)

Russia (pro-Kremlin hacktivist affiliate)

South America (Colombia-linked, suspected)

Unknown (Southeast Asia region, suspected state-linked)

China (PLA Unit 61398 adjacent)

Criminal (UK/Brazil, mostly teenagers)

Criminal (English-speaking, Western)

Criminal (financially motivated, suspected Western)

Criminal (Eastern European, suspected)

Criminal (Russian-speaking, suspected)

Criminal (Latin America focused)

Iran (IRGC-linked)

Palestine (Hamas-affiliated, suspected)

Private sector (suspected Gulf state contractor)

Private sector (mercenary, suspected European)

Belarus (KGB-linked)

Russia (SVR-linked)

Pakistan (suspected)

Venezuela / Latin America (suspected state-linked)

Criminal (Russian-speaking)

Criminal (Russian-speaking)

Criminal (Eastern European)

Criminal (Russian-speaking, DarkSide successor)

Criminal (suspected Russian-speaking)

Criminal (Eastern European, suspected)

Criminal (Eastern European - Ukraine/Russia)

Criminal (Russian-speaking - likely Saint Petersburg)

Criminal (Eastern European)

Criminal (Eastern European, suspected)

Criminal (multiple groups, decentralized)

Criminal (Eastern European)

Criminal (TrickBot operators - Russian-speaking)

Criminal (suspected Eastern European)

China (MSS - Ministry of State Security)

Vietnam (Ministry of Public Security, suspected)

North Korea (RGB - Reconnaissance General Bureau)

Iran (MOIS - Ministry of Intelligence and Security)

Iran (IRGC-IO - Islamic Revolutionary Guard Corps Intelligence Organization)

China (MSS-affiliated)

China (PLA-affiliated, Taiwan operations)

China (MSS-affiliated contractor)

China (MSS - Integrity Technology Group)

China (MSS - suspected)

Russia (GRU Unit 161)

Russia (FSB Centre 16)

Russia (pro-Kremlin hacktivist collective)

Russia (GRU-linked hacktivist, Sandworm affiliate)

North Korea (RGB - 3rd Bureau)

North Korea (RGB - Lazarus sub-unit)

North Korea (RGB)

Iran (IRGC - contractor network)

Russia (FSB-linked, Maksim Yakubets)

Criminal (Russian-speaking, Conti splinter group)

Criminal (Russian-speaking, suspected)

Criminal (suspected Eastern European)

Criminal (suspected Eastern European)

Criminal (Russia-linked, global affiliates)

Unknown (suspected nation-state, telecom specialist)

Criminal (French and Moroccan nationals, suspected)

Criminal (Anglophone, primarily US/UK teens and young adults)

Criminal (US-based, young adults)