_groups - RunkIntel

# Threat Actors Perfis detalhados de grupos de ameaça que operam globalmente, com ênfase em atores que alvejam o Brasil e a América Latina. Cada perfil inclui TTPs mapeadas ao MITRE ATT&CK, infraestrutura conhecida, campanhas documentadas e indicadores de comprometimento (IoCs). **Categorias monitoradas:** - **APTs (Advanced Persistent Threats)** - grupos com suporte estatal, motivação de espionagem ou sabotagem - **Grupos criminosos** - ransomware-as-a-service, fraude financeira, carding - **Hacktivistas** - motivação ideológica ou política - **Atores emergentes** - novos grupos identificados com atividade crescente --- ## Mapa de Threat Actors por Origem > [!example]- Mapa por Origem Geográfica > ```mermaid > mindmap > root((Threat Actors por Origem)) > Rússia > APT28 - Fancy Bear > APT29 - Cozy Bear > Sandworm > Turla > Gamaredon > LockBit > Cl0p > Qilin > China > APT41 > Volt Typhoon > Salt Typhoon > Mustang Panda > APT10 - Cloud Hopper > APT9 - Nightshade Panda > Silk Typhoon - HAFNIUM > UNC5221 > UNC5325 > UNC5337 > Citrine Sleet > Coreia do Norte > Lazarus Group > Andariel > Kimsuky > Citrine Sleet > Irã > MuddyWater - MOIS > APT42 - IRGC > CyberAv3ngers - IRGC > Void Manticore - IRGC > LATAM > Grandoreiro - Brasil > Blind Eagle - Colombia > APT Tekir > Aggah - Oriente Medio > ``` > [!example]- Mapa por Motivação > ```mermaid > mindmap > root((Threat Actors por Motivação)) > Ransomware > LockBit > Cl0p > Qilin > Interlock > Monti > Zollo > Espionagem > APT28 - Fancy Bear > APT29 - Cozy Bear > Turla > Gamaredon > APT41 > Volt Typhoon > Salt Typhoon > Mustang Panda > APT10 - Cloud Hopper > APT9 - Nightshade Panda > Silk Typhoon - HAFNIUM > MuddyWater - MOIS > APT42 - IRGC > Kimsuky > Financeiro > Lazarus Group > Andariel > Citrine Sleet > Grandoreiro - Brasil > Blind Eagle - Colombia > Aggah Group > Hacktivismo > Void Manticore - IRGC > CyberAv3ngers - IRGC > APT Tekir > ``` --- ## Atores Ativos %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Ator", origin AS "Origem", join(motivation, ", ") AS "Motivação", status AS "Status", join(targets-sectors, ", ") AS "Setores Alvo" FROM "cti/groups" WHERE type = "threat-actor" AND status = "active" SORT file.mtime DESC ``` %%   | Ator | Origem | Motivação | Status | Setores Alvo | | ---------------------------------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------- | ------ | --------------------------------------------------------------------------------------------------------------------------- | | [[void-manticore\|Void Manticore]] | Irã | disruptivo, hacktivismo | active | government, telecommunications, healthcare | | [[volt-typhoon\|Volt Typhoon]] | China | pré-posicionamento para conflito, sabotagem, espionagem | active | critical-infrastructure, telecommunications, energy, water, transportation, government | | [[unc6691\|UNC6691]] | Desconhecida (possívelmente nexo chinês) | espionagem, acesso a dispositivos móveis | active | government, technology, telecommunications | | [[unc4736\|UNC4736]] | Coreia do Norte | financeiro | active | financial, technology, cryptocurrency | | [[unc4841\|UNC4841]] | China | espionagem, coleta de inteligência | active | government, technology, defense, telecommunications | | [[unc1549\|UNC1549]] | Iran | espionagem | active | defense, aerospace, aviation, telecommunications, technology, government | | [[unc1945\|UNC1945]] | Desconhecida (possívelmente China) | espionagem, roubo de dados de telecomúnicações | active | telecommunications | | [[teamtnt\|TeamTNT]] | Alemanha (suspeita) | financeiro, cryptojacking, roubo de credenciais cloud | active | technology, cloud, cryptocurrency | | [[teampcp\|TeamPCP]] | Desconhecido | destruição, roubo-de-credenciais, ransomware | active | technology, devops, open-source | | [[ta2727\|TA2727]] | Desconhecida | financeiro | active | technology, financial, retail | | [[storm-1567\|Storm-1567]] | Desconhecida (provavel Russia / Leste Europeu) | financeiro | active | manufacturing, healthcare, financial, technology, government, education, food-agriculture | | [[storm-0844\|Storm-0844]] | Desconhecida (afiliado DragonForce) | financeiro | active | manufacturing, retail, technology, critical-infrastructure, real-estate, transportation | | [[shinyhunters\|ShinyHunters]] | Ocidente (anglófono) | financeiro, extorsão | active | telecommunications, financial, technology, retail, aviation | | [[silver-fox\|Silver Fox]] | China | espionage, financial | active | financial, healthcare, government, technology | | [[sandworm\|Sandworm]] | Rússia (GRU — Unidade 74455) | sabotagem, espionagem, disrupção de infraestrutura | active | energy, critical-infrastructure, government, telecommunications, financial | | [[romcom-group\|RomCom]] | Rússia | espionagem, financeiro, ransomware | active | government, defense, financial, technology, energy | | [[cti/groups/red-menshen.md\|Red Menshen]] | China | espionagem | active | telecommunications, critical-infrastructure, government | | [[cti/groups/mispadu.md\|Mispadu (SAMBA SPIDER)]] | Brasil / México | financial | active | financial, government, technology | | [[lockbit\|LockBit]] | Rússia | financeiro | active | manufacturing, healthcare, financial, technology, government | | [[lazarus-group\|Lazarus Group]] | Coreia do Norte | espionagem, financeiro, sabotagem | active | financial, cryptocurrency, government, defense, technology | | [[jetbrains-teamcity\|Atores que Exploram JetBrains TeamCity]] | Múltiplos (Rússia / Coreia do Norte) | espionagem, supply chain compromise, ransomware | active | technology, software-development, financial, government | | [[grandoreiro\|Grandoreiro (Operadores)]] | Brasil | financeiro | active | financial, cryptocurrency | | [[g1009-moses-staff\|Moses Staff]] | Iran | destruicao, influencia, dano politico | active | government, defense, financial, energy, manufacturing, transportation | | [[g0128-apt31\|APT31]] | China | espionagem | active | government, technology, defense, telecommunications, media | | [[g0114-fin12\|FIN12]] | Russofono | financeiro, ransomware | active | healthcare, critical-infrastructure, government, financial, manufacturing, technology | | [[g0059-apt35\|APT35]] | Iran | espionagem | active | government, defense, technology, academia, media | | [[g0005-apt12\|APT12]] | China | espionagem | active | government, media, technology, defense, telecommunications, education | | [[fin6\|FIN6]] | Rússia / Leste Europeu | financeiro, ransomware, roubo de dados de cartão | active | retail, hospitality, financial, technology | | [[fin7\|FIN7]] | Rússia / Ucrânia | financeiro, ransomware | active | financial, retail, hospitality, technology, healthcare | | [[cti/groups/cyberav3ngers.md\|CyberAv3ngers]] | Irã (IRGC-CEC) | sabotagem | active | critical-infrastructure, energy, water | | [[cardinal-cybercrime-group\|Cardinal Cybercrime Group]] | Rússia / Leste Europeu | financeiro, ransomware, extorsão | active | technology, financial, government | | [[blackmatter\|BlackMatter]] | Rússia | financeiro, extorsao | active | critical-infrastructure, food-agriculture, manufacturing, healthcare, financial, energy | | [[bianlian-group\|BianLian]] | Desconhecida (possívelmente Rússia/CIS) | financeiro, extorsão, ransomware | active | healthcare, government, financial, manufacturing, critical-infrastructure | | [[apt9\|APT9]] | China | espionagem, roubo-de-propriedade-intelectual | active | healthcare, pharmaceutical, biotechnology, aerospace, defense, construction-engineering | | [[apt41\|APT41]] | China | espionagem, financeiro, roubo de propriedade intelectual | active | healthcare, technology, gaming, telecommunications, financial, government | | [[apt5\|APT5]] | China | espionagem, roubo de propriedade intelectual | active | telecommunications, defense, technology, aerospace | | [[apt40\|APT40]] | China (MSS — Hainan State Security Department) | espionagem, roubo de propriedade intelectual naval | active | defense, maritime, aerospace, government, research | | [[apt33\|APT33]] | Irã | espionagem, sabotagem | active | energy, defense, government, aerospace, financial | | [[apt35\|APT35]] | Irã (IRGC — Guarda Revolucionária Islâmica) | espionagem, vigilância de dissidentes, coleta de inteligência | active | government, defense, academic, think-tanks, journalism, human-rights | | [[apt38\|APT38]] | Coreia do Norte (RGB) | financeiro, roubo de criptoativos, ataques SWIFT | active | financial, cryptocurrency, banking | | [[apt31\|APT31]] | China (MSS) | espionagem, coleta de inteligência política, roubo de propriedade intelectual | active | government, political, financial, defense, aerospace | | [[apt28\|APT28]] | Rússia (GRU — Unidade 26165 e 74455) | espionagem, interferência política, sabotagem | active | government, defense, energy, technology, political | | [[apt29\|APT29]] | Rússia (SVR — Serviço de Inteligência Estrangeiro) | espionagem, coleta de inteligência | active | government, technology, defense, think-tanks, healthcare | | [[apt24\|APT24]] | China | espionagem | active | government, technology, telecommunications, healthcare | | [[akira-group\|Akira Group]] | Desconhecida (suspeito ligação Conti) | financeiro, ransomware | active | manufacturing, education, technology, healthcare, financial, critical-infrastructure | | [[8220-gang\|8220 Gang]] | China | financeiro | active | technology, cloud, financial, government | | [[water-galura\|Water Galura]] | Rússia | financeiro, extorsão | active | healthcare, manufacturing, financial, legal, government, education, technology | | [[unc5820\|UNC5820]] | unknown | espionagem, acesso-inicial | active | technology, critical-infrastructure, financial, managed-service-providers | | [[unc5337\|UNC5337]] | China | espionagem | active | government, defense, technology, telecommunications | | [[unc5221\|UNC5221]] | China | espionagem | active | government, defense, healthcare, technology, financial, telecommunications | | [[unc3890\|UNC3890]] | Iran | espionagem | active | government, transportation, energy, healthcare, technology | | [[unc2630\|UNC2630]] | China | espionagem | active | government, defense, critical-infrastructure | | [[unc2596\|UNC2596]] | | financeiro, extorsão, espionagem | active | government, financial, critical-infrastructure, healthcare, technology | | [[unc2565\|UNC2565]] | Europa Oriental / Rússia | financeiro, acesso-inicial | active | healthcare, financial, legal, technology | | [[unc2448\|UNC2448]] | Irã | financeiro, espionagem | active | government, critical-infrastructure, technology, healthcare | | [[unc215\|UNC215]] | China | espionagem | active | government, technology, telecommunications | | [[uat-8616\|UAT-8616]] | Desconhecido | espionagem, acesso-persistente | active | critical-infrastructure, telecommunications, government, energy, manufacturing | | [[cti/groups/ta558.md\|TA558]] | Unknown | financeiro | active | hospitality, travel, transportation, financial | | [[ta505\|TA505]] | Russia | financeiro | active | financial, healthcare, manufacturing, technology, government, logistics | | [[ta2722\|TA2722]] | Filipinas (provável) | financeiro, espionagem | active | manufacturing, transportation, shipping, energy, pharmaceutical, technology | | [[stormous\|Stormous]] | Oriente Medio / Russia (membros de ambas regioes) | financeiro, hacktivismo, politico | active | technology, energy, manufacturing, government, financial | | [[royal-blacksuit-group\|Royal BlackSuit Group]] | Desconhecida (suspeito Russofono) | financeiro, ransomware | active | healthcare, government, critical-infrastructure, manufacturing, commercial-facilities, critical-manufacturing | | [[cti/groups/rhysida.md\|Rhysida]] | Suspeito Russofono | financeiro | active | healthcare, education, government, manufacturing, technology | | [[cti/groups/qilin.md\|Qilin]] | Rússia | financeiro | active | manufacturing, financial, healthcare, government, energy, critical-infrastructure, technology | | [[lockbit-group\|LockBit]] | Russia (provavel) | financeiro, ransomware | active | financial, healthcare, government, manufacturing, critical-infrastructure, technology, education | | [[killnet\|Killnet]] | Russia | hacktivism, disruption | active | government, healthcare, transportation, critical-infrastructure, financial | | [[gorgon-group\|Gorgon Group]] | Paquistão (suspeito) | espionagem, financeiro, cybercrime | active | government, manufacturing, financial, technology | | [[cti/groups/ghostsec.md\|GhostSec]] | Internacional (membros globais; C2 em Moscou documentado) | hacktivismo, financeiro, politico | active | government, critical-infrastructure, technology, financial, manufacturing, education, telecommunications | | [[g1053-storm-0501\|Storm-0501]] | Unknown | financeiro | active | healthcare, education, government, public-safety, manufacturing, transportation | | [[g1052-contagious-interview\|Contagious Interview]] | Coreia do Norte (RPDC) | financeiro, roubo de criptomoedas, espionagem | active | technology, financial, cryptocurrency, software | | [[g1051-medusa-ransomware\|Medusa Ransomware]] | Desconhecida | financeiro | active | healthcare, education, technology, manufacturing, government, legal, insurance | | [[g1048-unc3886\|UNC3886]] | China | espionagem | active | defense, technology, telecommunications, government, energy | | [[g1043-blackbyte\|BlackByte]] | Desconhecida | espionagem | active | \- | | [[g1042-redecho\|RedEcho]] | China | espionagem, pre-posicionamento-estratégico | active | energy, critical-infrastructure, power-grid, government | | [[g1040-play\|Play]] | Suspeito Russofono | financeiro | active | government, manufacturing, financial, healthcare, legal, critical-infrastructure, media | | [[g1036-moonstone-sleet\|Moonstone Sleet]] | North Korea | financeiro, espionagem | active | technology, defense, financial, aerospace, education | | [[g1034-daggerfly\|Daggerfly]] | China | espionagem, vigilancia interna | active | government, telecommunications, ngo, technology, education, religious-organizations | | [[g1032-inc-ransom\|INC Ransom]] | Desconhecida (possívelmente Europa Oriental) | financeiro, extorsao | active | healthcare, manufacturing, education, government, technology | | [[g1031-saint-bear\|Saint Bear]] | Rússia | espionagem, geopolítico | active | government, energy, critical-infrastructure, defense | | [[g1030-agrius\|Agrius]] | Irã (MOIS) | disruptivo, espionagem, hacktivismo-estatal | active | technology, education, government, financial, diamond-industry | | [[g1023-apt5\|APT5]] | China | espionagem | active | telecommunications, aerospace, defense, technology, government, critical-infrastructure | | [[g1022-toddycat\|ToddyCat]] | China (atribuição moderada) | espionagem, coleta-de-inteligencia | active | government, defense, military, telecommunications, technology | | [[g1020-mustard-tempest\|Mustard Tempest]] | Rússia (suspeito - ligação Evil Corp) | financeiro, acesso-inicial | active | technology, financial, manufacturing, government, legal | | [[g1018-ta2541\|TA2541]] | Unknown | espionagem, financeiro | active | aviation, aerospace, transportation, manufacturing, defense | | [[g1016-fin13\|FIN13]] | Unknown | financeiro | active | financial, retail, hospitality | | [[g1015-scattered-spider\|Scattered Spider]] | EUA e Reino Unido | financeiro, extorsao | active | technology, financial, gaming, telecommunications, hospitality, retail, insurance | | [[g1014-luminousmoth\|LuminousMoth]] | China (atribuição moderada - relacionado ao Mustang Panda) | espionagem | active | government, military, telecommunications, finance | | [[g1012-curium\|CURIUM]] | Iran | espionagem | active | \- | | [[g1013-metador\|Metador]] | Desconhecida (suspeita espanhol-falante) | espionagem | active | telecommunications, internet-service-providers, education, government | | [[g1011-exotic-lily\|EXOTIC LILY]] | Desconhecida (possívelmente Europa Oriental) | financeiro, extorsao | active | technology, cybersecurity, healthcare, financial, manufacturing, retail, media | | [[g1007-aoqin-dragon\|Aoqin Dragon]] | China (falante de chinês) | espionagem, vigilância política, inteligência estratégica | active | government, education, telecommunications | | [[g1006-earth-lusca\|Earth Lusca]] | China | espionagem, financeiro | active | government, telecommunications, technology, media, education, financial, cryptocurrency | | [[g1005-polonium\|POLONIUM]] | Libano (coordenado com Iran/MOIS) | espionagem, coleta de inteligência | active | defense, technology, critical-infrastructure, financial, government, healthcare | | [[g1003-ember-bear\|Ember Bear]] | Russia | espionagem, sabotagem | active | government, telecommunications, critical-infrastructure, technology | | [[g1002-bitter\|BITTER]] | India (suspeita) | espionagem | active | government, energy, engineering, defense, nuclear | | [[g1001-hexane\|HEXANE]] | Ira | espionagem | active | energy, oil-gas, telecommunications, aviation, government | | [[g0143-aquatic-panda\|Aquatic Panda]] | China | espionagem, espionagem industrial | active | telecommunications, technology, government, education, ngo | | [[g0142-confucius\|Confucius]] | India (suspeita) | espionagem, coleta de inteligência militar | active | government, military, defense, energy | | [[g0140-lazyscripter\|LazyScripter]] | desconhecida (suspeita: Oriente Médio ou Asia do Sul) | espionagem, coleta de inteligência | active | aviation, government, transportation | | [[g0138-andariel\|Andariel]] | Coreia do Norte | espionagem, financeiro, ransomware | active | defense, government, financial, healthcare, manufacturing, aerospace, nuclear, engineering, energy, critical-infrastructure | | [[g0137-ferocious-kitten\|Ferocious Kitten]] | Irã | espionagem, vigilância de dissidentes | active | civil-society, dissidents, activism | | [[g0135-backdoordiplomacy\|BackdoorDiplomacy]] | China (suspeito) | espionagem, coleta de inteligência geopolítica | active | government, diplomatic, telecommunications | | [[g0136-indigozebra\|IndigoZebra]] | China | espionagem, coleta de inteligência política | active | government | | [[g0130-ajax-security-team\|Ajax Security Team]] | Irã | espionagem, vigilância de dissidentes, hacktivismo-estatal | active | defense, technology, civil-society, dissidents | | [[g0131-tonto-team\|Tonto Team]] | China | espionagem, roubo de propriedade intelectual | active | government, military, defense, energy, mining, financial, healthcare, technology, education | | [[g0129-mustang-panda\|Mustang Panda]] | China | espionagem | active | government, NGO, research, military, telecommunications, maritime, diplomacy, law-enforcement | | [[g0123-volatile-cedar\|Volatile Cedar]] | Líbano (afiliação Hezbollah suspeita) | espionagem, vigilância política, coleta de inteligência | active | government, telecommunications, technology, defense, education, media | | [[g0121-sidewinder\|Sidewinder]] | India | espionagem | active | government, military, maritime, nuclear-energy, telecommunications, logistics, financial, education | | [[g0119-indrik-spider\|Indrik Spider]] | Russia | financeiro, espionagem | active | financial, healthcare, critical-infrastructure, government, technology | | [[g0114-chimera\|Chimera]] | China | espionagem industrial, roubo de propriedade intelectual | active | technology, semiconductor, aviation, manufacturing | | [[g0112-windshift\|Windshift]] | desconhecida (suspeita: Oriente Médio) | espionagem, vigilância direcionada | active | government, critical-infrastructure, telecommunications | | [[g0108-blue-mockingbird\|Blue Mockingbird]] | Desconhecida | espionagem | active | \- | | [[g0106-rocke\|Rocke]] | China | espionagem | active | \- | | [[g0105-darkvishnya\|DarkVishnya]] | Desconhecida | espionagem | active | \- | | [[g0100-inception-framework\|Inception Framework]] | Desconhecida (suspeita Russia) | espionagem | active | government, defense, energy, telecommunications, aerospace | | [[g0098-blacktech\|BlackTech]] | China | espionagem, roubo de propriedade intelectual | active | technology, government, defense, telecommunications, media, electronics, financial | | [[cti/groups/g0096-apt41.md\|APT41]] | China | espionagem, financeiro | active | healthcare, telecommunications, technology, financial, education, gaming, manufacturing, logistics, government | | [[g0095-machete\|Machete]] | Latin America | espionagem | active | government, military, defense, telecommunications, energy | | [[g0094-kimsuky\|Kimsuky]] | Coreia do Norte | espionagem, coleta-de-inteligencia | active | government, defense, research, think-tanks, energy, nuclear, academia, diplomacy | | [[g0093-gallium\|GALLIUM]] | China | espionagem | active | telecommunications, government, financial, critical-infrastructure | | [[g0091-silence\|Silence]] | Rússia | financeiro, crime | active | financial, banking | | [[g0090-wirte\|WIRTE]] | Palestina (Hamas-afiliado, suspeito) | espionagem, sabotagem, motivação política | active | government, military, diplomatic, financial, technology, legal | | [[g0089-the-white-company\|The White Company]] | desconhecida (possívelmente patrocinado por Estado) | espionagem, coleta de inteligência militar | active | defense, government, military | | [[g0088-tempveles\|TEMP.Veles]] | Russia | sabotagem, espionagem | active | energy, oil-gas, petrochemical, critical-infrastructure | | [[g0087-apt39\|APT39]] | Iran | espionagem | active | telecommunications, travel, hospitality, technology, government, academia | | [[g0085-fin11\|FIN11]] | Russia | financeiro, extorsão | active | healthcare, financial, government, technology, manufacturing | | [[g0083-silverterrier\|SilverTerrier]] | Nigeria | financeiro | active | technology, manufacturing, education, financial, government | | [[g0082-apt38\|APT38]] | North Korea | financeiro, espionagem | active | financial, banking, cryptocurrency, critical-infrastructure | | [[g0081-tropic-trooper\|Tropic Trooper]] | China (atribuição moderada) | espionagem | active | government, transportation, healthcare, technology, defense, energy | | [[g0080-cobalt-group\|Cobalt Group]] | Europa Oriental (atribuição provável) | financeiro | active | financial, banking, payment-processing | | [[g0079-darkhydrus\|DarkHydrus]] | Irã (suspeito) | espionagem, coleta de credenciais | active | government, education | | [[g0075-rancor\|Rancor]] | China (suspeito) | espionagem, vigilância política | active | government, political-entities | | [[g0073-apt19\|APT19]] | China | espionagem, roubo de propriedade intelectual | active | legal, financial, defense, technology, energy, pharmaceutical, telecommunications, education | | [[g0071-orangeworm\|Orangeworm]] | Desconhecida | espionagem-corporativa, roubo de propriedade intelectual | active | healthcare, manufacturing, technology, logistics, agriculture | | [[g0070-dark-caracal\|Dark Caracal]] | Líbano (GDGS - General Directoraté of General Security) | espionagem, vigilancia-politica | active | government, military, utilities, financial, telecommunications, technology, education | | [[g0068-platinum\|PLATINUM]] | Desconhecida (suspeita China) | espionagem | active | government, defense, intelligence, telecommunications, technology | | [[g0067-apt37\|APT37]] | North Korea | espionagem | active | government, defense, technology, telecommunications, healthcare, manufacturing | | [[g0066-elderwood\|Elderwood]] | China | espionagem | active | \- | | [[g0062-ta459\|TA459]] | China | espionagem, roubo de informação | active | government, telecommunications, media, financial | | [[g0061-fin8\|FIN8]] | | financeiro | active | hospitality, retail, entertainment, financial, insurance, technology, chemical | | [[g0056-promethium\|PROMETHIUM]] | Turkey | espionagem | active | \- | | [[g0054-sowbug\|Sowbug]] | Desconhecida (suspeito Estado-nação) | espionagem, inteligência diplomática | active | government, foreign-policy, diplomatic | | [[g0052-copykittens\|CopyKittens]] | Iran | espionagem | active | government, defense, technology, academia, media | | [[g0050-apt32\|APT32]] | Vietnam | espionagem | active | government, technology, manufacturing, hospitality, ngo, media | | [[g0048-rtm\|RTM]] | Rússia | financeiro | active | financial, banking, accounting, remote-banking | | [[g0040-gaza-cybergang\|Gaza Cybergang]] | Palestina | espionagem, geopolitica, hacktivismo | active | government, defense, financial, media, civil-society | | [[g0038-stealth-falcon\|Stealth Falcon]] | Emirados Arabes Unidos (EAU) | espionagem, vigilancia | active | media, government, civil-society, ngo | | [[g0036-gcman\|GCMAN]] | Rússia | financeiro | active | financial, banking | | [[g0035-dragonfly\|Dragonfly]] | Russia | espionagem, sabotagem | active | energy, critical-infrastructure, government, defense, aviation | | [[g0033-poseidon-group\|Poseidon Group]] | Brasil (suspeito) | espionagem, extorsão, financeiro | active | financial, banking, government, telecommunications, manufacturing, energy, media | | [[g0029-scarlet-mimic\|Scarlet Mimic]] | China | espionagem, vigilância-política | active | government, civil-society, ngo | | [[g0027-threat-group-3390\|Threat Group-3390]] | China | espionagem, financeiro | active | aerospace, government, defense, energy, technology, financial, telecommunications, gaming | | [[g0026-apt18\|APT18]] | China (PLA Navy - suspeito) | espionagem, roubo de dados, inteligência estratégica | active | healthcare, technology, manufacturing, government, education, aerospace, human-rights | | [[g0025-apt17\|APT17]] | China | espionagem, coleta-de-inteligencia | active | government, defense, technology, financial, legal, mining | | [[g0024-putter-panda\|Putter Panda]] | China | espionagem | active | \- | | [[g0023-apt16\|APT16]] | China | espionagem, coleta-de-inteligencia | active | government, media, financial, technology | | [[g0019-naikon\|Naikon]] | China | espionagem | active | government, military, critical-infrastructure | | [[g0018-admin338\|admin@338]] | China | espionagem, inteligência econômica, inteligência comercial | active | financial, government, think-tanks, media, political-entities | | [[g0016-apt29\|APT29]] | Russia | espionagem | active | government, defense, technology, think-tanks, healthcare, energy, ngos, manufacturing, media | | [[g0013-apt30\|APT30]] | China | espionagem, coleta-de-inteligencia | active | government, defense, diplomatic, media, technology | | [[g0012-darkhotel\|Darkhotel]] | Coreia do Sul | espionagem | active | \- | | [[g0010-turla\|Turla]] | Russia | espionagem | active | government, defense, military, think-tanks, energy, telecommunications, diplomacy | | [[g0009-deep-panda\|Deep Panda]] | China | espionagem, roubo-de-dados-pessoais, contra-inteligencia | active | government, defense, financial, healthcare, telecommunications, technology | | [[g0006-apt1\|APT1]] | China | espionagem | active | technology, aerospace, defense, telecommunications, energy, manufacturing, financial | | [[g0003-cleaver\|Cleaver]] | Iran | espionagem, pre-posicionamento estratégico | active | energy, oil-gas, transportation, airlines, defense, government, telecommunications, healthcare, aerospace, education | | [[chamelgang\|ChamelGang]] | China (alta confianca) | espionagem, roubo-de-dados, financeiro | active | energy, aviation, government, healthcare, manufacturing, financial | | [[bianlian\|BianLian]] | Russia | financeiro | active | legal, healthcare, engineering, financial, manufacturing, critical-infrastructure, government | | [[unc6201\|UNC6201]] | China | espionagem | active | technology, critical-infrastructure | | [[apt-tekir\|APT Tekir]] | desconhecida | espionagem, financeiro | active | government | | [[citrine-sleet\|Citrine Sleet]] | Coreia do Norte | financeiro, criptomoeda | active | financial, cryptocurrency, technology | | [[lunar-spider\|Lunar Spider]] | Russia / Leste Europeu | financeiro | active | financial, technology, retail, healthcare | | [[g0128-zirconium\|ZIRCONIUM]] | China | espionagem | active | \- | | [[g0126-higaisa\|Higaisa]] | China | espionagem | active | \- | | [[g0078-gorgon-group\|Gorgon Group]] | Russia | espionagem | active | \- | | [[g0053-fin5\|FIN5]] | Russia | espionagem | active | \- | | [[g1008-sidecopy\|SideCopy]] | Pakistan | espionagem | active | \- | | [[g1026-malteiro\|Malteiro]] | Brasil | espionagem | active | \- | | [[g0139-teamtnt\|TeamTNT]] | Desconhecida | espionagem | active | \- | | [[g0051-fin10\|FIN10]] | Desconhecida | espionagem | active | \- | | [[g0122-silent-librarian\|Silent Librarian]] | Iran | espionagem | active | \- | | [[g0028-threat-group-1314\|Threat Group-1314]] | Desconhecida | espionagem | active | \- | | [[g0124-windigo\|Windigo]] | Desconhecida | espionagem | active | \- | | [[g1050-water-galura\|Water Galura]] | Russia | espionagem | active | \- | | [[g0076-thrip\|Thrip]] | China | espionagem | active | \- | | [[g0107-whitefly\|Whitefly]] | China | espionagem | active | \- | | [[g1019-moustachedbouncer\|MoustachedBouncer]] | Belarus | espionagem | active | \- | | [[g0034-sandworm-team\|Sandworm Team]] | Rússia (GRU — Unidade 74455) | sabotagem, espionagem, disrupção de infraestrutura | active | \- | | [[ransom-hub\|RansomHub]] | Desconhecida (provavelmente Rússia/CIS) | financeiro, ransomware | active | healthcare, financial, critical-infrastructure, government, technology, manufacturing | | [[nso-group-pegasus\|NSO Group / Pegasus]] | Israel | espionagem, vigilância governamental | active | government, journalism, civil-society, political | | [[darksword-group\|DarkSword Group]] | Desconhecida | espionagem, acesso a dispositivos móveis iOS | active | government, technology, journalism | | [[fancy-bear\|Fancy Bear]] | Rússia (GRU) | espionagem, interferência política, sabotagem | active | government, defense, political | | [[cozy-bear\|Cozy Bear]] | Rússia (SVR) | espionagem, coleta de inteligência | active | government, technology, defense | | [[zollo-ransomware\|Zollo Ransomware]] | desconhecida | financeiro | active | desconhecido | | [[xenotime\|XENOTIME]] | Russia | sabotagem, ataques-destrutivos-ICS, preparação-para-catastrofe-industrial | active | energy, petrochemical, oil-gas, critical-infrastructure | | [[uta0218\|UTA0218]] | China | espionagem | active | government, defense, technology, critical-infrastructure | | [[unc6748\|UNC6748]] | Desconhecido (cliente PARS Defense) | espionagem, vigilancia | active | government, defense, technology | | [[unc6353\|UNC6353]] | Rússia (suspeito) | espionagem | active | government, defense, technology, critical-infrastructure | | [[unc5325\|UNC5325]] | China | espionagem | active | government, defense, technology | | [[traffers-teams\|Traffers Teams]] | Russia/CIS (provável) | financeiro, roubo-de-credenciais | active | technology, financial, retail, education, government | | [[cti/groups/ta571.md\|TA571]] | Desconhecida | financeiro | active | technology, financial, government, healthcare, retail | | [[cti/groups/ta544.md\|TA544]] | Europa do Leste (provavel) | financeiro | active | financial, retail, technology, government | | [[ta2726\|TA2726]] | Desconhecida | financeiro | active | technology, financial, healthcare | | [[scarred-manticore\|Scarred Manticore]] | Iran | espionagem, acesso inicial para terceiros | active | government, military, telecommunications, financial, technology | | [[ruzki-threat-actor\|Ruzki]] | Rússia | financeiro | active | technology, financial, consumer | | [[pix-threat-actors\|Atores de Ameaça ao Sistema PIX]] | Brasil | financeiro, fraude bancária, roubo | active | financial, retail, consumers | | [[cti/groups/octo-tempest.md\|Octo Tempest]] | EUA/Reino Unido | financeiro, espionagem | active | technology, retail, telecommunications, financial, aviation, gaming | | [[nso-group\|NSO Group]] | Israel | vigilância, espionagem | active | government, civil-society, journalism, law-enforcement | | [[monti-ransomware\|MONTI Ransomware]] | desconhecida | financeiro | active | government, defense | | [[lucid-phaas\|Lucid PhaaS (XinXin Group)]] | China | financial | active | financial, government, telecommunications, technology | | [[kamacite\|Kamacite]] | Russia | sabotagem, ataques-destrutivos-ICS, espionagem | active | energy, oil-gas, manufacturing, critical-infrastructure | | [[jasper-sleet\|Jásper Sleet]] | Coreia do Norte | financeiro, roubo de propriedade intelectual, geracao de receita para o regime | active | technology, financial, manufacturing, defense, government | | [[indra-group\|Indra Group]] | Desconhecida (suspeita oposicao iraniana) | sabotagem, hacktivismo | active | transportation, energy, financial, government | | [[imperial-kitten\|Imperial Kitten]] | Iran | espionagem, recolha de inteligencia cinetica | active | defense, aerospace, maritime, logistics, technology, telecommunications, energy | | [[gunra-ransomware\|Gunra Ransomware]] | Desconhecida | financeiro | active | healthcare, manufacturing, government, technology, agriculture | | [[g1049-applejeus\|AppleJeus]] | Coreia do Norte | financeiro, espionagem | active | financial, technology, government, energy, telecommunications | | [[g1047-velvet-ant\|Velvet Ant]] | China | espionagem, roubo-propriedade-intelectual | active | technology, financial, manufacturing, government | | [[g1046-storm-1811\|Storm-1811]] | Desconhecida (motivação financeira) | financeiro, extorsao | active | financial, technology, healthcare, manufacturing, government | | [[g1044-apt42\|APT42]] | Iran (IRGC-IO) | espionagem, vigilancia | active | government, media, research, ngo, technology | | [[g1041-sea-turtle\|Sea Turtle]] | Turquia | espionagem, coleta-de-inteligencia | active | government, telecommunications, technology, media, internet-service-providers, defense | | [[g1039-redcurl\|RedCurl]] | Russia (atribuição moderada) | espionagem, roubo-de-propriedade-intelectual | active | technology, financial, retail, insurance, travel, construction, real-estate, legal | | [[g1038-ta578\|TA578]] | Desconhecida | financeiro | active | technology, financial, retail, professional-services | | [[g1037-ta577\|TA577]] | Russia / Leste Europeu | financeiro | active | financial, technology, government, retail, healthcare | | [[g1035-winter-vivern\|Winter Vivern]] | Russia | espionagem | active | \- | | [[g1033-star-blizzard\|Star Blizzard]] | Russia | espionagem, influencia, roubo-de-credenciais | active | government, defense, academia, think-tanks, media, NGO, civil-society, journalism | | [[g1028-apt-c-23\|APT-C-23]] | Médio Oriente (Palestina / Hamas) | espionagem | active | defense, military, government, media, technology | | [[cti/groups/g1024-akira.md\|Akira]] | Desconhecida (provavelmente Russia/Europa Oriental) | financeiro, extorsao | active | manufacturing, financial, healthcare, technology, education, agriculture, critical-infrastructure | | [[g1021-cinnamon-tempest\|Cinnamon Tempest]] | China | espionagem, roubo de propriedade intelectual, disrupcao via ransomware como cobertura | active | technology, gambling, pharmaceutical, media, government, defense | | [[g0133-nomadic-octopus\|Nomadic Octopus]] | Russia | espionagem | active | \- | | [[g0127-ta551\|TA551]] | Russia (provável) | financeiro | active | financial, healthcare, manufacturing, technology, education | | [[g0124-bluenoroff\|BlueNoroff]] | North Korea | financeiro, roubo de criptomoeda | active | financial, cryptocurrency, technology, web3 | | [[g0117-fox-kitten\|Fox Kitten]] | Iran | espionagem, financeiro, acesso inicial broker | active | government, defense, healthcare, financial, education, technology, energy | | [[g0103-mofang\|Mofang]] | China | espionagem, coleta-de-inteligencia | active | government, defense, automotive, energy, technology | | [[g0065-leviathan\|Leviathan]] | China | espionagem, roubo-propriedade-intelectual | active | maritime, defense, government, academic, aerospace, technology, energy | | [[g0060-bronze-butler\|BRONZE BUTLER]] | China | espionagem | active | technology, manufacturing, defense, energy, biotechnology, government | | [[g0049-oilrig\|OilRig]] | Iran (MOIS) | espionagem | active | government, energy, financial, telecommunications, defense, healthcare | | [[g0044-winnti-group\|Winnti Group]] | China | espionagem, financeiro | active | technology, gaming, shipping, media, telecommunications, healthcare, automotive, pharmaceutical | | [[g0040-patchwork\|Patchwork]] | India | espionagem | active | government, defense, research, technology, financial | | [[g0037-fin6\|FIN6]] | Desconhecida (provavelmente Europa Oriental) | financeiro, extorsao | active | retail, hospitality, financial, e-commerce, healthcare, manufacturing | | [[g0021-molerats\|Molerats]] | Palestina (Gaza) | espionagem, sabotagem | active | government, defense, military, media | | [[g0001-axiom\|Axiom]] | China | espionagem, roubo-propriedade-intelectual | active | aerospace, defense, manufacturing, media, government, technology, telecommunications | | [[donot-team\|DoNot Team]] | India | espionagem | active | government, military, defense, telecommunications | | [[dev-0237\|DEV-0237]] | unknown | financeiro | active | healthcare, education, financial, critical-infrastructure | | [[coinbasecartel\|CoinbaseCartel]] | desconhecido | financeiro | active | financial, food-and-agriculture | | [[cti/groups/cl0p.md\|Cl0p]] | Ucrânia/Rússia (atribuição moderada) | financeiro, extorsao | active | financial, healthcare, government, technology, energy, manufacturing, retail, legal | | [[brazen-bamboo\|BrazenBamboo]] | China | espionagem | active | government, defense, technology | | [[atomsilo\|AtomSilo]] | China (suspeita - vinculado ao Cinnamon Tempest) | financeiro | active | technology, healthcare, financial | | [[aggah-group\|Aggah Group]] | Oriente Medio (suspeito Palestina/Paquistao) | financeiro, espionagem | active | financial, manufacturing, retail, healthcare, technology, government |  --- ## Por Origem Geográfica %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Nota", origin AS "Origem", join(motivation, ", ") AS "Motivação", status AS "Status" FROM "cti/groups" WHERE type = "threat-actor" GROUP BY origin SORT origin ASC ``` %%   | Nota | Origem | Motivação | Status | | ---- | ---------------------------------------------------------- | --------- | ------ | | \- | \- | \- | \- | | \- | | \- | \- | | \- | Alemanha (suspeita) | \- | \- | | \- | Belarus | \- | \- | | \- | Brasil | \- | \- | | \- | Brasil (suspeito) | \- | \- | | \- | Brasil / México | \- | \- | | \- | Brasil / Reino Unido | \- | \- | | \- | Brasil e Reino Unido | \- | \- | | \- | China | \- | \- | | \- | China (alta confianca) | \- | \- | | \- | China (atribuição moderada - relacionado ao Mustang Panda) | \- | \- | | \- | China (atribuição moderada) | \- | \- | | \- | China (Chengdu) | \- | \- | | \- | China (falante de chinês) | \- | \- | | \- | China (Guangdong) | \- | \- | | \- | China (MSS — Hainan State Security Department) | \- | \- | | \- | China (MSS — Ministério de Segurança do Estado) | \- | \- | | \- | China (MSS) | \- | \- | | \- | China (PLA Navy - suspeito) | \- | \- | | \- | China (suspeita - vinculado ao Cinnamon Tempest) | \- | \- | | \- | China (suspeito) | \- | \- | | \- | Coreia do Norte | \- | \- | | \- | Coreia do Norte (Lazarus Group) | \- | \- | | \- | Coreia do Norte (RGB) | \- | \- | | \- | Coreia do Norte (RPDC) | \- | \- | | \- | Coreia do Sul | \- | \- | | \- | desconhecida | \- | \- | | \- | Desconhecida | \- | \- | | \- | Desconhecida (afiliado DragonForce) | \- | \- | | \- | Desconhecida (motivação financeira) | \- | \- | | \- | Desconhecida (possível Estado-nação) | \- | \- | | \- | Desconhecida (possívelmente China) | \- | \- | | \- | Desconhecida (possívelmente Europa Oriental) | \- | \- | | \- | Desconhecida (possívelmente nexo chinês) | \- | \- | | \- | desconhecida (possívelmente patrocinado por Estado) | \- | \- | | \- | Desconhecida (possívelmente Rússia/CIS) | \- | \- | | \- | Desconhecida (provavel Europa Oriental) | \- | \- | | \- | Desconhecida (provavel Russia / Leste Europeu) | \- | \- | | \- | Desconhecida (provavelmente Europa Oriental) | \- | \- | | \- | Desconhecida (provavelmente Rússia/CIS) | \- | \- | | \- | Desconhecida (provavelmente Russia/Europa Oriental) | \- | \- | | \- | Desconhecida (suspeita China) | \- | \- | | \- | Desconhecida (suspeita espanhol-falante) | \- | \- | | \- | Desconhecida (suspeita ocidental - EUA ou Europa) | \- | \- | | \- | Desconhecida (suspeita oposicao iraniana) | \- | \- | | \- | Desconhecida (suspeita Russia) | \- | \- | | \- | desconhecida (suspeita: Oriente Médio ou Asia do Sul) | \- | \- | | \- | desconhecida (suspeita: Oriente Médio) | \- | \- | | \- | Desconhecida (suspeito Estado-nação) | \- | \- | | \- | Desconhecida (suspeito ligação Conti) | \- | \- | | \- | Desconhecida (suspeito Russofono) | \- | \- | | \- | desconhecido | \- | \- | | \- | Desconhecido | \- | \- | | \- | Desconhecido (cliente PARS Defense) | \- | \- | | \- | Emirados Arabes Unidos (EAU) | \- | \- | | \- | EUA e Reino Unido | \- | \- | | \- | EUA/Reino Unido | \- | \- | | \- | Europa do Leste (provavel) | \- | \- | | \- | Europa Oriental (atribuição provável) | \- | \- | | \- | Europa Oriental / Rússia | \- | \- | | \- | Filipinas (provável) | \- | \- | | \- | India | \- | \- | | \- | India (suspeita) | \- | \- | | \- | Internacional (membros globais; C2 em Moscou documentado) | \- | \- | | \- | Ira | \- | \- | | \- | Irã | \- | \- | | \- | Irã (IRGC — Guarda Revolucionária Islâmica) | \- | \- | | \- | Irã (IRGC-CEC) | \- | \- | | \- | Irã (MOIS) | \- | \- | | \- | Irã (suspeito) | \- | \- | | \- | Iran | \- | \- | | \- | Iran (IRGC-IO) | \- | \- | | \- | Iran (MOIS) | \- | \- | | \- | Israel | \- | \- | | \- | Latin America | \- | \- | | \- | Líbano (afiliação Hezbollah suspeita) | \- | \- | | \- | Libano (coordenado com Iran/MOIS) | \- | \- | | \- | Líbano (GDGS - General Directoraté of General Security) | \- | \- | | \- | Médio Oriente (Palestina / Hamas) | \- | \- | | \- | Múltiplos (Rússia / Coreia do Norte) | \- | \- | | \- | Nigeria | \- | \- | | \- | North Korea | \- | \- | | \- | Ocidente (anglófono) | \- | \- | | \- | Ocidente (provável agência de inteligência ocidental) | \- | \- | | \- | Oriente Médio | \- | \- | | \- | Oriente Medio (suspeito Palestina/Paquistao) | \- | \- | | \- | Oriente Medio / Russia (membros de ambas regioes) | \- | \- | | \- | Pakistan | \- | \- | | \- | Palestina | \- | \- | | \- | Palestina (Gaza) | \- | \- | | \- | Palestina (Hamas-afiliado, suspeito) | \- | \- | | \- | Paquistão (suspeito) | \- | \- | | \- | Reino Unido / Alemanha | \- | \- | | \- | Russia | \- | \- | | \- | Rússia | \- | \- | | \- | Russia (atribuição moderada) | \- | \- | | \- | Russia (Europa Oriental) | \- | \- | | \- | Rússia (GRU — APT28) | \- | \- | | \- | Rússia (GRU — Unidade 26165 e 74455) | \- | \- | | \- | Rússia (GRU — Unidade 74455) | \- | \- | | \- | Rússia (GRU) | \- | \- | | \- | Russia (provavel, falantes de russo) | \- | \- | | \- | Russia (provavel) | \- | \- | | \- | Russia (provável) | \- | \- | | \- | Rússia (suspeito - ligação Evil Corp) | \- | \- | | \- | Rússia (suspeito) | \- | \- | | \- | Rússia (SVR — Serviço de Inteligência Estrangeiro) | \- | \- | | \- | Rússia (SVR) | \- | \- | | \- | Russia / Leste Europeu | \- | \- | | \- | Rússia / Leste Europeu | \- | \- | | \- | Rússia / Ucrânia | \- | \- | | \- | Russia/CIS (provável) | \- | \- | | \- | Russia/Kazakhstan | \- | \- | | \- | Russofono | \- | \- | | \- | Suspeito Russofono | \- | \- | | \- | Turkey | \- | \- | | \- | Turquia | \- | \- | | \- | Ucrânia/Rússia (atribuição moderada) | \- | \- | | \- | unknown | \- | \- | | \- | Unknown | \- | \- | | \- | Vietnam | \- | \- |  --- ## Com Foco em LATAM e Brasil %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Ator", origin AS "Origem", join(motivation, ", ") AS "Motivação", join(targets-sectors, ", ") AS "Setores" FROM "cti/groups" WHERE type = "threat-actor" AND (contains(targets-countries, "Brasil") OR contains(targets-countries, "México") OR contains(targets-countries, "Colômbia") OR contains(origin, "Brasil") OR contains(origin, "Colômbia")) SORT file.mtime DESC ``` %%   | Ator | Origem | Motivação | Setores | | -------------------------------------------------------------------- | --------------------------------------------------------- | ------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | | [[cti/groups/vice-society.md\|Vice Society]] | Russia (provavel, falantes de russo) | financeiro, ransomware | education, healthcare, manufacturing, government | | [[sandworm\|Sandworm]] | Rússia (GRU — Unidade 74455) | sabotagem, espionagem, disrupção de infraestrutura | energy, critical-infrastructure, government, telecommunications, financial | | [[cti/groups/mispadu.md\|Mispadu (SAMBA SPIDER)]] | Brasil / México | financial | financial, government, technology | | [[lazarus-group\|Lazarus Group]] | Coreia do Norte | espionagem, financeiro, sabotagem | financial, cryptocurrency, government, defense, technology | | [[lapsus-group\|LAPSUS$]] | Brasil / Reino Unido | financeiro, fama, extorsão | technology, telecommunications, government, gaming | | [[grandoreiro\|Grandoreiro (Operadores)]] | Brasil | financeiro | financial, cryptocurrency | | [[fin6\|FIN6]] | Rússia / Leste Europeu | financeiro, ransomware, roubo de dados de cartão | retail, hospitality, financial, technology | | [[fin7\|FIN7]] | Rússia / Ucrânia | financeiro, ransomware | financial, retail, hospitality, technology, healthcare | | [[cobalt-group\|Cobalt Group]] | Rússia / Leste Europeu | financeiro, roubo bancário, ataques ATM | financial, banking | | [[apt38\|APT38]] | Coreia do Norte (RGB) | financeiro, roubo de criptoativos, ataques SWIFT | financial, cryptocurrency, banking | | [[cti/groups/ta558.md\|TA558]] | Unknown | financeiro | hospitality, travel, transportation, financial | | [[stormous\|Stormous]] | Oriente Medio / Russia (membros de ambas regioes) | financeiro, hacktivismo, politico | technology, energy, manufacturing, government, financial | | [[cti/groups/qilin.md\|Qilin]] | Rússia | financeiro | manufacturing, financial, healthcare, government, energy, critical-infrastructure, technology | | [[pinchy-spider\|Pinchy Spider]] | Russia | financeiro, extorcao, ransomware-as-a-service | financial, healthcare, manufacturing, government, technology, food-agriculture | | [[lockbit-group\|LockBit]] | Russia (provavel) | financeiro, ransomware | financial, healthcare, government, manufacturing, critical-infrastructure, technology, education | | [[cti/groups/hunters-international.md\|Hunters International]] | Suspeito Russofono | financeiro | manufacturing, healthcare, financial, government, education, professional-services, energy | | [[gold-blazer\|Gold Blazer]] | Russia | financeiro | financial, healthcare, technology, critical-infrastructure, retail, government | | [[cti/groups/ghostsec.md\|GhostSec]] | Internacional (membros globais; C2 em Moscou documentado) | hacktivismo, financeiro, politico | government, critical-infrastructure, technology, financial, manufacturing, education, telecommunications | | [[g1052-contagious-interview\|Contagious Interview]] | Coreia do Norte (RPDC) | financeiro, roubo de criptomoedas, espionagem | technology, financial, cryptocurrency, software | | [[g1051-medusa-ransomware\|Medusa Ransomware]] | Desconhecida | financeiro | healthcare, education, technology, manufacturing, government, legal, insurance | | [[g1040-play\|Play]] | Suspeito Russofono | financeiro | government, manufacturing, financial, healthcare, legal, critical-infrastructure, media | | [[g1016-fin13\|FIN13]] | Unknown | financeiro | financial, retail, hospitality | | [[g1004-lapsus\|LAPSUS$]] | Brasil e Reino Unido | financeiro, destruicao, notoriedade | technology, telecommunications, gaming, automotive, media, government, healthcare, semiconductor | | [[g0115-gold-southfield\|GOLD SOUTHFIELD]] | Rússia | financeiro, ransomware | technology, financial, healthcare, manufacturing, government, food-and-beverage | | [[g0082-apt38\|APT38]] | North Korea | financeiro, espionagem | financial, banking, cryptocurrency, critical-infrastructure | | [[g0071-orangeworm\|Orangeworm]] | Desconhecida | espionagem-corporativa, roubo de propriedade intelectual | healthcare, manufacturing, technology, logistics, agriculture | | [[g0070-dark-caracal\|Dark Caracal]] | Líbano (GDGS - General Directoraté of General Security) | espionagem, vigilancia-politica | government, military, utilities, financial, telecommunications, technology, education | | [[g0054-sowbug\|Sowbug]] | Desconhecida (suspeito Estado-nação) | espionagem, inteligência diplomática | government, foreign-policy, diplomatic | | [[g0033-poseidon-group\|Poseidon Group]] | Brasil (suspeito) | espionagem, extorsão, financeiro | financial, banking, government, telecommunications, manufacturing, energy, media | | [[g0008-carbanak\|Carbanak]] | | financeiro | financial, banking, hospitality, retail | | [[cti/groups/darkside.md\|DarkSide]] | Russia (Europa Oriental) | financeiro, ransomware | critical-infrastructure, energy, manufacturing, healthcare, financial, technology | | [[chamelgang\|ChamelGang]] | China (alta confianca) | espionagem, roubo-de-dados, financeiro | energy, aviation, government, healthcare, manufacturing, financial | | [[blacksuit\|BlackSuit]] | Russia | financeiro | healthcare, manufacturing, government, technology, education, critical-infrastructure, financial | | [[cti/groups/blackbasta.md\|Black Basta]] | Russia | financeiro | healthcare, financial, manufacturing, critical-infrastructure, government, legal, technology | | [[8base\|8Base]] | Russia | financeiro | manufacturing, financial, technology, healthcare, construction, professional-services | | [[apt-tekir\|APT Tekir]] | desconhecida | espionagem, financeiro | government | | [[g1026-malteiro\|Malteiro]] | Brasil | espionagem | \- | | [[nso-group-pegasus\|NSO Group / Pegasus]] | Israel | espionagem, vigilância governamental | government, journalism, civil-society, political | | [[traffers-teams\|Traffers Teams]] | Russia/CIS (provável) | financeiro, roubo-de-credenciais | technology, financial, retail, education, government | | [[ruzki-threat-actor\|Ruzki]] | Rússia | financeiro | technology, financial, consumer | | [[pix-threat-actors\|Atores de Ameaça ao Sistema PIX]] | Brasil | financeiro, fraude bancária, roubo | financial, retail, consumers | | [[lucid-phaas\|Lucid PhaaS (XinXin Group)]] | China | financial | financial, government, telecommunications, technology | | [[gunra-ransomware\|Gunra Ransomware]] | Desconhecida | financeiro | healthcare, manufacturing, government, technology, agriculture | | [[g1049-applejeus\|AppleJeus]] | Coreia do Norte | financeiro, espionagem | financial, technology, government, energy, telecommunications | | [[cti/groups/g1024-akira.md\|Akira]] | Desconhecida (provavelmente Russia/Europa Oriental) | financeiro, extorsao | manufacturing, financial, healthcare, technology, education, agriculture, critical-infrastructure | | [[g1021-cinnamon-tempest\|Cinnamon Tempest]] | China | espionagem, roubo de propriedade intelectual, disrupcao via ransomware como cobertura | technology, gambling, pharmaceutical, media, government, defense | | [[g0044-winnti-group\|Winnti Group]] | China | espionagem, financeiro | technology, gaming, shipping, media, telecommunications, healthcare, automotive, pharmaceutical | | [[coinbasecartel\|CoinbaseCartel]] | desconhecido | financeiro | financial, food-and-agriculture | | [[cti/groups/cl0p.md\|Cl0p]] | Ucrânia/Rússia (atribuição moderada) | financeiro, extorsao | financial, healthcare, government, technology, energy, manufacturing, retail, legal | | [[atomsilo\|AtomSilo]] | China (suspeita - vinculado ao Cinnamon Tempest) | financeiro | technology, healthcare, financial | | [[aggah-group\|Aggah Group]] | Oriente Medio (suspeito Palestina/Paquistao) | financeiro, espionagem | financial, manufacturing, retail, healthcare, technology, government |  --- ## Últimas Atualizações %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Ator", type AS "Tipo", dateformat(file.mtime, "yyyy-MM-dd HH:mm") AS "Modificado" FROM "cti/groups" WHERE publish = true AND !contains(file.name, "_") SORT file.mtime DESC LIMIT 5 ``` %%   | Ator | Tipo | Modificado | | ------------------------------------------------ | ------------ | ---------------- | | [[void-manticore\|Void Manticore]] | threat-actor | 2026-03-30 19:12 | | [[volt-typhoon\|Volt Typhoon]] | threat-actor | 2026-03-30 19:12 | | [[cti/groups/vice-society.md\|Vice Society]] | threat-actor | 2026-03-30 19:12 | | [[unc6691\|UNC6691]] | threat-actor | 2026-03-30 19:12 | | [[unc4736\|UNC4736]] | threat-actor | 2026-03-30 19:12 |  --- *Perfis são atualizados continuamente conforme nova inteligência é públicada. Para ver campanhas associadas a grupos específicos, consulte [[_campaigns|Campanhas e Incidentes]].*