Attribution

This page is designed to be a one-stop resource for finding public attribution made by government organizations (or private sector) linking state-sponsored Advanced Persistent Threats to specific individuals, companies and entities. Some of these links were shamelessly stolen from Gabriel Currie, who runs their own APT Group Attribution page. If you can't find what you're looking for here, visit Gabriel's repo!

APTs with a large number of links might get a collapsed list.

Work in progress! Page updated December 09, 2024.

China

APT1 (PLA Unit 61398)

May 19, 2014: U.S. Department of Justice Link (Note: does not use “APT1”)

APT10

December 20, 2018:
- UK Government Link
- U.S. Department of Justice Link
- Australia Minister of Foreign Affairs Link

APT31 (MSS Hubei State Security Department)

March 25, 2024:
- U.S. Department of Justice Link
- U.S. State Department Link
- U.S. State Department: Rewards for Justice Program Link
- U.S. Treasury Link
- UK Government Link
- UK NCSC Link
July 19, 2021: UK Government Link

APT40 (MSS Hainan State Security Department)

July 19, 2021:
- U.S. Department of Justice Link
- U.S. CISA Link
- Canadian Government Link
- UK Government Link
- New Zealand Government Link

APT41 (Chengdu 404)

September 16, 2020:
- U.S. Department of Justice Link
- U.S. FBI Link (PDF)

Flax Typhoon (IntegrityTech)

September 18, 2024:
- U.S. FBI Link (PDF)
- U.S. NSA Link
- U.S. Department of Justice Link
- Australia ASD ACSC Link
- UK NCSC Link

Volt Typhoon

February 07, 2024: U.S. CISA Link
January 31, 2024:
- U.S. CISA Link
- U.S. Department of Justice Link
May 24, 2023:
- U.S. CISA Link
- Australian Signals Directorate ACSC Link
- Microsoft Link

BlackTech

September 27, 2023: U.S. CISA Link

Hafnium

July 19, 2021: UK Government Link

Iran

MuddyWater (MOIS)

July 30, 2024: U.S. New Jersey CCIC Link
July 18, 2024: U.S. New Jersey CCIC Link
November 03, 2022: U.S. HHS Link (PDF)
September 09, 2022: U.S. Treasury Link
February 24, 2022: U.S. CISA Link
January 12, 2022: U.S. Cyber Command Link

APT39 (MOIS)

September 09, 2022: U.S. Treasury Link

APT34/Oilrig (MOIS)

September 11, 2024: Check Point Research Link
September 08, 2022: Microsoft Link

CyberAv3ngers (IRGC-CEC)

April 23, 2024: U.S. Treasury Link
December 01, 2023: U.S. CISA Link

Cotton Sandstorm (Emennet Pasargad)

October 30, 2024: U.S. FBI Link (PDF)
September 27, 2024: U.S. Treasury Link

Charming Kitten (IRGC-IO)

May 10, 2024: New Jersey Cybersecurity & Communications Integration Cell Link
July 06, 2023: Proofpoint Link
September 14, 2022: U.S. Treasury Link
September 07, 2022: Mandiant Link
July 22, 2022: PwC Link

North Korea

Lazarus (RGB)

October 10, 2023: Mandiant Link
April 20, 2022: U.S. CISA Link
February 17, 2021: U.S. Department of Justice Link
September 13, 2019: U.S. Treasury Link
September 06, 2018: U.S. Department of Justice Link

Andariel (RGB 3rd Bureau)

July 25, 2024:
- U.S. CISA Link
- U.S. Department of Justice Link ( U.S. FBI Link (PDF)
- U.S. State Department Link
- UK NCSC Link
October 10, 2023: Mandiant Link
March 23, 2022: Mandiant Link
March 25, 2021: U.S. Health and Human Services Link (PDF)
September 13, 2019: U.S. Treasury Link

BlueNoroff (RGB)

March 25, 2021: U.S. Health and Human Services Link (PDF)
September 13, 2019: U.S. Treasury Link

Kimsuky (RGB)

May 02, 2024:
- U.S. FBI Link (PDF)
- U.S. State Department Link
November 30, 2023: U.S. Treasury Link
June 01, 2023: U.S. Department of Defense Link (PDF)
March 28, 2023: Mandiant Link
March 23, 2022: Mandiant Link
March 25, 2021: U.S. Health and Human Services Link (PDF)

APT37 (MSS)

October 10, 2023: Mandiant Link
March 23, 2022: Mandiant Link

Scarcruft/Reaper

March 25, 2021: U.S. Health and Human Services Link (PDF)

Russia

APT28 (GRU Unit 26165)

February 15, 2024: U.S. Department of Justice Link
April 18, 2023: U.S. CISA Link
April 18, 2023: U.S. NSA Link
April 18, 2023: UK NCSC Link
February 02, 2023: European Repository of Cyber Incidents Link (PDF)
May 09, 2022: U.S. CISA Link
July 01, 2021: U.S. Department of Defense Link (PDF)
August 13, 2020: U.S. FBI Link
October 04, 2018: UK GCHQ Link
May 23, 2018: U.S. Department of Justice Link
October 04, 2018: Netherlands Ministry of Defense Link

APT29 (SVR)

February 26, 2024: U.S. CISA Link
December 13,2023: U.S. CISA Link
May 07, 2021:
- U.S. CISA Link (PDF)
- UK NCSC Link
April 15, 2021:
- U.S. CISA Link
- U.S. NSA Link
July 16, 2020: UK NCSC Link

Callisto Group (FSB Center 18)

October 03, 2024: U.S. Department of Justice Link
December 07, 2023:
- New Zealnd NCSC Link
- UK NCSC Link
- UK Government Link
- U.S. FBI Link (PDF)
- U.S. CISA Link
- U.S. Cyber Command Link
- U.S. Department of Justice Link
- U.S. Treasury Link
- U.S. State Department Link

Ember Bear (GRU Unit 29155)

September 05, 2024:
- U.S. Department of Justice Link
- U.S. FBI Most Wanted Link
- U.S. NSA Link
- U.S. State Department Link
- U.S. State Department Rewards for Justice Link
- NCSC-UK Link
- Germany BfV Link
- Estonia KAPO Link
- Estonia Prosecutor's Office Link
- Australia Link

Sandworm (GRU Unit 74455)

April 17, 2024: Mandiant Link
August 31, 2023: U.S. CISA Link
April 06, 2022: U.S. Department of Justice Link
October 19, 2022: U.S. Department of Justice Link
February 23, 2022: U.S. CISA Link
July 30, 2020: European Union Link (PDF)
May 28, 2020: U.S. NSA Link (PDF)
February 20, 2020: UK Government Link
May 24, 2018: U.S. Department of Justice Link (PDF)

Gamaredon (FSB Centers 16, 18)

June 24, 2024 – European Union: COUNCIL DECISION (CFSP) 2024/1779 of 24 June 2024 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyberattacks threatening the Union or its Member States (PDF)
August 28, 2023: National Security and Defense Council of Ukraine Link (PDF)
November 04, 2021:
- Security Service of Ukraine Link
- Security Service of Ukraine Link (PDF)

Turla (FSB Center 16)

May 09, 2023: U.S. CISA Link
October 23, 2019: U.S. CISA Link
October 21, 2019: UK NCSC Link

Berserk Bear (FSB)

March 24, 2022:
- U.S. Department of Justice Link
- U.S. CISA Link
- UK Government Link