Attribution
This page is designed to be a one-stop resource for finding public attribution made by government organizations (or private sector) linking state-sponsored Advanced Persistent Threats to specific individuals, companies and entities.
APTs with a large number of links might get a collapsed list.
Work in progress! Page updated September 22, 2024.
China
APT31
- March 25, 2024:
APT40
APT41
Flax Typhoon
- September 18, 2024:
Volt Typhoon
- February 07, 2024: U.S. CISA: Link
- January 31, 2024:
- May 24, 2023:
Iran
MuddyWater
- July 30, 2024: U.S. New Jersey CCIC: Link
- July 18, 2024: U.S. New Jersey CCIC: Link
- November 03, 2022: U.S. HHS: Link (PDF)
- September 09, 2022: U.S. Treasury Link
- February 24, 2022: U.S. CISA: Link
- January 12, 2022: U.S. Cyber Command: Link
North Korea
Russia
APT28
- U.S. DOJ (February 15, 2024) Link
- U.S. CISA (April 18, 2023) Link
- U.S. NSA (April 18, 2023) Link
- UK NCSC (April 18, 2023) Link
- European Repository of Cyber Incidents (February 02, 2023) Link (PDF)
- U.S. CISA (May 09, 2022) Link
- U.S. FBI (August 13, 2020) Link
- October 04, 2018: UK GCHQ: Link
- May 23, 2018: U.S. DOJ: Link
Callisto Group
- December 07, 2023:
Ember Bear
- September 05, 2024:
Sandworm