List Of Top Global Notorious Hacker Groups In Operation


The world has seen the emergence of prolific threat actors such as the Anonymous and many more. Anonymous is a very notorious Hacker Group with many recorded attacks against mainstream organizations across the globe. Some of them have been dormant for a while and others have been in active operation since the very first day they were discovered. These hacker groups make use of some dangerous malware and hacktools to facilitate their operation.

It is not disputable that most of them are state-sponsored groups working in the interest of the government. Some notorious hacker group targets personally identifiable information whiles others also targets credit card information and important company information. This article seeks to point out some of the hacker groups that exist today.


Chafer is identified as an Iranian cyber espionage group that has been active since 2015. They are also identified as the Advanced Persistent Threat 39 (APT39). Based on their previous attacks, they are much interested in the personally identifiable information of customers of a company. They were linked to the cyberattack on business services, travels, telecommunication organizations, media and entertainment, high-tech and companies in other sectors. This hacker group is well known for its use of malware and spear-phishing attack on its targets. Their mode of attack is primarily through email campaigns to convince targets to open a malicious link. They were actively targeting organizations in North America, the Middle East, and Europe.

Cozy Bear (A Very Notorious Hacker Group)

Notorious Hacker Group

Image Source:

Cozy Bear is another popular Hacker Group based in Russia. They are also identified as the Advanced Persistent Threat 29 (APT29) and has in the past targeted political organizations, government agencies, and companies. This notorious hacker group was linked to the spear-phishing attack on the US Department of the Ministry of Defense in 2015. According to reports, they also targeted the Norwegian Ministry of Defense and Ministry of Foreign Affairs in 2017. Some reports have linked the Cozy bear hacker group to Russia’s Federal Security Service and also, Russia’s Foreign Intelligence Service. They have a history of attacking companies in Asia, North America, and Europe. Some countries including South Korea, Uzbekistan, the U.S, Germany, and Norway have suffered a lot in their hands.


Elfin is another Iranian Hacker Group also identified as the Advanced Persistent Threat 33 (APT 33). Similarly to any other Hacker Group, the Elfin hacker group use a malicious link in an email to infect a computer of the targeted organization. They use malware tools such as TurnUp, ShapeShift, and DropShot. They have targeted over 50 companies found in the sector of aerospace, defense, finance, information, technology, telecommunication, energy, healthcare, and engineering. They have been linked to a number of cyber-attacks and is one of the dangerous hacker groups around.

Fancy Bear

Fancy Bear is a Russian hacker group also called Pawn Storm. They are also identified as the Advanced Persistent Threat 28 (APT28) suspected to be connected to Russia’s Main Intelligence Directorate. Their primary targets are political organizations, financial institutions, government agencies, government and international organizations across Europe and North America. Some of the countries targeted by this notorious hacker group are Germany, Norway, and France.

This hacker group is one of the oldest groups having been discovered in 2004. They have been accused in the past for interfering with the elections of France and Germany in 2016 and 2017. They also make use of zero-day exploits a lot.

Lazarus (A Very Notorious Hacker Group)

The Lazarus hacker group is very popular as they have been in the news a lot of time recently. They are linked to the North Korean government and have been said to be working to raise funds to support the government regime. The Lazarus hacker group has been accused of attacking Sonny entertainment and launching multiple DDoS attacks on the government computers of the US and South Korea.

They are also identified as Advanced Persistent Threat 38 and also, Guardians of Peace. They have launched 16 separate attacks on companies since 2014. They were said to have stolen $81 million from the account of the Federal reserve bank of New York.

Tarh Andishan

This hacker group is based in Iran consisting of over 20 hackers. According to research, this hacker group disguises themselves as a legitimate construction engineering firm in Tehran to execute their plans. This notorious hacker group has been said to be backed by the Iranian government.

They use backdoors, Structured Query Language Injections, self-propagating software, and other techniques to steal from targets. They are said to have been involved in the “operation cleaver” which targeted over 50 companies across 16 countries affecting critical infrastructures and companies. The Korean Air, Qatar Airline, the IS Navy, Aramco, and Pemex have been their victims. The FBI in 2014 issued a warning to the US companies concerning the campaign staged by this notorious hacker group.

Temp.Periscope (A Very Notorious Hacker Group)

This is a Chinese hacker group linked to the Chinese government. They are known as an Advanced Persistent Threat 40 (APT40) and also called Leviathan. They have targeted companies in the field of tech-defense, transportation, marine, shipping, and engineering. They are said to be in support of China’s Nava Modernization efforts from 2013. In March 2018 and July 2018, the notorious hacker group was said to have targeted a US engineering firm and British engineering firm respectively.

They have also targeted individuals, government organizations, Human rights groups, and political organizations in opposition. Similarly to other hacker groups, this hacker group uses spear-phishing attacks and malware such as airbreak, beacon, freshair, homefry, eviltech, dadbod, paperpush and murkytop to launch an attack.

Temp.Periscope largely targets universities as they have been linked to attacks of over 20 universities in Europe and Asia. Some of these universities include Duke University, Penn state university, University of Hawaii, University of Washington and Massachusetts Institute Technology. They attacked these institutions to steal research about maritime technology according to the report. 


Turla is a Russian based hacker group also called venomous bear and white bear. This Hacker Group has targeted institutions in Eastern Asia, Central Asia, Middle East, Europe, South America, and North America. Interestingly, they have been in operation since its discovery in 2006. This notorious Hacker Group has made media organizations and companies, universities and government agencies their primary targets. They have been said to be associated with the Russian Federal Security Service. They are known for using Gazar malware to spy on embassies and consulates in Europe according to research.

Stone Panda

Stone Panda is a Chinese government-sponsored hacker group according to reports and has been involved in a number of high profile cyber-attacks. They are also identified as Red Apollo or Advanced Persistent Threat 10 (APT10).

They have targeted various government agencies in the past as well as telecommunication, aerospace, and engineering companies in the world. They have attacked companies in Japan, the European Union, and the US. They have used several malware in their attacks including Scanbox, bugjuice, haymaker, Quasarrat, and Snugride.

Sandworm Team

Sandworm team is a Russian state-sponsored hacker group linked to a number of high profile cyber-attacks. They are also called Black Energy and also, voodoo Bear and have been operating since 2009. This notorious hacker group has been associated with a number of attacks in Ukraine which was said to have been staged to gather government intelligence.

It was also staged to shut down power grids in 2015 and 2016 according to reports. It is reported that Sandworm Team has earlier attacked and destroyed computer systems of government agencies, important organizations and media and entertainment organizations in Ukraine.


Naikon is one of the many secret Chinese state-sponsored hacker groups in existence. They are also called Advanced Persistent Threat 30 (APT30). This hacker group was discovered in 2010 and has been linked to the Chinese People Liberation Army with Unit Number 72080 in Kunming according to reports. This notorious hacker group operates similarly to a number of the discovered Chinese hacker groups using the spear-phishing tool to steal sensitive information from targets.

Their primary targets are government organizations and institutions in South-East Asia. These include Singapore, Nepal, Malaysia, Philippines, Laos, Vietnam, Myanmar, Cambodia and Indonesia. They have been a thorn in the flesh of renowned organizations in the region since their emergence.

Anonymous (A Very Notorious Hacker Group)

Notorious Hacker Group

Image Source:

Anonymous is a transnational hacktivist group that has been in operation for a while. They are linked to a number of popular cyber-attacks and are very famous in the hacking industry and among their victims. They have members in the Netherlands, Turkey, Spain, the UK, the US, and Australia. Their targets in the past have been the Church of Scientology, Islamic State in Syria and Iran, the US Department of Defense and the New York Stock Exchange.

Their motto is “We are Anonymous. We are Legion. We do not forgive. We do not forgive. Expect from us.” They are famous for their attack on MasterCard, Visa Card and PayPal in an operation dubbed “Operation Payback”. These attacked companies refused to process payment to WikiLeaks according to a report.

Charming Kitten (A Very Notorious Hacker Group)

Charming Kitten is an Iranian hacker group also identified as Advanced Persistent Threat 35 (APT35). They are also called Phosphorus. They use different ways to steal personally identifiable information from corporations. This makes any organization that hosts a bunch of customer information their primary target. They are famously known for using fake social media accounts, malicious software, and spear-phishing tools to launch an attack to steal sensitive information.

According to researchers, this notorious hacker group attacked 241 email accounts of Microsoft users in August and September 2019. Some of the identified accounts affected in that campaign include accounts belonging to journalists, former US government officials, prominent Iranians living in Iran and the US presidential campaign.

Source: UCA

Disclaimer: does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #Deep_Web_directories #Hidden_Wiki_Links #Deep_Web_Links_and_Web_Sites #Dark_Web_Links #Best_Dark_web_Websites



Please enter your comment!
Please enter your name here