Guides
Start typing to search…

Researching threat actors in Recon

The Threat Actors feature in Recon helps you research groups known to exploit vulnerabilities or conduct cyber operations.

Threat actor profiles combine intelligence gathered by Cytidel with vulnerability data and related threat activity. This allows you to quickly understand how specific actors operate, what they target, and which vulnerabilities they are associated with.

Searching for Threat Actors

You can search for threat actors using either their primary name or any known alias.

To find a threat actor:

  1. Navigate to Threat Actors in Recon.
  2. Enter the name of a threat actor or any known alias in the search bar.
  3. Select a result to open the Threat Actor profile. 

Threat actors in the table are organised by their primary name, defined by Cytidel. Searching by an alias will still return the correct actor, but it will appear under its primary name in the results.

Exploring the Threat Actor Profile

Each threat actor profile provides a consolidated view of intelligence associated with that group, helping analysts quickly understand the actor’s activity, targeting patterns, and associated vulnerabilities.

Threat Actor Profile

This section provides a high-level overview of the group, including background information and known activity.

It includes details such as:

  • country affiliation
  • targeted industries
  • known motivations
  • general operational context

Threat Intelligence

The Threat Intelligence panel lists structured information linked to the actor, including:

  • Aliases used by the group
  • Tools associated with their operations
  • Malware linked to their campaigns
  • Ransomware families they use

These insights help analysts understand the techniques and tooling associated with the actor. 

Targeting Insights

Threat actor profiles also highlight how and where the actor operates, including:

  • industries targeted
  • vendors targeted
  • products targeted

This helps security teams assess whether their organisation may fall within the actor’s typical targeting scope. 

Associated CVEs

The Associated CVEs section lists vulnerabilities linked to the threat actor.

Reviewing these CVEs can help identify vulnerabilities that may be more likely to be targeted or exploited by specific actors. 

Related News and Reports

Threat actor profiles also include related articles and reports from external sources.

These references provide additional context about:

  • campaigns involving the actor
  • vulnerability exploitation activity
  • research published by security organisations

Updated 24 days ago