Attackers
Named attackers
Individuals publicly identified — by indictment, sanctions, or intelligence reporting — as having participated in catalogued cyberattacks.
Park Jin Hyok
4North Korean (DPRK) · indicted fugitive
North Korean RGB officer indicted by the U.S. DOJ in September 2018 as a Lazarus Group operator. Attributed to Sony Pictures (2014), WannaCry (2017), and the Bangladesh Bank SWIFT heist (2016).
Dmitry Khoroshev
2Russian · indicted fugitive
Russian national identified by the U.K. NCA, FBI, and Australian Federal Police as LockBitSupp — the developer and chief operator of the LockBit ransomware-as-a-service franchise.
Sandworm Six (GRU Unit 74455)
2Vitaly Kovalev
2Russian · indicted fugitive
Russian national publicly identified as 'Stern' — the CEO-level operator of TrickBot, Conti, and the broader Ryuk / BazarLoader cybercrime conglomerate. Sanctioned by the U.S., U.K. and EU in 2023.
Yaroslav Vasinskyi
2Ukrainian · convicted
Ukrainian REvil affiliate convicted in 2024 for the July 2021 Kaseya VSA supply-chain ransomware attack. Sentenced to 13 years 7 months and ordered to pay $16M restitution.
Equifax PLA officers (Wu, Wang, Xu, Liu)
1Maksim Yakubets
1Russian · indicted fugitive
Russian national identified by the U.S. Treasury and FBI as the leader of Evil Corp — the Dridex banking trojan and BitPaymer / WastedLocker ransomware operation. $5 million State Department reward.
Paige Thompson
1American · convicted
Former AWS engineer convicted in 2022 for the 2019 Capital One breach. Exploited a misconfigured WAF to exfiltrate data on 100 million Capital One credit-card customers.
Equifax PLA officers (Wu, Wang, Xu, Liu)
Chinese · indicted fugitive
Four members of the Chinese People's Liberation Army's 54th Research Institute indicted by the U.S. DOJ in February 2020 for the 2017 Equifax breach.
Mikhail Matveev
Russian · indicted fugitive
Russian national indicted by the U.S. DOJ in May 2023 as Wazawaka / Boriselcin / Uhodiransomwar — a senior affiliate of LockBit, Babuk, and Hive ransomware operations.
Sandworm Six (GRU Unit 74455)
Russian · indicted fugitive
Six Russian GRU officers indicted by the U.S. DOJ in October 2020 for NotPetya, the 2018 Olympics destructor, attacks on Ukraine's electric grid, and the 2017 French election hack-and-leak.
Vyacheslav Penchukov
Ukrainian · convicted
Ukrainian national arrested in Geneva in 2022, extradited to the U.S. in 2023, and sentenced in 2024 for operating the JabberZeus banking trojan and later the IcedID malware loader.