{ "id": "b8551aed-35be-4214-9fdb-e3e96f202575", "created_at": "2026-04-06T00:22:35.505442Z", "updated_at": "2026-04-10T13:12:54.028179Z", "deleted_at": null, "sha1_hash": "89b6492a21f20c568d1ed258c01762e6319b6959", "title": "Hacking Team - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 33118, "plain_text": "Hacking Team - Threat Group Cards: A Threat Actor\r\nEncyclopedia\r\nArchived: 2026-04-05 14:10:13 UTC\r\nDescriptionThe many 0-days that had been collected by Hacking Team and which became publicly available\r\nduring the breach of their organization in 2015, have been used by several APT groups since.\r\n(ESET) Since being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling\r\nsurveillance tools to governments and their agencies across the world.\r\nThe capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted\r\ndevice, intercepting emails and instant messaging, as well as remotely activating a device’s webcam and\r\nmicrophone. The company has been criticized for selling these capabilities to authoritarian governments – an\r\nallegation it has consistently denied.\r\nWhen the tables turned in July 2015, with Hacking Team itself suffering a damaging hack, the reported use of\r\nRCS by oppressive regimes was confirmed. With 400GB of internal data – including the once-secret list of\r\ncustomers, internal communications, and spyware source code – leaked online, Hacking Team was forced to\r\nrequest its customers to suspend all use of RCS, and was left facing an uncertain future.\r\nFollowing the hack, the security community has been keeping a close eye on the company’s efforts to get back on\r\nits feet. The first reports suggesting Hacking Team’s resumed operations came six months later – a new sample of\r\nHacking Team’s Mac spyware was apparently in the wild. A year after the breach, an investment by a company\r\nnamed Tablem Limited brought changes to Hacking Team’s shareholder structure, with Tablem Limited taking\r\n20% of Hacking Team’s shareholding. Tablem Limited is officially based in Cyprus; however, recent news\r\nsuggests it has ties to Saudi Arabia.\r\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=b85d5342-8008-4410-9fb2-5eaf76141909\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=b85d5342-8008-4410-9fb2-5eaf76141909\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/showcard.cgi?u=b85d5342-8008-4410-9fb2-5eaf76141909" ], "report_names": [ "showcard.cgi?u=b85d5342-8008-4410-9fb2-5eaf76141909" ], "threat_actors": [ { "id": "a3687241-9876-477b-aa13-a7c368ffda58", "created_at": "2022-10-25T16:07:24.496902Z", "updated_at": "2026-04-10T02:00:05.010744Z", "deleted_at": null, "main_name": "Hacking Team", "aliases": [], "source_name": "ETDA:Hacking Team", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "e90c06e4-e3e0-4f46-a3b5-17b84b31da62", "created_at": "2023-01-06T13:46:39.018236Z", "updated_at": "2026-04-10T02:00:03.183123Z", "deleted_at": null, "main_name": "Hacking Team", "aliases": [], "source_name": "MISPGALAXY:Hacking Team", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434955, "ts_updated_at": 1775826774, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/89b6492a21f20c568d1ed258c01762e6319b6959.pdf", "text": "https://archive.orkl.eu/89b6492a21f20c568d1ed258c01762e6319b6959.txt", "img": "https://archive.orkl.eu/89b6492a21f20c568d1ed258c01762e6319b6959.jpg" } }