Menu
Browse

Cyber Threat Actor: M1sp

Actor Type Location Known Incidents
 Icon
Criminal
United Kingdom
1 incident
Profile

M1spis a threat actor known by the alias M1sp and has been associated with operations originating from the United Kingdom. Public reporting links the actor to credential‑harvesting activities that primarily target organizations within the UK, with a notable focus on the health sector. The actor’s strategic objective, as described in available sources, is the collection of valid user credentials through deceptive means. Observed tactics involve the use of phishing emails that mimic recent correspondence or recipient details to appear trustworthy, directing victims to fraudulent login pages designed to capture usernames and passwords. Once credentials are obtained, the actor hijacks the compromised email accounts to distribute malicious spam externally, leveraging the legitimacy of the hijacked addresses to increase the success of subsequent messages. No specific malware families or custom tooling have been publicly attributed to M1sp in the reported incidents.

The most documented operation attributed to M1sp occurred on May 30 2020, when a phishing campaign compromised over one hundred internal email accounts within a UK health service. The campaign was part of a broader credential‑harvesting effort aimed at UK organizations, using emails that imitated legitimate communications to lure recipients to fake login portals. Although there was no evidence that patient records were accessed, the breach enabled the attackers to send spam from the hijacked accounts, prompting the affected organization to isolate the compromised credentials, enforce password resets, and review its security configurations. These response measures contributed to a noticeable decline in phishing activity targeting the organization afterward, illustrating the immediate impact of the actor’s tactics and the effectiveness of remedial actions.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources