Update threat-actor.json

adding UNC3524 to the actor galaxy cluster.
2024-11-22 23:07:19 +00:00 · 2022-05-04 13:21:56 +02:00 · 2022-05-04 13:21:56 +02:00 · 06c293072c
commit 06c293072c
parent 87c1e34ce8
1 changed files with 12 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -9183,7 +9183,18 @@
      },
      "uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",
      "value": "SaintBear"
+    },
+    {
+      "description": "Mandiant observed this group operating since December 2019. Its techniques partially overlap with multiple Russian-based espionage actors (APT28 and APT29). They are described as having a high level of operational security, low malware footprint, adept evasive skills, and a large Internet of Things (IoT) device botnet at their disposal.",
+      "meta": {
+        "cfr-type-of-incident": "Espionage",
+        "refs": [
+          "https://www.mandiant.com/resources/unc3524-eye-spy-email"
+        ]
+      },
+      "uuid": "bee8b09c-07e5-4c12-94d6-266ebcb1ec24",
+      "value": "UNC3524"
    }
  ],
-  "version": 219
+  "version": 220
 }