diff --git a/elements/adversary-groups.json b/elements/adversary-groups.json index 41f1c3c..fba8c80 100644 --- a/elements/adversary-groups.json +++ b/elements/adversary-groups.json @@ -87,7 +87,8 @@ "Pacifier APT", "HummingBad", "Dropping Elephant", - "Operation Transparent Tribe" + "Operation Transparent Tribe", + "Poseidon Group" ], "details": [ { @@ -873,6 +874,11 @@ "description": "Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda, it has not been concluded that the groups are the same.", "refs": ["https://attack.mitre.org/wiki/Groups", "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/"], "country": "CN" + }, + { + "group": "Poseidon Group", + "description": "Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the Poseidon Group as a security firm.", + "refs": ["https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/","https://attack.mitre.org/wiki/Groups"] } ] }