From 0c0817ab7e569a2446689bb4e9de9c84e752f4d0 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 2 Oct 2024 02:04:55 -0700
Subject: [PATCH] [threat-actors] Add VICE SPIDER

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 38a35ba..b50e58e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16849,6 +16849,17 @@
       },
       "uuid": "28157c93-0b9f-4341-983a-3a521cee12bb",
       "value": "DragonRank"
+    },
+    {
+      "description": "Vice Spider is a Russian-speaking ransomware group that has been active since at least April 2021 and is linked to a significant increase in identity-based attacks, with a reported 583% rise in Kerberoasting incidents. CrowdStrike attributes 27% of these intrusions specifically to Vice Spider, which exploits vulnerabilities in the Kerberos authentication protocol to crack user passwords.",
+      "meta": {
+        "country": "RU",
+        "refs": [
+          "https://www.techtarget.com/searchsecurity/news/366547445/CrowdStrike-observes-massive-spike-in-identity-based-attacks"
+        ]
+      },
+      "uuid": "2be3426b-c216-499f-b111-6694e96918f7",
+      "value": "VICE SPIDER"
     }
   ],
   "version": 315