From 15297c7b5f24108e682796dc0478d8118274a833 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCrgen=20L=C3=B6hel?= Date: Mon, 24 Apr 2023 16:57:52 -0600 Subject: [PATCH] chg [threat-actors] Add RedGolf MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jürgen Löhel --- clusters/threat-actor.json | 65 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 63 insertions(+), 2 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 6e8c39e..e1fbdfc 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -7901,7 +7901,8 @@ "G0044", "Earth Baku", "Amoeba", - "HOODOO" + "HOODOO", + "Brass Typhoon" ] }, "related": [ @@ -11259,7 +11260,67 @@ }, "uuid": "8ca38564-5515-45f5-9f3b-a4091546e10b", "value": "Anonymous Sudan" + }, + { + "description": "Recorded Future’s Insikt Group has identified a large cluster of new operational infrastructure associated with use of the custom Windows and Linux backdoor KEYPLUG. We attribute this activity to a threat activity group tracked as RedGolf, which is highly likely to be a Chinese state-sponsored group. RedGolf closely overlaps with threat activity reported in open sources under the aliases APT41/BARIUM and has likely carried out state-sponsored espionage activity in parallel with financially motivated operations for personal gain from at least 2014 onward.", + "meta": { + "cfr-suspected-state-sponsor": "China", + "cfr-target-category": [ + "Aviation", + "Automotive", + "Education", + "Intergovernmental", + "Media and Entertainment", + "Information Technology", + "Religious Organizations" + ], + "country": "CN", + "motive": "state-sponsored espionage and financially motivated", + "references": [ + "https://go.recordedfuture.com/hubfs/reports/cta-2023-0330.pdf", + "https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer" + ] + }, + "related": [ + { + "dest-uuid": "9c124874-042d-48cd-b72b-ccdc51ecbbd6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "overlaps" + }, + { + "dest-uuid": "036bd099-fe80-46c2-9c4c-e5c6df8dcdee", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "uses" + }, + { + "dest-uuid": "9c124874-042d-48cd-b72b-ccdc51ecbbd6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "uses" + }, + { + "dest-uuid": "2c4bfc14-3ea4-4ced-806a-fcac30b2a9d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "uses" + } + ], + "uuid": "eff0c059-5449-4207-9860-715475139595", + "value": "RedGolf" } ], - "version": 271 + "version": 272 }