[threat-actors] Add Cyber Toufan

clusters/threat-actor.json

@@ -14000,6 +14000,21 @@
       },
       "uuid": "179deaab-12d2-4371-b499-51b925546a22",
       "value": "Threatsec"
+    },
+    {
+      "description": "Cyber Toufan is a threat actor group that has gained prominence for its cyberattacks targeting Israeli organizations. The group's tactics suggest potential nation-state backing, possibly from Iran. They have been involved in hack-and-leak operations, data breaches, and data destruction, impacting over 100 organizations. Cyber Toufan's activities align with geopolitical tensions in the Middle East and their attacks are characterized by a combination of technical breaches and psychological warfare.",
+      "meta": {
+        "country": "IR",
+        "refs": [
+          "https://www.darkreading.com/cyberattacks-data-breaches/-cyber-toufan-hacktivists-leaked-100-plus-israeli-orgs-in-one-month",
+          "https://socradar.io/dark-web-profile-cyber-toufan-al-aqsa/",
+          "https://research.checkpoint.com/2023/11th-december-threat-intelligence-report/",
+          "https://blog.polyswarm.io/2023-recap-cyber-activity-in-the-gaza-conflict",
+          "https://www.securityweek.com/palestinian-hackers-hit-100-israeli-organizations-in-destructive-attacks/"
+        ]
+      },
+      "uuid": "3decddc7-e554-48d8-8304-38b243fc9ccb",
+      "value": "Cyber Toufan"
     }
   ],
   "version": 296