From 2111f509683602178ee38b9a4a24f78ea48ca0dc Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Tue, 7 Nov 2023 14:47:12 +0100
Subject: [PATCH] [threat-actors] Add 1937CN

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 98f0365..b9ff09d 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12596,6 +12596,20 @@
       },
       "uuid": "b87f9ba7-f480-4ed5-b60e-b880e6b519ea",
       "value": "Altahrea Team"
+    },
+    {
+      "description": "1937CN is a Chinese hacking group that has been active since at least 2013. The group is known for targeting Vietnamese organizations, including government agencies, businesses, and media outlets. 1937CN has been linked to a number of high-profile cyberattacks, including the hacking of Vietnam Airlines in 2016 and the defacement of Vietnamese government websites in 2015.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/23/b/earth-zhulong-familiar-patterns-target-southeast-asian-firms.html",
+          "https://www.recordedfuture.com/international-hacktivism-analysis/",
+          "http://securityaffairs.co/wordpress/49876/hacking/china-1937cn-team-vietnam.html",
+          "https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a"
+        ]
+      },
+      "uuid": "391573c5-9c21-4984-b6b8-97d42623d6cc",
+      "value": "1937CN"
     }
   ],
   "version": 292