diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 9e230a8..b33e809 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -10286,6 +10286,45 @@ }, "uuid": "85f20141-1c8e-49ac-b963-eaa1fb1f4018", "value": "DEV-0147" + }, + { + "description": "TA406 is engaging in malware distribution, phishing, intelligence collection, and cryptocurrency theft, resulting in a wide range of criminal activities.", + "meta": { + "cfr-suspected-victims": [ + "China", + "France", + "Germany", + "India", + "Japan", + "North America", + "Russia", + "South Africa", + "South Korea", + "United Kingdom" + ], + "cfr-target-category": [ + "Government", + "Journalists", + "NGOs" + ], + "country": "KR", + "references": [ + "https://www.bleepingcomputer.com/news/security/north-korean-cyberspies-target-govt-officials-with-custom-malware/", + "https://siliconangle.com/2021/11/18/north-korean-cybercriminal-group-ta406-escalates-attacks-2021/", + "https://www.proofpoint.com/us/blog/threat-insight/triple-threat-north-korea-aligned-ta406-scams-spies-and-steals" + ] + }, + "related": [ + { + "dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "part-of" + } + ], + "uuid": "89f005f9-22e9-4c50-9b48-e94c521266e5", + "value": "TA406" } ], "version": 260