From 2567d6f1f8f4415b7ce8198e051f2c13ec1d0cd0 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Wed, 1 Mar 2023 14:51:29 -0800
Subject: [PATCH] [threat-actors] Add TA406

---
 clusters/threat-actor.json | 39 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 9e230a8..b33e809 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -10286,6 +10286,45 @@
       },
       "uuid": "85f20141-1c8e-49ac-b963-eaa1fb1f4018",
       "value": "DEV-0147"
+    },
+    {
+      "description": "TA406 is engaging in malware distribution, phishing, intelligence collection, and cryptocurrency theft, resulting in a wide range of criminal activities.",
+      "meta": {
+        "cfr-suspected-victims": [
+          "China",
+          "France",
+          "Germany",
+          "India",
+          "Japan",
+          "North America",
+          "Russia",
+          "South Africa",
+          "South Korea",
+          "United Kingdom"
+        ],
+        "cfr-target-category": [
+          "Government",
+          "Journalists",
+          "NGOs"
+        ],
+        "country": "KR",
+        "references": [
+          "https://www.bleepingcomputer.com/news/security/north-korean-cyberspies-target-govt-officials-with-custom-malware/",
+          "https://siliconangle.com/2021/11/18/north-korean-cybercriminal-group-ta406-escalates-attacks-2021/",
+          "https://www.proofpoint.com/us/blog/threat-insight/triple-threat-north-korea-aligned-ta406-scams-spies-and-steals"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "part-of"
+        }
+      ],
+      "uuid": "89f005f9-22e9-4c50-9b48-e94c521266e5",
+      "value": "TA406"
     }
   ],
   "version": 260