diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index b33e809..33d669a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -10309,8 +10309,6 @@ ], "country": "KR", "references": [ - "https://www.bleepingcomputer.com/news/security/north-korean-cyberspies-target-govt-officials-with-custom-malware/", - "https://siliconangle.com/2021/11/18/north-korean-cybercriminal-group-ta406-escalates-attacks-2021/", "https://www.proofpoint.com/us/blog/threat-insight/triple-threat-north-korea-aligned-ta406-scams-spies-and-steals" ] }, @@ -10325,6 +10323,53 @@ ], "uuid": "89f005f9-22e9-4c50-9b48-e94c521266e5", "value": "TA406" + }, + { + "description": "Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian government.", + "meta": { + "attribution-confidence": "50", + "cfr-suspected-victims": [ + "Australia", + "Europe", + "Middle East", + "US" + ], + "cfr-target-category": [ + "Education", + "Government", + "Healthcare", + "Legal", + "Manufacturing", + "Media", + "NGOs", + "Pharmaceuticals" + ], + "country": "IR", + "references": [ + "https://www.mandiant.com/resources/blog/apt42-charms-cons-compromises" + ], + "synonyms": [ + "UNC788" + ] + }, + "related": [ + { + "dest-uuid": "b8967b3c-3bc9-11e8-8701-8b1ead8c099e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], + "uuid": "35f887ad-6709-4d0b-8e9c-6b3fa09c783f", + "value": "APT42" } ], "version": 260