diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 2a5d7dd..bcc884d 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -5631,7 +5631,8 @@ "PLA Navy", "MAVERICK PANDA", "BRONZE EDISON", - "Sykipot" + "SODIUM", + "Salmon Typhoon" ] }, "uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", @@ -7069,7 +7070,10 @@ "https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader", "https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european", "https://unit42.paloaltonetworks.com/stately-taurus-targets-philippines-government-cyberespionage/", - "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html" + "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html", + "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW", + "https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_2_LT4.pdf", + "https://thecyberwire.com/podcasts/microsoft-threat-intelligence/4/notes" ], "synonyms": [ "BRONZE PRESIDENT", @@ -7080,7 +7084,10 @@ "Earth Preta", "TA416", "Stately Taurus", - "LuminousMoth" + "LuminousMoth", + "Polaris", + "TANTALUM", + "Twill Typhoon" ] }, "uuid": "78bf726c-a9e6-11e8-9e43-77249a2f7339", @@ -8103,7 +8110,23 @@ "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf", "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi", "https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf", - "https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists" + "https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists", + "https://www.fortinet.com/blog/psirt-blogs/importance-of-patching-an-analysis-of-the-exploitation-of-n-day-vulnerabilities", + "https://intrusiontruth.wordpress.com/2023/05/11/article-1-whats-cracking-at-the-kerui-cracking-academy", + "https://intrusiontruth.wordpress.com/2023/05/12/the-illustrious-graduates-of-wuhan-kerui", + "https://intrusiontruth.wordpress.com/2023/05/13/all-roads-lead-back-to-wuhan-xiaoruizhi-science-and-technology-company", + "https://intrusiontruth.wordpress.com/2023/05/15/trouble-in-paradise", + "https://intrusiontruth.wordpress.com/2023/05/16/introducing-cheng-feng", + "https://intrusiontruth.wordpress.com/2023/05/17/missing-links", + "https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Common-TTPs-of-attacks-against-industrial-organizations-implants-for-remote-access-En.pdf", + "https://asec.ahnlab.com/ko/55070", + "https://intrusiontruth.wordpress.com/2023/07/04/wuhan-xiaoruizhi-class-of-19", + "https://intrusiontruth.wordpress.com/2023/07/07/one-man-and-his-lasers", + "https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2023-02-bfv-cyber-brief.pdf?__blob=publicationFile&v=6", + "https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived", + "https://www.justice.gov/opa/media/1345141/dl?inline", + "https://www.gov.uk/government/news/uk-holds-china-state-affiliated-organisations-and-individuals-responsible-for-malicious-cyber-activity", + "https://harfanglab.io/en/insidethelab/apt31-indictment-analysis/" ], "synonyms": [ "ZIRCONIUM", @@ -10856,7 +10879,12 @@ "https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools", "https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass", "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf", - "https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf" + "https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf", + "https://securelist.com/apt-annual-review-2021/105127", + "https://securelist.com/apt-trends-report-q2-2021/103517", + "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/jolly-jellyfish/NCSC-MAR-Jolly-Jellyfish.pdf", + "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/pdf/2022-year-in-retrospect-report.pdf", + "https://www.youtube.com/watch?v=-7Swd1ZetiQ" ], "synonyms": [ "CHROMIUM", @@ -10867,7 +10895,9 @@ "AQUATIC PANDA", "Red Dev 10", "RedHotel", - "Charcoal Typhoon" + "Charcoal Typhoon", + "BountyGlad", + "Red Scylla" ] }, "related": [ @@ -12336,7 +12366,8 @@ "https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/" ], "synonyms": [ - "BRONZE SILHOUETTE" + "BRONZE SILHOUETTE", + "VANGUARD PANDA" ] }, "uuid": "f02679fa-5e85-4050-8eb5-c2677d93306f", @@ -12579,7 +12610,11 @@ "https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/", "https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr", "https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/", - "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html" + "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html", + "https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/", + "https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/", + "https://www.youtube.com/watch?v=khywfhJv4H8", + "https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf" ] }, "uuid": "5b30bcb8-4923-45cc-bc89-29651ca5d54e", @@ -14436,7 +14471,8 @@ "https://www.crowdstrike.com/global-threat-report/" ], "synonyms": [ - "Ethereal Panda" + "Ethereal Panda", + "Storm-0919" ] }, "uuid": "50ee2b1b-979e-4507-8747-8597a95938f6",