From 419c62cea140f6e5259f94dfe16c70ae97fad290 Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Fri, 3 Nov 2023 19:02:12 +0100 Subject: [PATCH] [threat-actors] Add Storm-0062 --- clusters/threat-actor.json | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 41942fc..9977998 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12247,6 +12247,23 @@ }, "uuid": "a47b0f97-30fe-451d-9983-3bdc1e4608ab", "value": "LofyGang" + }, + { + "description": "The cyberattack campaign that Microsoft uncovered was launched by a China-linked hacking group called Storm-0062. According to the company, the group is launching cyberattacks by exploiting a vulnerability in the Data Center and Server editions of Confluence. Those are versions of the application that companies run on-premises.", + "meta": { + "aliases": [ + "Oro0lxy", + "DarkShadow" + ], + "country": "CN", + "refs": [ + "https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/monthly-news-november-2023/ba-p/3970796", + "https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-41-5/", + "https://twitter.com/MsftSecIntel/status/1711871732644970856" + ] + }, + "uuid": "d1fe4546-616a-409c-8d2c-f7a7e0a183f8", + "value": "Storm-0062" } ], "version": 289