[threat-actors] Add TwoSail Junk

2024-11-22 14:57:18 +00:00 · 2023-11-07 10:37:08 -08:00 · 2023-11-07 10:37:08 -08:00 · 44617774b6
commit 44617774b6
parent c0dda66200
1 changed files with 11 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -12766,6 +12766,17 @@
      },
      "uuid": "6616d2ac-2025-47f8-bb1a-1ece2b627c16",
      "value": "DEV-1028"
+    },
+    {
+      "description": "TwoSail Junk directs visitors to its exploit site by posting links within the threads of forum discussions, or creating new topic threads of their own. To date, dozens of visits were recorded from within Hong Kong, with a couple from Macau. The technical details around the functionality of the iOS implant, called LightSpy, and related infrastructure, reveal a low-to-mid capable actor. However, the iOS implant is a modular and exhaustively functional iOS surveillance framework.",
+      "meta": {
+        "refs": [
+          "https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/",
+          "https://securelist.com/apt-annual-review-what-the-worlds-threat-actors-got-up-to-in-2020/99574/"
+        ]
+      },
+      "uuid": "533af03d-e160-4312-a92f-0500055f2b56",
+      "value": "TwoSail Junk"
    }
  ],
  "version": 293