From 4a521eec3beec24538b01037b1c15d01cac7c647 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Fri, 3 Nov 2023 11:13:11 +0100
Subject: [PATCH] [threat-actors] Add TetrisPhantom

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1995ba1..4e0a9f2 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12194,6 +12194,17 @@
       },
       "uuid": "4f1c43a4-3788-4035-a99c-e510f89edd0f",
       "value": "Redfly"
+    },
+    {
+      "description": "TetrisPhantom relies on compromising of certain type of secure USB drives that provide hardware encryption and is commonly used by government organizations. While investigating this threat, experts identified an entire spying campaign that uses a range of malicious modules to execute commands, collect files and information from compromised computers and transfer them to other machines also using secure USB drives.",
+      "meta": {
+        "refs": [
+          "https://usa.kaspersky.com/blog/sas-2023-research/29254/",
+          "https://securelist.com/apt-trends-report-q3-2023/110752/"
+        ]
+      },
+      "uuid": "5368c0a2-eb79-420c-b808-85ae719efccd",
+      "value": "TetrisPhantom"
     }
   ],
   "version": 288