From 4bb6cce77d1149ba14c3b823f24f4b2cb8f2f758 Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Fri, 3 Nov 2023 11:13:11 +0100 Subject: [PATCH] [threat-actors] Add Xiaoqiying --- clusters/threat-actor.json | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 394b3f4..5136bf1 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12118,6 +12118,23 @@ }, "uuid": "39ef9941-4f9c-4807-ab10-88e863ce7953", "value": "Keksec" + }, + { + "description": "Xiaoqiying is a primarily Chinese-speaking threat group that is most well known for conducting website defacement and data exfiltration attacks on more than a dozen South Korean research and academic institutions in late-January 2023. Research from Recorded Futures Insikt Group has found that the groups affiliated threat actors have signaled a new round of cyberattacks against organizations in Japan and Taiwan. Although it shows no clear ties to the Chinese government, Xiaoqiying is staunchly pro-China and vows to target NATO countries as well as any country or region that is deemed hostile to China.", + "meta": { + "aliases": [ + "Genesis Day", + "Teng Snake" + ], + "refs": [ + "https://www.recordedfuture.com/xiaoqiying-genesis-day-threat-actor-group-targets-south-korea-taiwan", + "https://medium.com/s2wblog/%E5%8F%98%E8%84%B8-teng-snake-a-k-a-code-core-8c35268b4d1a", + "https://therecord.media/samsung-investigating-claims-of-hack-on-south-korea-systems-internal-employee-platform/" + ], + "country": "CN" + }, + "uuid": "0ee7be4f-389f-4083-a1e4-4c39dc1ae105", + "value": "Xiaoqiying" } ], "version": 288