diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 59565d4..1cabb7a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -14280,6 +14280,20 @@ }, "uuid": "062938a2-6fa1-4217-ad73-f5e0b5186966", "value": "Caramel Tsunami" + }, + { + "description": "Storm-0867 is a threat actor that has been active since 2012 and has targeted various industries and regions. They employ sophisticated phishing campaigns, utilizing social engineering techniques and a phishing as a service platform called Caffeine. Their attacks involve intercepting and manipulating communication between users and legitimate services, allowing them to steal passwords, hijack sign-in sessions, bypass multifactor authentication, and modify authentication methods.", + "meta": { + "country": "EG", + "refs": [ + "https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/defender-experts-chronicles-a-deep-dive-into-storm-0867/ba-p/3911769" + ], + "synonyms": [ + "DEV-0867" + ] + }, + "uuid": "dc1d0202-8976-4d15-810d-4af0feff6af9", + "value": "Storm-0867" } ], "version": 298