From 4e6fa2191a374b21a320b78052e7756f4fd3044e Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Thu, 6 Jun 2024 01:27:06 -0700 Subject: [PATCH] [threat-actors] Add Unfading Sea Haze --- clusters/threat-actor.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 7a35c7f..e76a6a6 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16019,6 +16019,18 @@ }, "uuid": "9d218bb3-fc59-43e0-a273-a0a0fb5c463e", "value": "RansomHub" + }, + { + "description": "Unfading Sea Haze is a threat actor focused on espionage, targeting government and military organizations in the South China Sea region since 2018. They employ spear-phishing emails with malicious attachments to gain initial access, followed by the deployment of custom malware such as Gh0st RAT variants and SharpJSHandler. The group utilizes scheduled tasks and manipulates local administrator accounts for persistence, while also incorporating Remote Monitoring and Management tools into their attacks. Unfading Sea Haze demonstrates a sophisticated and patient approach, remaining undetected for years and showing adaptability through evolving exfiltration tactics and malware arsenal.", + "meta": { + "country": "CN", + "refs": [ + "https://www.securityweek.com/newly-detected-chinese-group-targeting-military-government-entities/", + "https://www.bleepingcomputer.com/news/security/unfading-sea-haze-hackers-hide-on-military-and-govt-networks-for-6-years/" + ] + }, + "uuid": "58e75098-8edc-48ce-b1de-c1a8647e33d3", + "value": "Unfading Sea Haze" } ], "version": 310