From 550d062c77a37cdb4b582a2fcde594508aea203c Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 1 Feb 2024 11:01:55 -0800
Subject: [PATCH] [threat-actors] Add Blue Tsunami

---
 clusters/threat-actor.json | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 7ceed02..4f5d076 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14155,6 +14155,21 @@
       },
       "uuid": "79a347d9-1938-4550-8836-98e4ed95f77c",
       "value": "Denim Tsunami"
+    },
+    {
+      "description": "Blue Tsunami, also known as Black Cube, is a cyber mercenary group associated with the private intelligence firm Black Cube. They target individuals in various industries, including human rights, finance, and consulting. Blue Tsunami engages in social engineering and uses techniques such as honeypot profiles, fake jobs, and fake companies to gather human intelligence for their clients. LinkedIn and Microsoft recently took down numerous fake accounts and company pages linked to Blue Tsunami.",
+      "meta": {
+        "country": "IL",
+        "refs": [
+          "https://precisionpconline.com/a-unified-front-against-cyber-mercenaries/",
+          "https://www.microsoft.com/en-us/security/blog/2023/11/09/microsoft-shares-threat-intelligence-at-cyberwarcon-2023/"
+        ],
+        "synonyms": [
+          "Black Cube"
+        ]
+      },
+      "uuid": "46104ded-49f5-4440-bd25-e05c1126f0ba",
+      "value": "Blue Tsunami"
     }
   ],
   "version": 298