From 65549d89b482a0d1bee7a6e379a5f90752267d40 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Fri, 1 Nov 2024 10:43:27 -0700 Subject: [PATCH] [threat-actors] Add IcePeony --- clusters/threat-actor.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 4c43c22..6bc7b93 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -17092,6 +17092,17 @@ }, "uuid": "0debc8ab-1449-4915-aa33-f6a54df2b2d7", "value": "UAC-0215" + }, + { + "description": "IcePeony is a China-nexus APT group that has been active since at least 2023, targeting government agencies, academic institutions, and political organizations in countries such as India, Mauritius, and Vietnam. They primarily employ SQL injection techniques to exploit vulnerabilities in publicly accessible web servers, subsequently installing web shells or executing malware like IceCache to facilitate credential theft. IcePeony operates under harsh work conditions, potentially adhering to the 996 working hour system, and shows a particular interest in the governments of Indian Ocean countries. Their activities suggest alignment with China's national interests, possibly related to maritime strategy.", + "meta": { + "country": "CN", + "refs": [ + "https://nao-sec.org/2024/10/IcePeony-with-the-996-work-culture.html" + ] + }, + "uuid": "793280d5-d28c-4d4a-87b6-487ba9d9fbd1", + "value": "IcePeony" } ], "version": 318