From 6fdd037988c5f20c654b2671f1374057907aa532 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Thu, 1 Feb 2024 11:02:00 -0800 Subject: [PATCH] [threat-actors] Add Ruby Sleet --- clusters/threat-actor.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 034e3dc..9382856 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -14379,6 +14379,20 @@ }, "uuid": "b80be7a7-6d06-4da7-8ae0-302a198e7c73", "value": "Lilac Typhoon" + }, + { + "description": "Ruby Sleet is a threat actor linked to North Korea's Ministry of State Security. Cerium has been involved in spear-phishing campaigns, compromising devices, and conducting cyberattacks alongside other North Korean threat actors. They have also targeted companies involved in COVID-19 research and vaccine development.", + "meta": { + "country": "KP", + "refs": [ + "https://blogs.microsoft.com/on-the-issues/2020/11/13/health-care-cyberattacks-covid-19-paris-peace-forum/" + ], + "synonyms": [ + "CERIUM" + ] + }, + "uuid": "03ff54cf-f7d4-4606-a531-2ca6d4fa6a54", + "value": "Ruby Sleet" } ], "version": 298