From 78472ee3f55506a29156a6f7131bafb6f2b2991b Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Fri, 3 Nov 2023 11:13:11 +0100 Subject: [PATCH] [threat-actors] Add Redfly --- clusters/threat-actor.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index f944829..1995ba1 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12183,6 +12183,17 @@ }, "uuid": "b21dbf83-3459-44f4-b91b-6157379e430a", "value": "Earth Longzhi" + }, + { + "description": "Redfly hacked a national electricity grid organization in Asia and maintained persistent access to the network for about six months. Researchers discovered evidence for this attack between 28 February and 3 August 2023 after noticing suspicious malware activity within the organization’s network.", + "meta": { + "refs": [ + "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks", + "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-power-suppliers-network-infiltrated-for-6-months-by-redfly-hackers-active-iocs/" + ] + }, + "uuid": "4f1c43a4-3788-4035-a99c-e510f89edd0f", + "value": "Redfly" } ], "version": 288