From 8d01e775745acec7c92cb32610218ad2603f0201 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sun, 3 Nov 2019 08:51:37 +0100 Subject: [PATCH] chg: [threat-actor] Operation WizardOpium added ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/ --- clusters/threat-actor.json | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 75993f4..cf45808 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -7761,7 +7761,20 @@ }, "uuid": "8dda51ef-9a30-48f7-b0fd-5b6f0a62262d", "value": "Operation Soft Cell" + }, + { + "value": "Operation WizardOpium", + "uuid": "75db4269-924b-4771-8f62-0de600a43634", + "description": "We are calling these attacks Operation WizardOpium. So far, we have been unable to establish a definitive link with any known threat actors. There are certain very weak code similarities with Lazarus attacks, although these could very well be a false flag. The profile of the targeted website is more in line with earlier DarkHotel attacks that have recently deployed similar false flag attacks.", + "meta": { + "refs": [ + "https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/" + ], + "threat-actor-classification": [ + "campaign" + ] + } } ], - "version": 137 + "version": 138 }