diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 7e6a9e6..0da1832 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2160,7 +2160,8 @@ "https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/", "https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/", "https://unit42.paloaltonetworks.com/atoms/fighting-ursa/", - "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag" + "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag", + "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/" ], "synonyms": [ "Pawn Storm", @@ -2183,7 +2184,8 @@ "TA422", "T-APT-12", "APT-C-20", - "UAC-0028" + "UAC-0028", + "FROZENLAKE" ] }, "related": [ @@ -2336,7 +2338,8 @@ "https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/", "https://www.secureworks.com/research/threat-profiles/iron-hunter", "https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/", - "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag" + "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag", + "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/" ], "synonyms": [ "Snake", @@ -2357,7 +2360,8 @@ "ATK13", "G0010", "ITG12", - "Blue Python" + "Blue Python", + "SUMMIT" ] }, "related": [ @@ -2494,7 +2498,8 @@ "https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine", "https://www.welivesecurity.com/2017/05/23/xdata-ransomware-making-rounds-amid-global-wannacryptor-scare", "https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine", - "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back" + "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back", + "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/" ], "synonyms": [ "Quedagh", @@ -2505,7 +2510,8 @@ "ELECTRUM", "TeleBots", "IRIDIUM", - "Blue Echidna" + "Blue Echidna", + "FROZENBARENTS" ] }, "related": [ @@ -8248,11 +8254,13 @@ "https://twitter.com/hatr/status/1377220336597483520", "https://www.mandiant.com/resources/unc1151-linked-to-belarus-government", "https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers", - "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag" + "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag", + "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/" ], "synonyms": [ "UNC1151", - "TA445" + "TA445", + "PUSHCHA" ] }, "uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5", @@ -8955,14 +8963,16 @@ "https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/", "https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/", "https://unit42.paloaltonetworks.com/atoms/nascentursa/", - "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer" + "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer", + "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/" ], "synonyms": [ "UNC2589", "TA471", "UAC-0056", "Nascent Ursa", - "Nodaria" + "Nodaria", + "FROZENVISTA" ] }, "uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",