[threat-actors] Add DriftingCloud

2024-11-22 23:07:19 +00:00 · 2023-11-16 07:10:18 -08:00 · 2023-11-16 07:10:18 -08:00 · 941ef757bb
commit 941ef757bb
parent ce555828e1
1 changed files with 13 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -13055,6 +13055,19 @@
      },
      "uuid": "e5c78742-bf60-4da8-b038-d548ae3f4ecb",
      "value": "MurenShark"
+    },
+    {
+      "description": "DriftingCloud is a persistent threat actor known for targeting various industries and locations. They are skilled at developing or acquiring zero-day exploits to gain unauthorized access to target networks. Compromising gateway devices is a common tactic used by DriftingCloud, making network monitoring solutions crucial for detecting their attacks.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://socradar.io/driftingcloud-apt-group-exploits-zero-day-in-sophos-firewall/",
+          "https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/",
+          "https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html"
+        ]
+      },
+      "uuid": "6f6b187b-971b-4df9-a7ef-9b3fd7e092f7",
+      "value": "DriftingCloud"
    }
  ],
  "version": 294