From 941ef757bb5fd8d92fb5ef550f65be88887ef88b Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Thu, 16 Nov 2023 07:10:18 -0800 Subject: [PATCH] [threat-actors] Add DriftingCloud --- clusters/threat-actor.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index fac0ac6..b9005af 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -13055,6 +13055,19 @@ }, "uuid": "e5c78742-bf60-4da8-b038-d548ae3f4ecb", "value": "MurenShark" + }, + { + "description": "DriftingCloud is a persistent threat actor known for targeting various industries and locations. They are skilled at developing or acquiring zero-day exploits to gain unauthorized access to target networks. Compromising gateway devices is a common tactic used by DriftingCloud, making network monitoring solutions crucial for detecting their attacks.", + "meta": { + "country": "CN", + "refs": [ + "https://socradar.io/driftingcloud-apt-group-exploits-zero-day-in-sophos-firewall/", + "https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/", + "https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html" + ] + }, + "uuid": "6f6b187b-971b-4df9-a7ef-9b3fd7e092f7", + "value": "DriftingCloud" } ], "version": 294