[threat-actors] Add DriftingCloud

clusters/threat-actor.json

@@ -13055,6 +13055,19 @@
       },
       "uuid": "e5c78742-bf60-4da8-b038-d548ae3f4ecb",
       "value": "MurenShark"
+    },
+    {
+      "description": "DriftingCloud is a persistent threat actor known for targeting various industries and locations. They are skilled at developing or acquiring zero-day exploits to gain unauthorized access to target networks. Compromising gateway devices is a common tactic used by DriftingCloud, making network monitoring solutions crucial for detecting their attacks.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://socradar.io/driftingcloud-apt-group-exploits-zero-day-in-sophos-firewall/",
+          "https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/",
+          "https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html"
+        ]
+      },
+      "uuid": "6f6b187b-971b-4df9-a7ef-9b3fd7e092f7",
+      "value": "DriftingCloud"
     }
   ],
   "version": 294