[threat-actors] Add BlackJack

2024-11-22 14:57:18 +00:00 · 2024-04-17 10:09:09 -07:00 · 2024-04-17 10:09:09 -07:00 · 94a76ab5a8
commit 94a76ab5a8
parent 6870ac7c42
1 changed files with 14 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -15582,6 +15582,20 @@
      },
      "uuid": "85db04b5-1ec2-4e25-908a-f53576bd175a",
      "value": "Smishing Triad"
+    },
+    {
+      "description": "Blackjack, a threat actor linked to Ukraine's security apparatus, has targeted critical Russian entities such as ISPs, utilities, and military infrastructure. They have claimed responsibility for launching cyberattacks resulting in substantial damage and data exfiltration. The group allegedly used the Fuxnet malware to target sensor gateways connected to internet-connected sensors, impacting infrastructure monitoring systems. Blackjack has also been involved in attacks against companies like Moscollector, causing disruptions and stealing sensitive data.",
+      "meta": {
+        "country": "UA",
+        "refs": [
+          "https://www.enigmasoftware.com/fuxneticsmalware-removal/",
+          "https://www.securityweek.com/destructive-ics-malware-fuxnet-used-by-ukraine-against-russian-infrastructure/",
+          "https://claroty.com/team82/research/unpacking-the-blackjack-groups-fuxnet-malware",
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-update-pro-ukraine-hacktivists-breach-russian-isp-as-revenge-for-kyivstar-attack/"
+        ]
+      },
+      "uuid": "a5aa9b72-2bfb-427c-97fc-6ec04357233b",
+      "value": "BlackJack"
    }
  ],
  "version": 305