diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 03c51de..4d5c81e 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -15582,6 +15582,20 @@ }, "uuid": "85db04b5-1ec2-4e25-908a-f53576bd175a", "value": "Smishing Triad" + }, + { + "description": "Blackjack, a threat actor linked to Ukraine's security apparatus, has targeted critical Russian entities such as ISPs, utilities, and military infrastructure. They have claimed responsibility for launching cyberattacks resulting in substantial damage and data exfiltration. The group allegedly used the Fuxnet malware to target sensor gateways connected to internet-connected sensors, impacting infrastructure monitoring systems. Blackjack has also been involved in attacks against companies like Moscollector, causing disruptions and stealing sensitive data.", + "meta": { + "country": "UA", + "refs": [ + "https://www.enigmasoftware.com/fuxneticsmalware-removal/", + "https://www.securityweek.com/destructive-ics-malware-fuxnet-used-by-ukraine-against-russian-infrastructure/", + "https://claroty.com/team82/research/unpacking-the-blackjack-groups-fuxnet-malware", + "https://www.rewterz.com/rewterz-news/rewterz-threat-update-pro-ukraine-hacktivists-breach-russian-isp-as-revenge-for-kyivstar-attack/" + ] + }, + "uuid": "a5aa9b72-2bfb-427c-97fc-6ec04357233b", + "value": "BlackJack" } ], "version": 305