mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-25 16:27:19 +00:00
Update threat-actor.json
This commit is contained in:
parent
fa4b14c6f5
commit
95659c39c0
1 changed files with 21 additions and 33 deletions
|
@ -4859,8 +4859,22 @@
|
|||
"https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations",
|
||||
"https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign",
|
||||
"https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf",
|
||||
"https://www.darkreading.com/attacks-breaches/russian-apt-bluecharlie-swaps-infrastructure-to-evade-detection",
|
||||
"https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/"
|
||||
"https://www.recordedfuture.com/research/bluecharlie-previously-tracked-as-tag-53-continues-to-deploy-new-infrastructure-in-2023",
|
||||
"https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/",
|
||||
"https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf",
|
||||
"https://www.ncsc.gov.uk/files/Advisory-Russian-FSB-cyber-actor-star-blizzard-continues-worldwide-spear-sphishing-campaigns.pdf",
|
||||
"https://www.gov.uk/government/news/uk-exposes-attempted-russian-cyber-interference-in-politics-and-democratic-processes",
|
||||
"https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-global-elections",
|
||||
"https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics",
|
||||
"https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware",
|
||||
"https://citizenlab.ca/2024/08/sophisticated-phishing-targets-russias-perceived-enemies-around-the-globe/",
|
||||
"https://www.gov.uk/government/news/uk-exposes-attempted-russian-cyber-interference-in-politics-and-democratic-processes",
|
||||
"https://citizenlab.ca/2024/10/disrupting-coldriver/",
|
||||
"https://blogs.microsoft.com/on-the-issues/2024/10/03/protecting-democratic-institutions-from-cyber-threats/",
|
||||
"https://www.justice.gov/opa/pr/justice-department-disrupts-russian-intelligence-spear-phishing-efforts",
|
||||
"https://www.justice.gov/opa/pr/two-russian-nationals-working-russias-federal-security-service-charged-global-computer",
|
||||
"https://www.justice.gov/opa/media/1327601/dl?inline",
|
||||
"https://www.noticeofpleadings.com/starblizzard/"
|
||||
],
|
||||
"synonyms": [
|
||||
"COLDRIVER",
|
||||
|
@ -4868,7 +4882,11 @@
|
|||
"TA446",
|
||||
"GOSSAMER BEAR",
|
||||
"BlueCharlie",
|
||||
"Star Blizzard"
|
||||
"Star Blizzard",
|
||||
"TAG-53",
|
||||
"IRON FRONTIER",
|
||||
"UNC4057",
|
||||
"Blue Callisto"
|
||||
],
|
||||
"targeted-sector": [
|
||||
"Government, Administration",
|
||||
|
@ -4877,15 +4895,6 @@
|
|||
"Journalist"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "06630ccd-98ed-5aec-8083-e04c894bd2d6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
|
||||
"value": "Callisto"
|
||||
},
|
||||
|
@ -11665,27 +11674,6 @@
|
|||
"uuid": "171d0590-be92-443f-addb-af5dc2a8034d",
|
||||
"value": "Evasive Panda"
|
||||
},
|
||||
{
|
||||
"description": "A Russia-linked threat actor tracked as TAG-53 is running phishing campaigns impersonating various defense, aerospace, and logistic companies, according to The Record by Recorded Future. Recorded Future’s Insikt Group identified overlaps with a threat actor tracked by other companies as Callisto Group, COLDRIVER, and SEABORGIUM.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.knowbe4.com/russian-threat-actor-impersonates-aerospace-and-defense-companies",
|
||||
"https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations?utm_campaign=PostBeyond&utm_source=Twitter&utm_medium=359877&utm_term=Exposing+TAG-53%E2%80%99s+Credential+Harvesting+Infrastructure+Used+for+Russia-Aligned+Espionage+Operations",
|
||||
"https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "overlaps"
|
||||
}
|
||||
],
|
||||
"uuid": "e5865ca1-ec95-43e2-954a-d0f3507a9747",
|
||||
"value": "TAG-53"
|
||||
},
|
||||
{
|
||||
"description": "This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan.",
|
||||
"meta": {
|
||||
|
|
Loading…
Reference in a new issue