From a16cff8e4400f72539baf1039835b25ba3e4b437 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 24 Jun 2024 02:35:58 -0700
Subject: [PATCH] [threat-actors] Add SneakyChef

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 02b7808..f47c372 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16230,6 +16230,17 @@
       },
       "uuid": "d20f5398-a362-4c88-b3fb-7e952dcf3948",
       "value": "RedJuliett"
+    },
+    {
+      "description": "SneakyChef is a threat actor known for using the SugarGh0st RAT to target government agencies, research institutions, and organizations worldwide. They have been active since at least August 2023, with a focus on leveraging old and new command and control domains. The group has been observed using lures in the form of scanned documents related to Ministries of Foreign Affairs and embassies. Talos Intelligence assesses with medium confidence that the operators are likely Chinese-speaking based on language preferences and specific targets.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://blog.talosintelligence.com/sneakychef-sugarghost-rat/"
+        ]
+      },
+      "uuid": "cdf4506e-09ea-4eb8-b898-b1b5381aa343",
+      "value": "SneakyChef"
     }
   ],
   "version": 312