From b317c4ff6b52508f0101eb5240abb850935fd38c Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 18 Jun 2024 04:51:29 -0700
Subject: [PATCH] [threat-actors] Add Gitloker

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 9086466..b73a719 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16099,6 +16099,17 @@
       },
       "uuid": "fd17cd3c-5131-4907-be7d-83a0c7dabd36",
       "value": "UTG-Q-008"
+    },
+    {
+      "description": "Gitloker is a threat actor group targeting GitHub repositories, wiping their contents, and extorting victims for their data. They use stolen credentials to compromise accounts, claim to have created a backup, and instruct victims to contact them on Telegram. The attackers leave a ransom note in the form of a README file, urging victims to negotiate the return of their data. GitHub is working to combat these evolving attacks and the vulnerabilities they exploit.",
+      "meta": {
+        "refs": [
+          "https://www.itsecurityguru.org/2024/06/13/guest-blog-proactive-application-security-learning-from-the-recent-github-extortion-campaigns/",
+          "https://www.bleepingcomputer.com/news/security/new-gitloker-attacks-wipe-github-repos-in-extortion-scheme/"
+        ]
+      },
+      "uuid": "75cc313a-6a95-4ab8-b7f8-bfd7e4a7fe00",
+      "value": "Gitloker"
     }
   ],
   "version": 310