mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
[threat-actors] Add Tortoiseshell aliases
This commit is contained in:
parent
38b67da12f
commit
b6ea7157b4
1 changed files with 10 additions and 2 deletions
|
@ -8536,12 +8536,20 @@
|
||||||
{
|
{
|
||||||
"description": "A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers.\nThe group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.",
|
"description": "A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers.\nThe group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
"country": "IR",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain",
|
"https://www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain",
|
||||||
"https://www.darkreading.com/threat-intelligence/iranian-government-hackers-target-us-veterans/d/d-id/1335897"
|
"https://www.darkreading.com/threat-intelligence/iranian-government-hackers-target-us-veterans/d/d-id/1335897",
|
||||||
|
"https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-october",
|
||||||
|
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html",
|
||||||
|
"https://ics-cert.kaspersky.com/publications/reports/2023/09/25/apt-and-financial-attacks-on-industrial-organizations-in-h1-2023/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"IMPERIAL KITTEN"
|
"IMPERIAL KITTEN",
|
||||||
|
"Yellow Liderc",
|
||||||
|
"Imperial Kitten",
|
||||||
|
"TA456",
|
||||||
|
"Crimson Sandstorm"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "5f108484-db7f-11e9-aaa4-fb0176425734",
|
"uuid": "5f108484-db7f-11e9-aaa4-fb0176425734",
|
||||||
|
|
Loading…
Reference in a new issue