From c35fad32917c2e7072096a68fea1c7a2c1430c27 Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Mon, 28 Mar 2022 12:11:34 +0200 Subject: [PATCH] Add threat actor group Scarab --- clusters/threat-actor.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 4815b45..64241ba 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -9051,6 +9051,24 @@ }, "uuid": "d9e5be22-1a04-4956-af6c-37af02330980", "value": "LAPSUS" + }, + { + "description": "Scarab APT was first spotted in 2015, but is believed to have been active since at least 2012, conducting surgical attacks against a small number of individuals across the world, including Russia and the United States. The backdoor deployed by Scarab in their campaigns is most commonly known as Scieron.", + "meta": { + "cfr-suspected-victims": [ + "Russia", + "Ukraine", + "United States" + ], + "cfr-type-of-incident": "Espionage", + "country": "CN", + "refs": [ + "https://web.archive.org/web/20150124025612/http://www.symantec.com:80/connect/blogs/scarab-attackers-took-aim-select-russian-targets-2012", + "https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine" + ] + }, + "uuid": "ef59014b-79bb-408f-97f1-3c585a240ca7", + "value": "Scarab" } ], "version": 215