new threat actors

This commit is contained in:
Deborah Servili 2018-09-20 12:10:20 +02:00
parent 0a724bee3d
commit d0864a6531
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1

View file

@ -1873,7 +1873,7 @@
"value": "Rocket Kitten" "value": "Rocket Kitten"
}, },
{ {
"description": "A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies.", "description": "A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies. This threat actor targets entities in the government, energy, and technology sectors that are located in or do business with Saudi Arabia.",
"meta": { "meta": {
"cfr-suspected-state-sponsor": "Iran (Islamic Republic of)", "cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
"cfr-suspected-victims": [ "cfr-suspected-victims": [
@ -1903,7 +1903,8 @@
"http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf", "http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf",
"https://www.secureworks.com/research/the-curious-case-of-mia-ash", "https://www.secureworks.com/research/the-curious-case-of-mia-ash",
"http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/", "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/",
"https://www.cfr.org/interactive/cyber-operations/operation-cleaver" "https://www.cfr.org/interactive/cyber-operations/operation-cleaver",
"https://www.cfr.org/interactive/cyber-operations/magic-hound"
], ],
"synonyms": [ "synonyms": [
"Operation Cleaver", "Operation Cleaver",
@ -1914,7 +1915,8 @@
"Cobalt Gypsy", "Cobalt Gypsy",
"Ghambar", "Ghambar",
"Cutting Kitten", "Cutting Kitten",
"Group 41" "Group 41",
"Magic Hound"
] ]
}, },
"related": [ "related": [
@ -5733,7 +5735,104 @@
] ]
}, },
"uuid": "6a0ea861-229a-45a6-98f5-228f69b43905" "uuid": "6a0ea861-229a-45a6-98f5-228f69b43905"
},
{
"value": "Operation BugDrop",
"description": "This threat actor targets critical infrastructure entities in the oil and gas sector, primarily in Ukraine. The threat actors deploy the BugDrop malware to remotely access the microphones in their targets' computers to eavesdrop on conversations.",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/operation-bugdrop"
],
"cfr-suspected-victims": [
"Ukraine",
"Austria",
"Russia",
"Saudi Arabia"
],
"cfr-suspected-state-sponsor": "Russian Federation",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Private sector"
]
},
"uuid": "75ae52b2-bca3-11e8-af90-a78f33eee6c1"
},
{
"value": "Red October",
"description": "This threat actor targets governments, diplomatic missions, academics, and energy and aerospace organizations for the purpose of espionage. Also known as the Rocra and believed to be the same threat actor as Cloud Atlas",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/red-october"
],
"synonyms": [
"the Rocra"
],
"cfr-suspected-victims": [
"Russia",
"Belgium",
"Armenia",
"Ukraine",
"Belarus",
"Kazakhstan",
"India",
"Iran",
"United States",
"Greece",
"Azerbaijan",
"Afghanistan",
"Turkmenistan",
"Vietnam",
"Italy"
],
"cfr-suspected-state-sponsor": "Russian Federation",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Government",
"Private sector"
]
},
"uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0",
"related": [
{
"dest-uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "same-as"
}
]
},
{
"value": "Cloud Atlas",
"description": "This threat actor targets governments and diplomatic organizations for espionage purposes.",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas"
],
"cfr-suspected-victims": [
"Russia",
"India",
"Kazakhstan",
"Czech Republic",
"Belarus"
],
"cfr-suspected-state-sponsor": "Russian Federation",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Government"
]
},
"uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
"related": [
{
"dest-uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "same-as"
}
]
} }
], ],
"version": 61 "version": 62
} }