[threat-actors] Add Caramel Tsunami

This commit is contained in:
Mathieu4141 2024-02-01 11:01:58 -08:00
parent ac0fdd61ea
commit d1dae2085b

View file

@ -14254,6 +14254,25 @@
}, },
"uuid": "7db46444-2d27-4922-8a21-98f8509476dc", "uuid": "7db46444-2d27-4922-8a21-98f8509476dc",
"value": "UNC4990" "value": "UNC4990"
},
{
"description": "Caramel Tsunami is a threat actor that specializes in spyware attacks. They have recently resurfaced with an updated toolset and zero-day exploits, targeting specific victims through watering hole attacks. Candiru has been observed exploiting vulnerabilities in popular browsers like Google Chrome and using third-party signed drivers to gain access to the Windows kernel. They have also been linked to other spyware vendors and have been associated with extensive abuses of their surveillance tools.",
"meta": {
"refs": [
"https://decoded.avast.io/threatresearch/avast-q2-2022-threat-report/",
"https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/",
"https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/",
"https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/",
"https://www.welivesecurity.com/2021/11/16/strategic-web-compromises-middle-east-pinch-candiru/",
"https://www.microsoft.com/en-us/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/"
],
"synonyms": [
"SOURGUM",
"Candiru"
]
},
"uuid": "062938a2-6fa1-4217-ad73-f5e0b5186966",
"value": "Caramel Tsunami"
} }
], ],
"version": 298 "version": 298