From d2586524e397f0991517095188584ce638ac75ca Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 5 Feb 2024 09:20:11 -0800
Subject: [PATCH] [threat-actors] Add CardinalLizard

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 371eb47..c1b0261 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14883,6 +14883,17 @@
       },
       "uuid": "624cc006-1131-4e53-a53c-3958cfbe233f",
       "value": "Operation Ghoul"
+    },
+    {
+      "description": "CardinalLizard, a cyber threat actor linked to China, has targeted entities in Asia since 2018. Their methods include spear-phishing, custom malware with anti-detection features, and potentially shared infrastructure with other actors.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://securelist.com/apt-review-of-the-year/89117/"
+        ]
+      },
+      "uuid": "97f40858-1582-4a59-a990-866813982830",
+      "value": "CardinalLizard"
     }
   ],
   "version": 299