[threat-actors] Add UNC4841

2024-11-26 08:47:18 +00:00 · 2023-11-17 02:59:55 -08:00 · 2023-11-17 02:59:55 -08:00 · d3836318a2
commit d3836318a2
parent f8d9c86e36
1 changed files with 13 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -13125,6 +13125,19 @@
      },
      "uuid": "e284c356-4b77-4f86-a8f2-7793cbe8662b",
      "value": "AppMilad"
+    },
+    {
+      "description": "UNC4841 is a well-resourced threat actor that has utilized a wide range of malware and purpose-built tooling to enable their global espionage operations. They have been observed selectively deploying specific malware families at high priority targets, with SKIPJACK being the most widely deployed. UNC4841 primarily targeted government and technology organizations, but they have also been observed targeting other verticals.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://blog.polyswarm.io/unc4841-targeting-government-entities-with-barracuda-esg-0day-cve-2023-2868",
+          "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation",
+          "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
+        ]
+      },
+      "uuid": "8959fbb4-95f0-485d-bba2-db9140b95386",
+      "value": "UNC4841"
    }
  ],
  "version": 294