From d44948b2a9be3e1f1296c914ad4d4d5749843bec Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 1 Nov 2024 10:43:28 -0700
Subject: [PATCH] [threat-actors] Add Blackmeta

---
 clusters/threat-actor.json | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index afe7479..cc3548a 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17120,6 +17120,23 @@
       },
       "uuid": "0c18304e-e65f-4881-94e1-cc2d621ec563",
       "value": "DarkRaaS"
+    },
+    {
+      "description": "BLACKMETA is a pro-Palestinian hacktivist group that has claimed responsibility for a series of DDoS attacks and data breaches targeting organizations perceived as supportive of Israel, including the Internet Archive and various entities in the UAE and Saudi Arabia. The group employs DDoS attacks, website defacement, and data exfiltration, with motivations rooted in political ideology and retribution for perceived injustices against Palestinians. Their operations have been linked to a Telegram channel, where they publicize their activities and collaborate with other hacktivist groups. Additionally, they have been attributed to significant cyber disruptions, including a 100-hour DDoS campaign against a UAE bank, showcasing their operational capabilities.",
+      "meta": {
+        "country": "PS",
+        "refs": [
+          "https://thecyberexpress.com/sn-blackmeta-claim-snapchat-cyberattack/",
+          "https://www.radware.com/security/threat-advisories-and-attack-reports/six-day-web-ddos-attack-campaign/",
+          "https://securityboulevard.com/?p=2033037",
+          "https://socradar.io/internet-archive-data-breach-and-ddos-attacks/"
+        ],
+        "synonyms": [
+          "SN Blackmeta"
+        ]
+      },
+      "uuid": "969753d8-3cc9-43a2-9b8d-753d2bb385b4",
+      "value": "Blackmeta"
     }
   ],
   "version": 318