From 2bf2bad2a9338923de0d4a1d5a32890cec2c625d Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Fri, 26 Apr 2024 09:01:34 -0700 Subject: [PATCH 1/2] [threat-actors] Add STORM-1849 --- clusters/threat-actor.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 59c3f2f..8069eb3 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -15917,6 +15917,19 @@ }, "uuid": "97a10d3b-5cb5-4df9-856c-515994f3e953", "value": "ArcaneDoor" + }, + { + "description": "UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called \"Line Runner\" and \"Line Dancer.\" The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.", + "meta": { + "refs": [ + "https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/" + ], + "synonyms": [ + "UAT4356" + ] + }, + "uuid": "3d94ef07-9fd6-4d64-bf1e-f1316f2686a4", + "value": "STORM-1849" } ], "version": 308 From dd14938a49967b608642e8a2fd55de1b13be0b65 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Fri, 26 Apr 2024 09:01:34 -0700 Subject: [PATCH 2/2] [threat-actors] Add USDoD --- clusters/threat-actor.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 8069eb3..2de2b7c 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -15930,6 +15930,19 @@ }, "uuid": "3d94ef07-9fd6-4d64-bf1e-f1316f2686a4", "value": "STORM-1849" + }, + { + "description": "USDoD is a threat actor known for leaking large databases of personal information, including from companies like Airbus and the U.S. Environmental Protection Agency. They have a history of engaging in high-profile data breaches, such as exposing data from the FBI's InfraGard program. USDoD has also been involved in web scraping to obtain information from websites like LinkedIn.", + "meta": { + "refs": [ + "https://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/", + "https://www.cysecurity.news/2023/09/transunion-refutes-data-breach-reports.html", + "https://socradar.io/unmasking-usdod-the-enigma-of-the-cyber-realm/", + "https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/" + ] + }, + "uuid": "d6882fb9-d1e4-4cec-889c-5423c772d199", + "value": "USDoD" } ], "version": 308