[threat-actors] Add CL-STA-0043

This commit is contained in:
Mathieu4141 2023-11-17 02:59:55 -08:00
parent d3836318a2
commit ed0d3c6f57

View file

@ -13138,6 +13138,17 @@
}, },
"uuid": "8959fbb4-95f0-485d-bba2-db9140b95386", "uuid": "8959fbb4-95f0-485d-bba2-db9140b95386",
"value": "UNC4841" "value": "UNC4841"
},
{
"description": "CL-STA-0043 is a highly skilled and sophisticated threat actor, believed to be a nation-state, targeting governmental entities in the Middle East and Africa. They exploit vulnerabilities in on-premises Internet Information Services and Microsoft Exchange servers to infiltrate target networks. They engage in reconnaissance, locate vital assets, and have been observed using native Windows tools for privilege escalation.",
"meta": {
"refs": [
"https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-june-2023/",
"https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-uncovering-a-new-activity-group-targeting-governments-in-the-middle-east-and-africa/"
]
},
"uuid": "5d0aee14-f18a-44da-a44d-28d950f06b9c",
"value": "CL-STA-0043"
} }
], ],
"version": 294 "version": 294