[threat-actors] Add Chernovite

2024-11-22 23:07:19 +00:00 · 2023-11-16 07:10:18 -08:00 · 2023-11-16 07:10:18 -08:00 · f759525c25
commit f759525c25
parent 03d16eba61
1 changed files with 14 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -13028,6 +13028,20 @@
      },
      "uuid": "fcb18ca2-ea45-4f5c-a827-ed8b6b697a08",
      "value": "VulzSecTeam"
+    },
+    {
+      "description": "Chernovite is a highly capable and sophisticated threat actor group that has developed a modular ICS malware framework called PIPEDREAM. They are known for targeting industrial control systems and operational technology environments, with the ability to disrupt, degrade, and potentially destroy physical processes. Chernovite has demonstrated a deep understanding of ICS protocols and intrusion techniques, making them a significant threat to critical infrastructure sectors.",
+      "meta": {
+        "country": "RU",
+        "refs": [
+          "https://www.dragos.com/blog/pipedream-mousehole-opcua-module/",
+          "https://www.dragos.com/blog/industry-news/chernovite-pipedream-malware-targeting-industrial-control-systems/",
+          "https://www.dragos.com/threats/the-2022-ics-ot-vulnerability-briefing-recap/",
+          "https://www.dragos.com/blog/responding-to-chernovites-pipedream-with-dragos-global-services/"
+        ]
+      },
+      "uuid": "2ce00149-9a25-4dea-8dd5-59bdb68d11a1",
+      "value": "Chernovite"
    }
  ],
  "version": 294