diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index fd67d7c..0f903ce 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2689,7 +2689,6 @@ "https://dragos.com/blog/crashoverride/CrashOverride-01.pdf", "https://www.us-cert.gov/ncas/alerts/TA17-163A", "https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid", - "https://www.cfr.org/interactive/cyber-operations/black-energy", "https://web.archive.org/web/20141016132823/https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks", "https://ics.sans.org/blog/2015/12/30/current-reporting-on-the-cyber-attack-in-ukraine-resulting-in-power-outage", "https://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks/", @@ -9319,6 +9318,19 @@ }, "uuid": "7ab283ac-b78f-42db-b564-0550b9637b0b", "value": "TA579" + }, + { + "description": "This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear if they conducted the attacks themselves, or if they bought leaked databases from third parties.", + "meta": { + "cfr-target-category": [ + "Private sector" + ], + "refs": [ + "https://webz.io/dwp/new-ransomware-group-ransomhouse-is-it-real-or-fake/" + ] + }, + "uuid": "4d522fad-452c-46be-94ea-5803aec9b709", + "value": "RansomHouse" } ], "version": 227