From 05cf259436032bbfa4745b06b2d1db52a6f77e45 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 1 Feb 2024 11:01:57 -0800
Subject: [PATCH] [threat-actors] Add GALLIUM aliases

---
 clusters/threat-actor.json | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 50be0721..6120a0f6 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9061,15 +9061,18 @@
     {
       "description": "GALLIUM, is a threat actor believed to be targeting telecommunication providers over the world, mostly South-East Asia, Europe and Africa. To compromise targeted networks, GALLIUM target unpatched internet-facing services using publicly available exploits and have been known to target vulnerabilities in WildFly/JBoss.",
       "meta": {
+        "country": "CN",
         "refs": [
           "https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/",
           "https://www.youtube.com/watch?v=fBFm2fiEPTg",
           "https://troopers.de/troopers22/talks/7cv8pz/",
-          "https://unit42.paloaltonetworks.com/atoms/alloytaurus/"
+          "https://unit42.paloaltonetworks.com/atoms/alloytaurus/",
+          "https://unit42.paloaltonetworks.com/alloy-taurus-targets-se-asian-government/"
         ],
         "synonyms": [
           "Red Dev 4",
-          "Alloy Taurus"
+          "Alloy Taurus",
+          "Granite Typhoon"
         ]
       },
       "related": [