From 0b571d7e76de1e4f94bf6b2cb6d10d5c126fb058 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 1 Feb 2024 11:02:05 -0800
Subject: [PATCH] [threat-actors] Add Storm-0829

---
 clusters/threat-actor.json | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 0a22070..95b69bf 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14679,6 +14679,23 @@
       },
       "uuid": "3a912680-6f38-4fe7-9941-744f0e2280b3",
       "value": "Storm-1567"
+    },
+    {
+      "description": "Nwgen is a group that focuses on data exfiltration and ransomware activities. They have been found to share techniques with other threat groups such as Karakurt, Lapsus$, and Yanluowang. Nwgen has been observed carrying out attacks and deploying ransomware, encrypting files and demanding a ransom of $150,000 in Monero cryptocurrency for the decryption software.",
+      "meta": {
+        "refs": [
+          "https://www.enigmasoftware.com/nwgenransomware-removal/",
+          "https://www.databreaches.net/east-tennessee-childrens-hospital-updates-information-on-ransomware-incident/",
+          "https://readme.security/cybercrime-is-more-of-a-threat-than-nation-state-hackers-6f6cccf47721",
+          "https://twitter.com/cglyer/status/1546297609215696897"
+        ],
+        "synonyms": [
+          "DEV-0829",
+          "Nwgen Team"
+        ]
+      },
+      "uuid": "3e595289-05b8-43fc-bd88-f8650436447f",
+      "value": "Storm-0829"
     }
   ],
   "version": 298