From 13fc125694048dd0882fda11b5d17aa08df288be Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 24 Jun 2024 02:35:57 -0700
Subject: [PATCH] [threat-actors] Add RedJuliett

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 44894ee4..02b78081 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16219,6 +16219,17 @@
       },
       "uuid": "8f4eb6bc-3d3d-49e4-82d8-500c7bb0a2ec",
       "value": "JuiceLedger"
+    },
+    {
+      "description": "RedJuliett is a likely Chinese state-sponsored threat actor targeting government, academic, technology, and diplomatic organizations in Taiwan. They exploit vulnerabilities in network edge devices for initial access and use SQL injection and directory traversal exploits against web and SQL applications. The group operates from Fuzhou, China, and aims to support Beijing's intelligence collection on Taiwan's economic and diplomatic relations. RedJuliett has also expanded its operations to compromise organizations in other countries such as Hong Kong, Malaysia, and the United States.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.recordedfuture.com/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeter"
+        ]
+      },
+      "uuid": "d20f5398-a362-4c88-b3fb-7e952dcf3948",
+      "value": "RedJuliett"
     }
   ],
   "version": 312