chg: [threat actors] added Volt Typhoon

2023-05-25 07:29:48 +02:00 · 2023-05-25 07:29:48 +02:00 · 14301a9c4c
parent 8c1bb1f809
commit 14301a9c4c
1 changed files with 16 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -11337,7 +11337,22 @@
      },
      "uuid": "aac49b4e-74e9-49fa-84f9-e340cf8bafbc",
      "value": "APT43"
+    },
+    {
+      "description": "[Microsoft] Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.\n\n[Secureworks] BRONZE SILHOUETTE likely operates on behalf the PRC. The targeting of U.S. government and defense organizations for intelligence gain aligns with PRC requirements, and the tradecraft observed in these engagements overlap with other state-sponsored Chinese threat groups.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations",
+          "https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/"
+        ],
+        "synonyms": [
+          "BRONZE SILHOUETTE"
+        ]
+      },
+      "uuid": "f02679fa-5e85-4050-8eb5-c2677d93306f",
+      "value": "Volt Typhoon"
    }
  ],
-  "version": 273
+  "version": 274
 }