From 1669da1661cd3d22b9512c71afa668a2a6067a2f Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 8 Jan 2024 05:23:29 -0800
Subject: [PATCH] [threat-actors] Add Cyber Toufan

---
 clusters/threat-actor.json | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index c600a8b..7d9ec83 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14000,6 +14000,21 @@
       },
       "uuid": "179deaab-12d2-4371-b499-51b925546a22",
       "value": "Threatsec"
+    },
+    {
+      "description": "Cyber Toufan is a threat actor group that has gained prominence for its cyberattacks targeting Israeli organizations. The group's tactics suggest potential nation-state backing, possibly from Iran. They have been involved in hack-and-leak operations, data breaches, and data destruction, impacting over 100 organizations. Cyber Toufan's activities align with geopolitical tensions in the Middle East and their attacks are characterized by a combination of technical breaches and psychological warfare.",
+      "meta": {
+        "country": "IR",
+        "refs": [
+          "https://www.darkreading.com/cyberattacks-data-breaches/-cyber-toufan-hacktivists-leaked-100-plus-israeli-orgs-in-one-month",
+          "https://socradar.io/dark-web-profile-cyber-toufan-al-aqsa/",
+          "https://research.checkpoint.com/2023/11th-december-threat-intelligence-report/",
+          "https://blog.polyswarm.io/2023-recap-cyber-activity-in-the-gaza-conflict",
+          "https://www.securityweek.com/palestinian-hackers-hit-100-israeli-organizations-in-destructive-attacks/"
+        ]
+      },
+      "uuid": "3decddc7-e554-48d8-8304-38b243fc9ccb",
+      "value": "Cyber Toufan"
     }
   ],
   "version": 296