From 23b95c50d5efe58595fa20b6f9c5f08b8a658f7a Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 8 Nov 2023 06:14:54 -0800
Subject: [PATCH] [threat-actors] Add SCARLETEEL

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index eab8e9e..ca920f9 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12823,6 +12823,17 @@
       },
       "uuid": "d52a06dd-3ee9-47cf-ad31-b55ca4cbc5cf",
       "value": "SingularityMD"
+    },
+    {
+      "description": "SCARLETEEL is a threat actor that primarily targets cloud environments, specifically AWS and Kubernetes. They have been observed stealing proprietary data and intellectual property, as well as conducting cryptomining operations. SCARLETEEL employs sophisticated tactics and tools to bypass security measures and gain unauthorized access to accounts, often exploiting vulnerabilities in containerized workloads and misconfigurations in AWS policies.",
+      "meta": {
+        "refs": [
+          "https://sysdig.com/blog/scarleteel-2-0/",
+          "https://sysdig.com/blog/cloud-breach-terraform-data-theft/"
+        ]
+      },
+      "uuid": "e03a7ecb-b8a1-40c5-b5af-638ee6029374",
+      "value": "SCARLETEEL"
     }
   ],
   "version": 293