diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 252012e..2f88cb7 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12544,14 +12544,14 @@ { "description": "Prodaft researchers have published a report on Paperbug, a cyber-espionage campaign carried out by suspected Russian-speaking group Nomadic Octopus and which targeted entities in Tajikistan. According to Prodaft, known compromised victims included high-ranking government officials, telcos, and public service infrastructures. Compromised devices also included OT devices, besides your typical computers, servers, and mobile devices. In typical Prodaft fashion, the company also gained access to one of the group's C&C server backend panels.", "meta": { - "aliases": [ - "Nomadic Octopus" - ], "country": "RU", "refs": [ "https://securelist.com/octopus-infested-seas-of-central-asia/88200/", "https://www.prodaft.com/m/reports/PAPERBUG_TLPWHITE-1.pdf", "https://www.virusbulletin.com/conference/vb2018/abstracts/nomadic-octopus-cyber-espionage-central-asia/" + ], + "synonyms": [ + "Nomadic Octopus" ] }, "uuid": "7b227f41-efea-4dc0-8a2a-148893795ce4", @@ -12675,20 +12675,20 @@ { "description": "TraderTraitor targets blockchain companies through spear-phishing messages. The group sends these messages to employees, particularly those in system administration or software development roles, on various communication platforms, intended to gain access to these start-up and high-tech companies. TraderTraitor may be the work of operators previously responsible for APT38 activity.", "meta": { - "aliases": [ - "Jade Sleet", - "UNC4899" - ], "country": "KP", "refs": [ "https://www.mandiant.com/resources/blog/north-korea-supply-chain", "https://us-cert.cisa.gov/ncas/alerts/aa22-108a", "https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023" + ], + "synonyms": [ + "Jade Sleet", + "UNC4899" ] }, "uuid": "825abfd9-7238-4438-a9e7-c08791f4df4e", "value": "TraderTraitor" } ], - "version": 292 + "version": 293 }