From 3719022d914ec32eaffde53f8a30a46e6e5b46c6 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Wed, 6 Dec 2023 17:42:33 -0800
Subject: [PATCH] [threat-actors] Add AeroBlade

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index bba0fb6..2ddefc6 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13661,6 +13661,16 @@
       },
       "uuid": "697cb051-5315-4026-bf4c-553b49f817a9",
       "value": "UNC2659"
+    },
+    {
+      "description": "AeroBlade is a previously unknown threat actor that has been targeting an aerospace organization in the United States. Their objective appears to be conducting commercial and competitive cyber espionage. They employ spear-phishing as a delivery mechanism, using weaponized documents with embedded remote template injection techniques and malicious VBA macro code. The attacks have been ongoing since September 2022, with multiple phases identified in the attack chain. The origin and precise objective of AeroBlade remain unknown.",
+      "meta": {
+        "refs": [
+          "https://blogs.blackberry.com/en/2023/11/aeroblade-on-the-hunt-targeting-us-aerospace-industry"
+        ]
+      },
+      "uuid": "47739f40-c80c-435a-bedc-0d2b38e87ddc",
+      "value": "AeroBlade"
     }
   ],
   "version": 295