From 3f9bd89958e5c335ade8aa629fedc48e97360d41 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 22 Jan 2024 10:01:13 -0800
Subject: [PATCH] [threat-actors] Add TAG-28

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 4a3578b..3bb828b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14036,6 +14036,17 @@
       },
       "uuid": "f288f686-b5b3-4c86-9960-5f8fb18709a3",
       "value": "UTA0178"
+    },
+    {
+      "description": "TAG-28 is a Chinese state-sponsored threat actor that has been targeting Indian organizations, including media conglomerates and government agencies. They have been using the Winnti malware, which is commonly shared among Chinese state-sponsored groups. TAG-28's main objective is to gather intelligence on Indian targets, potentially for espionage purposes.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.recordedfuture.com/blog/china-linked-tag-28-targets-indias-the-times-group"
+        ]
+      },
+      "uuid": "6c706d8b-95a4-428d-9de5-b68b29b1893c",
+      "value": "TAG-28"
     }
   ],
   "version": 297