[threat-actors] Add Storm-0062

2023-11-03 19:02:12 +01:00 · 2023-11-03 19:02:12 +01:00 · 419c62cea1
parent 13c770f0a7
commit 419c62cea1
1 changed files with 17 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -12247,6 +12247,23 @@
      },
      "uuid": "a47b0f97-30fe-451d-9983-3bdc1e4608ab",
      "value": "LofyGang"
+    },
+    {
+      "description": "The cyberattack campaign that Microsoft uncovered was launched by a China-linked hacking group called Storm-0062. According to the company, the group is launching cyberattacks by exploiting a vulnerability in the Data Center and Server editions of Confluence. Those are versions of the application that companies run on-premises.",
+      "meta": {
+        "aliases": [
+          "Oro0lxy",
+          "DarkShadow"
+        ],
+        "country": "CN",
+        "refs": [
+          "https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/monthly-news-november-2023/ba-p/3970796",
+          "https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-41-5/",
+          "https://twitter.com/MsftSecIntel/status/1711871732644970856"
+        ]
+      },
+      "uuid": "d1fe4546-616a-409c-8d2c-f7a7e0a183f8",
+      "value": "Storm-0062"
    }
  ],
  "version": 289