From 4700780d47623c8fbb67211be44267bc2e68ae2d Mon Sep 17 00:00:00 2001 From: rwe Date: Sat, 5 Feb 2022 04:52:33 -0800 Subject: [PATCH] added antlion APT group --- clusters/threat-actor.json | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 239a323d..a1f1d370 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -8911,7 +8911,24 @@ }, "uuid": "676c1129-5664-4698-92ee-031f81baefce", "value": "AQUATIC PANDA" + }, + { + "description": "Antlion is a Chinese state-backed advanced persistent threat (APT) group, who has been targeting financial institutions in Taiwan. This persistent campaign has lasted over the course of at least 18 months.", + "meta": { + "cfr-suspected-victims": [ + "Taiwan" + ], + "cfr-target-category": [ + "Financial" + ], + "country": "CN", + "refs": [ + "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks" + ] + }, + "uuid": "8482f350-867c-11ec-a8a3-0242ac120002", + "value": "Antlion" } ], - "version": 210 + "version": 211 }