From 4bb6cce77d1149ba14c3b823f24f4b2cb8f2f758 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Fri, 3 Nov 2023 11:13:11 +0100
Subject: [PATCH] [threat-actors] Add Xiaoqiying

---
 clusters/threat-actor.json | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 394b3f4..5136bf1 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12118,6 +12118,23 @@
       },
       "uuid": "39ef9941-4f9c-4807-ab10-88e863ce7953",
       "value": "Keksec"
+    },
+    {
+      "description": "Xiaoqiying is a primarily Chinese-speaking threat group that is most well known for conducting website defacement and data exfiltration attacks on more than a dozen South Korean research and academic institutions in late-January 2023. Research from Recorded Futures Insikt Group has found that the groups affiliated threat actors have signaled a new round of cyberattacks against organizations in Japan and Taiwan. Although it shows no clear ties to the Chinese government, Xiaoqiying is staunchly pro-China and vows to target NATO countries as well as any country or region that is deemed hostile to China.",
+      "meta": {
+        "aliases": [
+          "Genesis Day",
+          "Teng Snake"
+        ],
+        "refs": [
+          "https://www.recordedfuture.com/xiaoqiying-genesis-day-threat-actor-group-targets-south-korea-taiwan",
+          "https://medium.com/s2wblog/%E5%8F%98%E8%84%B8-teng-snake-a-k-a-code-core-8c35268b4d1a",
+          "https://therecord.media/samsung-investigating-claims-of-hack-on-south-korea-systems-internal-employee-platform/"
+        ],
+        "country": "CN"
+      },
+      "uuid": "0ee7be4f-389f-4083-a1e4-4c39dc1ae105",
+      "value": "Xiaoqiying"
     }
   ],
   "version": 288