From 511fbae2df8621a1c9c06a738a90b37e6bb132f2 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 19 Nov 2024 07:56:47 -0800
Subject: [PATCH] [threat-actors] Add Water Barghest

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 23b98e75..e8039bd0 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17454,6 +17454,16 @@
       },
       "uuid": "305fbff0-d3ff-43e3-8741-63bad68e47ee",
       "value": "BrazenBamboo"
+    },
+    {
+      "description": "Water Barghest is a cybercriminal group that has compromised over 20,000 IoT devices by October 2024, monetizing them through a residential proxy marketplace. They automate the entire process from identifying vulnerable devices using n-day and zero-day exploits to deploying Ngioweb malware and selling the compromised assets. Their operations include leveraging Ubiquiti EdgeRouter devices for espionage and utilizing automated scripts to exploit vulnerabilities within minutes of discovery. Water Barghest has maintained a low profile for years, but their activities gained attention due to the deployment of a zero-day vulnerability against Cisco IOS XE devices in October 2023.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/24/k/water-barghest.html"
+        ]
+      },
+      "uuid": "314325cd-5972-46a9-af1e-4b1e5585619d",
+      "value": "Water Barghest"
     }
   ],
   "version": 320