Merge pull request #891 from Mathieu4141/threat-actors/289ae672-5442-436d-bc65-0548dba509dc

[threat actors] Add 3 actors
2023-11-09 08:01:18 +01:00 · 2023-11-09 08:01:18 +01:00 · 563ef36986
parent 89e39ddb3f f5b7ad5478
commit 563ef36986
1 changed files with 34 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -12811,6 +12811,40 @@
      },
      "uuid": "be4ea668-6a74-44d9-946e-e98e64a8855b",
      "value": "Dalbit"
+    },
+    {
+      "description": "SingularityMD is a threat actor group that has targeted educational institutions in the US. They gained unauthorized access to their networks by exploiting weak security practices, such as using students' dates of birth as passwords. SingularityMD demanded a ransom in cryptocurrency and threatened to leak stolen information if not paid. They have demonstrated a willingness to follow through on their threats and have already leaked some data.",
+      "meta": {
+        "refs": [
+          "https://www.databreaches.net/jeffco-public-schools-hit-by-the-same-threat-actors-that-hit-clark-county-school-district-and-via-the-same-way/",
+          "https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/",
+          "https://www.databreaches.net/hackers-escalate-leak-200k-ccsd-students-data-claim-to-still-have-access-to-ccsd-email-system/"
+        ]
+      },
+      "uuid": "d52a06dd-3ee9-47cf-ad31-b55ca4cbc5cf",
+      "value": "SingularityMD"
+    },
+    {
+      "description": "SCARLETEEL is a threat actor that primarily targets cloud environments, specifically AWS and Kubernetes. They have been observed stealing proprietary data and intellectual property, as well as conducting cryptomining operations. SCARLETEEL employs sophisticated tactics and tools to bypass security measures and gain unauthorized access to accounts, often exploiting vulnerabilities in containerized workloads and misconfigurations in AWS policies.",
+      "meta": {
+        "refs": [
+          "https://sysdig.com/blog/scarleteel-2-0/",
+          "https://sysdig.com/blog/cloud-breach-terraform-data-theft/"
+        ]
+      },
+      "uuid": "e03a7ecb-b8a1-40c5-b5af-638ee6029374",
+      "value": "SCARLETEEL"
+    },
+    {
+      "description": "DiceyF is an advanced persistent threat group that has been targeting online casinos and other victims in Southeast Asia for an extended period. They have exhibited overlapping activity with LuckyStar PlugX and Earth Berberoka/GamblingPuppet, as reported by various cybersecurity vendors. While their motivations remain unclear, previous incidents suggest a combination of espionage and intellectual property theft rather than immediate financial gain. DiceyF continuously evolves their codebase and adds encryption capabilities to enhance their stealthy cyberespionage activities.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://securelist.com/diceyf-deploys-gameplayerframework-in-online-casino-development-studio/107723/"
+        ]
+      },
+      "uuid": "46de4091-379f-478c-bb6d-5833e2047f15",
+      "value": "DiceyF"
    }
  ],
  "version": 293