diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 4c43c220..6bc7b93a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -17092,6 +17092,17 @@ }, "uuid": "0debc8ab-1449-4915-aa33-f6a54df2b2d7", "value": "UAC-0215" + }, + { + "description": "IcePeony is a China-nexus APT group that has been active since at least 2023, targeting government agencies, academic institutions, and political organizations in countries such as India, Mauritius, and Vietnam. They primarily employ SQL injection techniques to exploit vulnerabilities in publicly accessible web servers, subsequently installing web shells or executing malware like IceCache to facilitate credential theft. IcePeony operates under harsh work conditions, potentially adhering to the 996 working hour system, and shows a particular interest in the governments of Indian Ocean countries. Their activities suggest alignment with China's national interests, possibly related to maritime strategy.", + "meta": { + "country": "CN", + "refs": [ + "https://nao-sec.org/2024/10/IcePeony-with-the-996-work-culture.html" + ] + }, + "uuid": "793280d5-d28c-4d4a-87b6-487ba9d9fbd1", + "value": "IcePeony" } ], "version": 318