From 6fb1303570ec5abefe7561802481401df406e25f Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 10 Mar 2019 10:47:34 +0100
Subject: [PATCH] chg: [threat-actor] IRIDIUM added

Ref: https://resecurity.com/blog/parliament_races/
---
 clusters/threat-actor.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d434084..e4f7c21 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -6402,7 +6402,19 @@
       },
       "uuid": "ae1c64ff-5a37-4291-97f8-ea402c63efd0",
       "value": "APT-C-36"
+    },
+    {
+      "value": "IRIDIUM",
+      "uuid": "29cfe970-5446-4cfc-a2da-00e9f49e02ba",
+      "description": "Resecurity’s research indicates that the attack on Parliament is a part of a multi-year cyberespionage campaign orchestrated by a nation-state actor whom we are calling IRIDIUM. This actor targets sensitive government, diplomatic, and military resources in the countries comprising the Five Eyes intelligence alliance (which includes Australia, Canada, New Zealand, the United Kingdom and the United States)",
+      "meta": {
+        "refs": [
+          "https://resecurity.com/blog/parliament_races/",
+          "https://www.nbcnews.com/politics/national-security/iranian-backed-hackers-stole-data-major-u-s-government-contractor-n980986"
+        ],
+        "country": "IR"
+      }
     }
   ],
-  "version": 94
+  "version": 95
 }