diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 034e3dc2..9382856f 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -14379,6 +14379,20 @@ }, "uuid": "b80be7a7-6d06-4da7-8ae0-302a198e7c73", "value": "Lilac Typhoon" + }, + { + "description": "Ruby Sleet is a threat actor linked to North Korea's Ministry of State Security. Cerium has been involved in spear-phishing campaigns, compromising devices, and conducting cyberattacks alongside other North Korean threat actors. They have also targeted companies involved in COVID-19 research and vaccine development.", + "meta": { + "country": "KP", + "refs": [ + "https://blogs.microsoft.com/on-the-issues/2020/11/13/health-care-cyberattacks-covid-19-paris-peace-forum/" + ], + "synonyms": [ + "CERIUM" + ] + }, + "uuid": "03ff54cf-f7d4-4606-a531-2ca6d4fa6a54", + "value": "Ruby Sleet" } ], "version": 298