diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 082a628e..23541cdd 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -17411,6 +17411,17 @@ }, "uuid": "9eeb11a0-3fcf-4036-844a-2500c72f8b69", "value": "TAG-112" + }, + { + "description": "SilkSpecter is a Chinese financially motivated threat actor that orchestrates phishing campaigns targeting e-commerce shoppers, particularly during peak shopping seasons. They exploit legitimate payment processors like Stripe to exfiltrate Cardholder Data and Personally Identifiable Information through convincing fake e-commerce sites created using the oemapps SaaS platform. Their phishing infrastructure relies on Chinese-hosted CDN servers and utilizes deceptive elements such as the \"trusttollsvg\" icon and a \"/homeapi/collect\" endpoint to track victim interactions. Analysts have linked SilkSpecter to over 89 IP addresses and more than 4,000 domain names associated with phishing activities, predominantly using .top, .shop, .store, and .vip TLDs.", + "meta": { + "country": "CN", + "refs": [ + "https://blog.eclecticiq.com/inside-intelligence-center-financially-motivated-chinese-threat-actor-silkspecter-targeting-black-friday-shoppers" + ] + }, + "uuid": "0f4c942f-9491-4844-b782-4ee65033c7e0", + "value": "SilkSpecter" } ], "version": 320