From 78472ee3f55506a29156a6f7131bafb6f2b2991b Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Fri, 3 Nov 2023 11:13:11 +0100
Subject: [PATCH] [threat-actors] Add Redfly

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f944829..1995ba1 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12183,6 +12183,17 @@
       },
       "uuid": "b21dbf83-3459-44f4-b91b-6157379e430a",
       "value": "Earth Longzhi"
+    },
+    {
+      "description": "Redfly hacked a national electricity grid organization in Asia and maintained persistent access to the network for about six months. Researchers discovered evidence for this attack between 28 February and 3 August 2023 after noticing suspicious malware activity within the organization’s network.",
+      "meta": {
+        "refs": [
+          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks",
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-power-suppliers-network-infiltrated-for-6-months-by-redfly-hackers-active-iocs/"
+        ]
+      },
+      "uuid": "4f1c43a4-3788-4035-a99c-e510f89edd0f",
+      "value": "Redfly"
     }
   ],
   "version": 288