From 7b7ffa45326f4877d333868e1846a4d01da8197c Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 13 Nov 2023 04:36:56 -0800
Subject: [PATCH] [threat-actors] Add DEV-0950

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 60758f0..fc03a06 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12845,6 +12845,19 @@
       },
       "uuid": "46de4091-379f-478c-bb6d-5833e2047f15",
       "value": "DiceyF"
+    },
+    {
+      "description": "Lace Tempest, also known as DEV-0950, is a threat actor that exploited vulnerabilities in software such as SysAid and PaperCut to gain unauthorized access to systems. Lace Tempest is known for deploying the Clop ransomware and exfiltrating data from compromised networks.",
+      "meta": {
+        "refs": [
+          "http://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/"
+        ],
+        "synonyms": [
+          "Lace Tempest"
+        ]
+      },
+      "uuid": "4581f930-348e-4054-a71c-863871de66ee",
+      "value": "DEV-0950"
     }
   ],
   "version": 293