From 85f22c7d2e0362b9ea47c6544885f544ee809edc Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 30 Jan 2024 10:32:27 -0800
Subject: [PATCH] [threat-actors] Add UNC2452 aliases

---
 clusters/threat-actor.json | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2b2101f..c1872bb 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9253,13 +9253,16 @@
           "https://github.com/fireeye/sunburst_countermeasures",
           "https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware",
           "https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html",
-          "https://unit42.paloaltonetworks.com/atoms/solarphoenix/"
+          "https://unit42.paloaltonetworks.com/atoms/solarphoenix/",
+          "https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/",
+          "https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/"
         ],
         "synonyms": [
           "DarkHalo",
           "StellarParticle",
           "NOBELIUM",
-          "Solar Phoenix"
+          "Solar Phoenix",
+          "Midnight Blizzard"
         ]
       },
       "related": [