From 879ae26c552783412a2b66a89a7a58b96c6eddb2 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 24 Jun 2024 02:35:57 -0700
Subject: [PATCH] [threat-actors] Add Void Arachne

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 170a5877..f7886924 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16175,6 +16175,16 @@
       },
       "uuid": "318be739-26fd-4f4d-bac8-aa20ec8273b7",
       "value": "UAC-0020"
+    },
+    {
+      "description": "Void Arachne is a threat actor group targeting Chinese-speaking users with malicious MSI files containing legitimate software installers for AI software. They exploit public interest in VPN technology and AI software to distribute malware through SEO poisoning and Chinese-language-themed Telegram channels. The group's campaign includes bundling malicious Winos payloads with deepfake pornography-generating AI software and voice-and-face-swapping AI software. Void Arachne also promotes AI technologies for virtual kidnapping and uses AI voice-alternating technology to pressure victims into paying ransom.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/24/f/behind-the-great-wall-void-arachne-targets-chinese-speaking-user.html"
+        ]
+      },
+      "uuid": "2ac0db88-8e88-447b-ad44-f781326f5884",
+      "value": "Void Arachne"
     }
   ],
   "version": 312