chg: [threat-actor] Operation WizardOpium added

ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
2019-11-03 08:51:37 +01:00 · 2019-11-03 08:51:37 +01:00 · 8d01e77574
parent efa2f43c0f
commit 8d01e77574
1 changed files with 14 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -7761,7 +7761,20 @@
      },
      "uuid": "8dda51ef-9a30-48f7-b0fd-5b6f0a62262d",
      "value": "Operation Soft Cell"
+    },
+    {
+      "value": "Operation WizardOpium",
+      "uuid": "75db4269-924b-4771-8f62-0de600a43634",
+      "description": "We are calling these attacks Operation WizardOpium. So far, we have been unable to establish a definitive link with any known threat actors. There are certain very weak code similarities with Lazarus attacks, although these could very well be a false flag. The profile of the targeted website is more in line with earlier DarkHotel attacks that have recently deployed similar false flag attacks.",
+      "meta": {
+        "refs": [
+          "https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/"
+        ],
+        "threat-actor-classification": [
+          "campaign"
+        ]
+      }
    }
  ],
-  "version": 137
+  "version": 138
 }