Merge pull request #660 from r0ny123/patch-1

References for APT40, APT31 & HAFNIUM
2021-07-21 22:19:53 +02:00 · 2021-07-21 22:19:53 +02:00 · 8f0a1642e0
parent 6c8949caa9 636ccdedcd
commit 8f0a1642e0
1 changed files with 29 additions and 3 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -5751,7 +5751,19 @@
          "https://www.secureworks.com/research/threat-profiles/bronze-mohawk",
          "https://www.mycert.org.my/portal/advisory?id=MA-774.022020",
          "https://www.elastic.co/blog/advanced-techniques-used-in-malaysian-focused-apt-campaign",
-          "https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/"
+          "https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/",
+          "https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion",
+          "https://www.justice.gov/opa/press-release/file/1412916/download",
+          "https://www.justice.gov/opa/press-release/file/1412921/download",
+          "https://us-cert.cisa.gov/ncas/alerts/aa21-200a",
+          "https://us-cert.cisa.gov/ncas/alerts/aa21-200b",
+          "https://www.canada.ca/en/global-affairs/news/2021/07/statement-on-chinas-cyber-campaigns.html",
+          "https://www.ncsc.gov.uk/news/uk-allies-hold-chinese-state-responsible-for-pervasive-pattern-of-hacking",
+          "https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking",
+          "https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks",
+          "https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china",
+          "https://www.mofa.go.jp/press/danwa/press6e_000312.html",
+          "https://www.consilium.europa.eu/en/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-its-territory"
        ],
        "synonyms": [
          "TEMP.Periscope",
@ -7205,7 +7217,18 @@
          "https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains",
          "https://www.secureworks.com/research/threat-profiles/bronze-vinewood",
          "https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report",
-          "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf"
+          "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
+          "https://research.checkpoint.com/2021/the-story-of-jian",
+          "https://supo.fi/-/suojelupoliisi-tunnisti-eduskuntaan-kohdistuneen-kybervakoiluoperaation-apt31-ksi",
+          "https://poliisi.fi/-/eduskunnan-tietojarjestelmiin-kohdistuneen-tietomurron-tutkinnassa-selvitetaan-yhteytta-apt31-toimijaan",
+          "https://pst.no/alle-artikler/pressemeldinger/etterforskningen-av-datanettverksoperasjonen-mot-fylkesmannsembetene-er-avsluttet",
+          "https://www.nrk.no/norge/pst_-har-etterretning-om-at-kinesisk-gruppe-stod-bak-dataangrep-mot-statsforvaltere-1.15540601",
+          "https://www.ncsc.gov.uk/news/uk-allies-hold-chinese-state-responsible-for-pervasive-pattern-of-hacking",
+          "https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking",
+          "https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china",
+          "https://www.consilium.europa.eu/en/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-its-territory/",
+          "https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-003",
+          "https://twitter.com/bkMSFT/status/1417823714922610689"
        ],
        "synonyms": [
          "APT 31",
@ -8383,7 +8406,10 @@
          "https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/Execution/exchange-iis-worker-dropping-webshell.md",
          "https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server",
          "https://www.nextron-systems.com/2021/03/06/scan-for-hafnium-exploitation-evidence-with-thor-lite",
-          "https://www.thedailybeast.com/how-chinas-devastating-microsoft-hack-puts-us-all-at-risk"
+          "https://www.thedailybeast.com/how-chinas-devastating-microsoft-hack-puts-us-all-at-risk",
+          "https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks",
+          "https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking",
+          "https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china"
        ]
      },
      "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",