adding Google names for RU threat actors

https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/
2023-02-16 14:30:05 +01:00 · 2023-02-16 14:30:05 +01:00 · 91255413d8
parent 73bd7d0983
commit 91255413d8
1 changed files with 20 additions and 10 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -2160,7 +2160,8 @@
          "https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/",
          "https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/",
          "https://unit42.paloaltonetworks.com/atoms/fighting-ursa/",
-          "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag"
+          "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
+          "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
        ],
        "synonyms": [
          "Pawn Storm",
@ -2183,7 +2184,8 @@
          "TA422",
          "T-APT-12",
          "APT-C-20",
-          "UAC-0028"
+          "UAC-0028",
+          "FROZENLAKE"
        ]
      },
      "related": [
@ -2336,7 +2338,8 @@
          "https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/",
          "https://www.secureworks.com/research/threat-profiles/iron-hunter",
          "https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/",
-          "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag"
+          "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
+          "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
        ],
        "synonyms": [
          "Snake",
@ -2357,7 +2360,8 @@
          "ATK13",
          "G0010",
          "ITG12",
-          "Blue Python"
+          "Blue Python",
+          "SUMMIT"
        ]
      },
      "related": [
@ -2494,7 +2498,8 @@
          "https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine",
          "https://www.welivesecurity.com/2017/05/23/xdata-ransomware-making-rounds-amid-global-wannacryptor-scare",
          "https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine",
-          "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back"
+          "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back",
+          "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
        ],
        "synonyms": [
          "Quedagh",
@ -2505,7 +2510,8 @@
          "ELECTRUM",
          "TeleBots",
          "IRIDIUM",
-          "Blue Echidna"
+          "Blue Echidna",
+          "FROZENBARENTS"
        ]
      },
      "related": [
@ -8248,11 +8254,13 @@
          "https://twitter.com/hatr/status/1377220336597483520",
          "https://www.mandiant.com/resources/unc1151-linked-to-belarus-government",
          "https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers",
-          "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag"
+          "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
+          "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
        ],
        "synonyms": [
          "UNC1151",
-          "TA445"
+          "TA445",
+          "PUSHCHA"
        ]
      },
      "uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
@ -8955,14 +8963,16 @@
          "https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/",
          "https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/",
          "https://unit42.paloaltonetworks.com/atoms/nascentursa/",
-          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer"
+          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer",
+          "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
        ],
        "synonyms": [
          "UNC2589",
          "TA471",
          "UAC-0056",
          "Nascent Ursa",
-          "Nodaria"
+          "Nodaria",
+          "FROZENVISTA"
        ]
      },
      "uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",