From 92f9ed1148b245b62ef892262dea6fb696f24674 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Thu, 14 Dec 2023 15:00:22 +0100
Subject: [PATCH] [threat-actors] Add Callisto aliases

---
 clusters/threat-actor.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f76a009..a00fe33 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -4751,14 +4751,16 @@
           "https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations",
           "https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign",
           "https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf",
-          "https://www.darkreading.com/attacks-breaches/russian-apt-bluecharlie-swaps-infrastructure-to-evade-detection"
+          "https://www.darkreading.com/attacks-breaches/russian-apt-bluecharlie-swaps-infrastructure-to-evade-detection",
+          "https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/"
         ],
         "synonyms": [
           "COLDRIVER",
           "SEABORGIUM",
           "TA446",
           "GOSSAMER BEAR",
-          "BlueCharlie"
+          "BlueCharlie",
+          "Star Blizzard"
         ],
         "targeted-sector": [
           "Government, Administration",