From 941ef757bb5fd8d92fb5ef550f65be88887ef88b Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 16 Nov 2023 07:10:18 -0800
Subject: [PATCH] [threat-actors] Add DriftingCloud

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index fac0ac6..b9005af 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13055,6 +13055,19 @@
       },
       "uuid": "e5c78742-bf60-4da8-b038-d548ae3f4ecb",
       "value": "MurenShark"
+    },
+    {
+      "description": "DriftingCloud is a persistent threat actor known for targeting various industries and locations. They are skilled at developing or acquiring zero-day exploits to gain unauthorized access to target networks. Compromising gateway devices is a common tactic used by DriftingCloud, making network monitoring solutions crucial for detecting their attacks.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://socradar.io/driftingcloud-apt-group-exploits-zero-day-in-sophos-firewall/",
+          "https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/",
+          "https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html"
+        ]
+      },
+      "uuid": "6f6b187b-971b-4df9-a7ef-9b3fd7e092f7",
+      "value": "DriftingCloud"
     }
   ],
   "version": 294