From 94a76ab5a8fb2e95165758f0196f02eb6244b092 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 17 Apr 2024 10:09:09 -0700
Subject: [PATCH] [threat-actors] Add BlackJack

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 03c51de..4d5c81e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15582,6 +15582,20 @@
       },
       "uuid": "85db04b5-1ec2-4e25-908a-f53576bd175a",
       "value": "Smishing Triad"
+    },
+    {
+      "description": "Blackjack, a threat actor linked to Ukraine's security apparatus, has targeted critical Russian entities such as ISPs, utilities, and military infrastructure. They have claimed responsibility for launching cyberattacks resulting in substantial damage and data exfiltration. The group allegedly used the Fuxnet malware to target sensor gateways connected to internet-connected sensors, impacting infrastructure monitoring systems. Blackjack has also been involved in attacks against companies like Moscollector, causing disruptions and stealing sensitive data.",
+      "meta": {
+        "country": "UA",
+        "refs": [
+          "https://www.enigmasoftware.com/fuxneticsmalware-removal/",
+          "https://www.securityweek.com/destructive-ics-malware-fuxnet-used-by-ukraine-against-russian-infrastructure/",
+          "https://claroty.com/team82/research/unpacking-the-blackjack-groups-fuxnet-malware",
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-update-pro-ukraine-hacktivists-breach-russian-isp-as-revenge-for-kyivstar-attack/"
+        ]
+      },
+      "uuid": "a5aa9b72-2bfb-427c-97fc-6ec04357233b",
+      "value": "BlackJack"
     }
   ],
   "version": 305