Update threat-actor.json

clusters/threat-actor.json

@@ -4859,8 +4859,22 @@
           "https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations",
           "https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign",
           "https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf",
-          "https://www.darkreading.com/attacks-breaches/russian-apt-bluecharlie-swaps-infrastructure-to-evade-detection",
-          "https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/"
+          "https://www.recordedfuture.com/research/bluecharlie-previously-tracked-as-tag-53-continues-to-deploy-new-infrastructure-in-2023",
+          "https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/",
+          "https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf",
+          "https://www.ncsc.gov.uk/files/Advisory-Russian-FSB-cyber-actor-star-blizzard-continues-worldwide-spear-sphishing-campaigns.pdf",
+          "https://www.gov.uk/government/news/uk-exposes-attempted-russian-cyber-interference-in-politics-and-democratic-processes",
+          "https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-global-elections",
+          "https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics",
+          "https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware",
+          "https://citizenlab.ca/2024/08/sophisticated-phishing-targets-russias-perceived-enemies-around-the-globe/",
+          "https://www.gov.uk/government/news/uk-exposes-attempted-russian-cyber-interference-in-politics-and-democratic-processes",
+          "https://citizenlab.ca/2024/10/disrupting-coldriver/",
+          "https://blogs.microsoft.com/on-the-issues/2024/10/03/protecting-democratic-institutions-from-cyber-threats/",
+          "https://www.justice.gov/opa/pr/justice-department-disrupts-russian-intelligence-spear-phishing-efforts",
+          "https://www.justice.gov/opa/pr/two-russian-nationals-working-russias-federal-security-service-charged-global-computer",
+          "https://www.justice.gov/opa/media/1327601/dl?inline",
+          "https://www.noticeofpleadings.com/starblizzard/"
         ],
         "synonyms": [
           "COLDRIVER",
@@ -4868,7 +4882,11 @@
           "TA446",
           "GOSSAMER BEAR",
           "BlueCharlie",
-          "Star Blizzard"
+          "Star Blizzard",
+          "TAG-53",
+          "IRON FRONTIER",
+          "UNC4057",
+          "Blue Callisto"
         ],
         "targeted-sector": [
           "Government, Administration",
@@ -4877,15 +4895,6 @@
           "Journalist"
         ]
       },
-      "related": [
-        {
-          "dest-uuid": "06630ccd-98ed-5aec-8083-e04c894bd2d6",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        }
-      ],
       "uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
       "value": "Callisto"
     },
@@ -11665,27 +11674,6 @@
       "uuid": "171d0590-be92-443f-addb-af5dc2a8034d",
       "value": "Evasive Panda"
     },
-    {
-      "description": "A Russia-linked threat actor tracked as TAG-53 is running phishing campaigns impersonating various defense, aerospace, and logistic companies, according to The Record by Recorded Future. Recorded Future’s Insikt Group identified overlaps with a threat actor tracked by other companies as Callisto Group, COLDRIVER, and SEABORGIUM.",
-      "meta": {
-        "refs": [
-          "https://blog.knowbe4.com/russian-threat-actor-impersonates-aerospace-and-defense-companies",
-          "https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations?utm_campaign=PostBeyond&utm_source=Twitter&utm_medium=359877&utm_term=Exposing+TAG-53%E2%80%99s+Credential+Harvesting+Infrastructure+Used+for+Russia-Aligned+Espionage+Operations",
-          "https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf"
-        ]
-      },
-      "related": [
-        {
-          "dest-uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "overlaps"
-        }
-      ],
-      "uuid": "e5865ca1-ec95-43e2-954a-d0f3507a9747",
-      "value": "TAG-53"
-    },
     {
       "description": "This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan.",
       "meta": {