[threat-actors] Add Raspberry Typhoon

2024-02-01 11:02:01 -08:00 · 2024-02-01 11:02:01 -08:00 · a1dfeca461
parent 7a2cfa4f42
commit a1dfeca461
1 changed files with 14 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -14406,6 +14406,20 @@
      },
      "uuid": "03ff54cf-f7d4-4606-a531-2ca6d4fa6a54",
      "value": "Ruby Sleet"
+    },
+    {
+      "description": "Microsoft has tracked Raspberry Typhoon (RADIUM) as the primary threat group targeting nations that ring the South China Sea. Raspberry Typhoon consistently targets government ministries, military entities, and corporate entities connected to critical infrastructure, particularly telecoms. Since January 2023, Raspberry Typhoon has been particularly persistent. When targeting government ministries or infrastructure, Raspberry Typhoon typically conducts intelligence collection and malware execution. In many countries, targets vary from defense and intelligence-related ministries to economic and trade-related ministries",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW"
+        ],
+        "synonyms": [
+          "RADIUM"
+        ]
+      },
+      "uuid": "37f012df-54d8-4b3d-a288-af47240430ea",
+      "value": "Raspberry Typhoon"
    }
  ],
  "version": 298