From a1dfeca461195951de91050d41184972a9aef953 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 1 Feb 2024 11:02:01 -0800
Subject: [PATCH] [threat-actors] Add Raspberry Typhoon

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 088da3b3..8be75777 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14406,6 +14406,20 @@
       },
       "uuid": "03ff54cf-f7d4-4606-a531-2ca6d4fa6a54",
       "value": "Ruby Sleet"
+    },
+    {
+      "description": "Microsoft has tracked Raspberry Typhoon (RADIUM) as the primary threat group targeting nations that ring the South China Sea. Raspberry Typhoon consistently targets government ministries, military entities, and corporate entities connected to critical infrastructure, particularly telecoms. Since January 2023, Raspberry Typhoon has been particularly persistent. When targeting government ministries or infrastructure, Raspberry Typhoon typically conducts intelligence collection and malware execution. In many countries, targets vary from defense and intelligence-related ministries to economic and trade-related ministries",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW"
+        ],
+        "synonyms": [
+          "RADIUM"
+        ]
+      },
+      "uuid": "37f012df-54d8-4b3d-a288-af47240430ea",
+      "value": "Raspberry Typhoon"
     }
   ],
   "version": 298