From a3802487a4b555a8d5cf7890bf30ffd4986f782b Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 13 Nov 2023 04:36:57 -0800
Subject: [PATCH] [threat-actors] Add XakNet

---
 clusters/threat-actor.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f7f9fc7..dda0abb 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12929,6 +12929,18 @@
       },
       "uuid": "610a7301-5963-4653-8aa2-eeb8573dfad9",
       "value": "TA482"
+    },
+    {
+      "description": "XakNet is a self-proclaimed hacktivist group that has targeted Ukraine. They claim to be comprised of Russian patriotic volunteers and have conducted various threat activities, including DDoS attacks, compromises, data leaks, and website defacements. They coordinate their operations with other hacktivist groups and have connections to APT28, a cyber espionage group sponsored by the GRU.",
+      "meta": {
+        "country": "RU",
+        "refs": [
+          "https://www.mandiant.com/resources/blog/gru-rise-telegram-minions",
+          "https://www.mandiant.com/resources/blog/gru-disruptive-playbook"
+        ]
+      },
+      "uuid": "566752f5-a294-4430-b47e-8e705f9887ea",
+      "value": "XakNet"
     }
   ],
   "version": 293