Merge pull request #735 from nyx0/main

Add POLONIUM TA.
2022-07-12 18:41:02 +02:00 · 2022-07-12 18:41:02 +02:00 · a82bf23b3e
parent 684c6be358 90da0d798f
commit a82bf23b3e
1 changed files with 28 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -9542,7 +9542,34 @@
      },
      "uuid": "091a0b69-74de-44b6-bb12-16b7a8fd078b",
      "value": "ToddyCat"
+    },
+    {
+      "description": "Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.",
+      "meta": {
+        "attribution-confidence": "75",
+        "cfr-suspected-state-sponsor": "Lebanon",
+        "cfr-suspected-victims": [
+          "Israel"
+        ],
+        "cfr-target-category": [
+          "Critical manufacturing",
+          "Defense industrial base",
+          "Financial services",
+          "Food and agriculture",
+          "Government agencies and services",
+          "Healthcare and public health",
+          "Information technology",
+          "Transportation systems"
+        ],
+        "cfr-type-of-incident": "Espionage",
+        "country": "LB",
+        "refs": [
+          "https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/"
+        ]
+      },
+      "uuid": "3c5129ea-8f18-4bcf-a33b-b5aab0720494",
+      "value": "POLONIUM"
    }
  ],
-  "version": 229
+  "version": 230
 }