[threat-actors] Add Pink Sandstorm

2024-02-01 11:02:02 -08:00 · 2024-02-01 11:02:02 -08:00 · ae82f07fd8
parent 22d3ea5ebf
commit ae82f07fd8
1 changed files with 23 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -14499,6 +14499,29 @@
      },
      "uuid": "5ec7a98e-9725-4f87-8a6e-91e2b4ba04ac",
      "value": "Storm-1044"
+    },
+    {
+      "description": "Agonizing Serpens is an Iranian-linked APT group that has been active since 2020. They are known for their destructive wiper and fake-ransomware attacks, primarily targeting Israeli organizations in the education and technology sectors. The group has strong connections to Iran's Ministry of Intelligence and Security and has been observed using various tools and techniques to bypass security measures. They aim to steal sensitive information, including PII and intellectual property, and inflict damage by wiping endpoints.",
+      "meta": {
+        "country": "IR",
+        "refs": [
+          "https://www.oodaloop.com/archive/2024/01/02/critical-infrastructure-remains-the-brass-ring-for-cyber-attackers-in-2024/",
+          "https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors/",
+          "https://socprime.com/blog/agonizing-serpens-attack-detection-iran-backed-hackers-target-israeli-tech-firms-and-educational-institutions/",
+          "https://therecord.media/iran-linked-hackers-target-israel-education-tech-sectors",
+          "https://www.enigmasoftware.com/moneybirdransomware-removal/",
+          "https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-organizations/"
+        ],
+        "synonyms": [
+          "AMERICIUM",
+          "BlackShadow",
+          "DEV-0022",
+          "Agrius",
+          "Agonizing Serpens"
+        ]
+      },
+      "uuid": "0876c327-c82a-45f7-82fa-267c312ceb05",
+      "value": "Pink Sandstorm"
    }
  ],
  "version": 298