From b3584d5f9c86f9af0fe0285a5b0a968f0ab864d3 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Mon, 13 Nov 2023 04:36:57 -0800 Subject: [PATCH] [threat-actors] Add Zarya --- clusters/threat-actor.json | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index dda0abb..ba3f8d3 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12941,6 +12941,21 @@ }, "uuid": "566752f5-a294-4430-b47e-8e705f9887ea", "value": "XakNet" + }, + { + "description": "Zarya is a pro-Russian hacktivist group that emerged in March 2022. Initially operating as a special forces unit under the command of Killnet, Zarya has since become an independent entity. The group is primarily known for engaging in Denial-of-Service attacks, website defacement campaigns, and data leaks. Zarya targets government agencies, service providers, critical infrastructure, and civil service employees, both domestically and internationally.", + "meta": { + "country": "RU", + "refs": [ + "https://www.mandiant.com/resources/blog/killnet-new-capabilities-older-tactics", + "https://www.cyfirma.com/?post_type=out-of-band&p=17397", + "https://www.reversinglabs.com/blog/the-week-in-security-possible-colonial-pipeline-2.0-ransomware-hurts-small-american-eateries", + "https://channellife.com.au/story/the-increasing-presence-of-pro-russia-hacktivists", + "https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/" + ] + }, + "uuid": "3689f0e2-6c39-4864-ae0b-cc03e4cb695a", + "value": "Zarya" } ], "version": 293