From b59b270500549ee1ed155f0dae8506a652dfeea6 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 8 Nov 2023 06:14:54 -0800
Subject: [PATCH] [threat-actors] Add SingularityMD

---
 clusters/threat-actor.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index aef7928..eab8e9e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12811,6 +12811,18 @@
       },
       "uuid": "be4ea668-6a74-44d9-946e-e98e64a8855b",
       "value": "Dalbit"
+    },
+    {
+      "description": "SingularityMD is a threat actor group that has targeted educational institutions in the US. They gained unauthorized access to their networks by exploiting weak security practices, such as using students' dates of birth as passwords. SingularityMD demanded a ransom in cryptocurrency and threatened to leak stolen information if not paid. They have demonstrated a willingness to follow through on their threats and have already leaked some data.",
+      "meta": {
+        "refs": [
+          "https://www.databreaches.net/jeffco-public-schools-hit-by-the-same-threat-actors-that-hit-clark-county-school-district-and-via-the-same-way/",
+          "https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/",
+          "https://www.databreaches.net/hackers-escalate-leak-200k-ccsd-students-data-claim-to-still-have-access-to-ccsd-email-system/"
+        ]
+      },
+      "uuid": "d52a06dd-3ee9-47cf-ad31-b55ca4cbc5cf",
+      "value": "SingularityMD"
     }
   ],
   "version": 293