[threat-actors] Add Cotton Sandstorm

2024-01-22 10:01:13 -08:00 · 2024-01-22 10:01:13 -08:00 · b8a504c174
parent b61a0a60a2
commit b8a504c174
1 changed files with 19 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -14094,6 +14094,25 @@
      },
      "uuid": "6a77a337-bfa0-416c-8c06-1d489d0d6838",
      "value": "Caliente Bandits"
+    },
+    {
+      "description": "Cotton Sandstorm is an Iranian threat actor involved in hack-and-leak operations. They have targeted various organizations, including the French satirical magazine Charlie Hebdo, where they obtained and leaked personal information of over 200,000 customers. The group has been linked to the Iranian government and has been sanctioned by the US Treasury",
+      "meta": {
+        "country": "IR",
+        "refs": [
+          "https://blog.sekoia.io/iran-cyber-threat-overview/",
+          "https://blogs.microsoft.com/on-the-issues/2023/02/03/dtac-charlie-hebdo-hack-iran-neptunium/",
+          "https://www.ic3.gov/Media/News/2022/220126.pdf",
+          "https://www.microsoft.com/en-us/security/business/security-insider/threat-briefs/iran-response-for-charlie-hebdo-attacks/"
+        ],
+        "synonyms": [
+          "Emennet Pasargad",
+          "Holy Souls",
+          "NEPTUNIUM"
+        ]
+      },
+      "uuid": "bbb389f2-344f-4ca8-a9c9-902061f88deb",
+      "value": "Cotton Sandstorm"
    }
  ],
  "version": 297