From bf1e09487598a87d28437cc5d8d9fac9d1e2096d Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 12 Nov 2024 06:58:59 -0800
Subject: [PATCH] [threat-actors] Add FrostyNeighbor

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index a5ae1a35..083cd33c 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17325,6 +17325,17 @@
       },
       "uuid": "4251393d-b7a4-4b23-b65a-2b7e8e4d63de",
       "value": "Nam3L3ss"
+    },
+    {
+      "description": "FrostyNeighbor is a Belarus-aligned APT group known for conducting influence and disinformation campaigns, particularly targeting Ukraine, Poland, and Lithuania. They have compromised various governmental and private sector entities, including the Polish Anti-Doping Agency, through hack-and-leak operations. The group is believed to collaborate with initial access brokers to exploit high-value targets, utilizing techniques such as zero-day vulnerabilities. Their operations are linked to cyber-enabled disinformation campaigns critical of the North Atlantic Alliance.",
+      "meta": {
+        "country": "BY",
+        "refs": [
+          "https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q2-2024-q3-2024.pdf"
+        ]
+      },
+      "uuid": "ca448608-83fa-467d-8637-1cf004fd8e8a",
+      "value": "FrostyNeighbor"
     }
   ],
   "version": 320