From 06c293072cbaa64398a30219b1a639d5b6308489 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Wed, 4 May 2022 13:21:56 +0200
Subject: [PATCH] Update threat-actor.json

adding UNC3524 to the actor galaxy cluster.
---
 clusters/threat-actor.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index c8829930..c73fcf1a 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9183,7 +9183,18 @@
       },
       "uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",
       "value": "SaintBear"
+    },
+    {
+      "description": "Mandiant observed this group operating since December 2019. Its techniques partially overlap with multiple Russian-based espionage actors (APT28 and APT29). They are described as having a high level of operational security, low malware footprint, adept evasive skills, and a large Internet of Things (IoT) device botnet at their disposal.",
+      "meta": {
+        "cfr-type-of-incident": "Espionage",
+        "refs": [
+          "https://www.mandiant.com/resources/unc3524-eye-spy-email"
+        ]
+      },
+      "uuid": "bee8b09c-07e5-4c12-94d6-266ebcb1ec24",
+      "value": "UNC3524"
     }
   ],
-  "version": 219
+  "version": 220
 }