Merge pull request #265 from Delta-Sierra/master

new threat actors
pull/268/head
Alexandre Dulaunoy 2018-09-20 15:38:25 +02:00 committed by GitHub
commit c69aeb2f56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 125 additions and 4 deletions

View File

@ -1873,7 +1873,7 @@
"value": "Rocket Kitten"
},
{
"description": "A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies.",
"description": "A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies. This threat actor targets entities in the government, energy, and technology sectors that are located in or do business with Saudi Arabia.",
"meta": {
"cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
"cfr-suspected-victims": [
@ -1903,7 +1903,8 @@
"http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf",
"https://www.secureworks.com/research/the-curious-case-of-mia-ash",
"http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/",
"https://www.cfr.org/interactive/cyber-operations/operation-cleaver"
"https://www.cfr.org/interactive/cyber-operations/operation-cleaver",
"https://www.cfr.org/interactive/cyber-operations/magic-hound"
],
"synonyms": [
"Operation Cleaver",
@ -1914,7 +1915,8 @@
"Cobalt Gypsy",
"Ghambar",
"Cutting Kitten",
"Group 41"
"Group 41",
"Magic Hound"
]
},
"related": [
@ -5733,7 +5735,126 @@
]
},
"uuid": "6a0ea861-229a-45a6-98f5-228f69b43905"
},
{
"value": "Operation BugDrop",
"description": "This threat actor targets critical infrastructure entities in the oil and gas sector, primarily in Ukraine. The threat actors deploy the BugDrop malware to remotely access the microphones in their targets' computers to eavesdrop on conversations.",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/operation-bugdrop"
],
"cfr-suspected-victims": [
"Ukraine",
"Austria",
"Russia",
"Saudi Arabia"
],
"cfr-suspected-state-sponsor": "Russian Federation",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Private sector"
]
},
"uuid": "75ae52b2-bca3-11e8-af90-a78f33eee6c1"
},
{
"value": "Red October",
"description": "This threat actor targets governments, diplomatic missions, academics, and energy and aerospace organizations for the purpose of espionage. Also known as the Rocra and believed to be the same threat actor as Cloud Atlas",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/red-october"
],
"synonyms": [
"the Rocra"
],
"cfr-suspected-victims": [
"Russia",
"Belgium",
"Armenia",
"Ukraine",
"Belarus",
"Kazakhstan",
"India",
"Iran",
"United States",
"Greece",
"Azerbaijan",
"Afghanistan",
"Turkmenistan",
"Vietnam",
"Italy"
],
"cfr-suspected-state-sponsor": "Russian Federation",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Government",
"Private sector"
]
},
"uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0",
"related": [
{
"dest-uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "same-as"
}
]
},
{
"value": "Cloud Atlas",
"description": "This threat actor targets governments and diplomatic organizations for espionage purposes.",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas"
],
"cfr-suspected-victims": [
"Russia",
"India",
"Kazakhstan",
"Czech Republic",
"Belarus"
],
"cfr-suspected-state-sponsor": "Russian Federation",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Government"
]
},
"uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
"related": [
{
"dest-uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "same-as"
}
]
},
{
"value": "Unnamed Actor",
"description": "This threat actor compromises civil society groups the Chinese Communist Party views as hostile to its interests, such as Tibetan, Uyghur, Hong Kong, and Taiwanese activist. The threat actor also targeted the Myanmar electoral commission. ",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/unnamed-actor"
],
"cfr-suspected-victims": [
"China",
"Myanmar",
"Hong Kong",
"Taiwan"
],
"cfr-suspected-state-sponsor": "China",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Civil society",
"Government"
]
},
"uuid": "bea5e256-bcc0-11e8-a478-bbf7e7585a1e"
}
],
"version": 61
"version": 63
}