From ce4be94d8b9d6cdffa8785e36478ccfa04c11a09 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 8 Jan 2024 05:23:28 -0800
Subject: [PATCH] [threat-actors] Add KelvinSecurity

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 159f17b..4de8e76 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13926,6 +13926,20 @@
       },
       "uuid": "ef9f4e6d-4262-4fca-9535-56af9e46281f",
       "value": "Team-Xecuter"
+    },
+    {
+      "description": "KelvinSecurity is a hacker group that has been active since at least 2015. They are known for their hacktivist and black hat activities, targeting public and private organizations globally. The group sells and leaks databases, documents, and access belonging to their victims, often on the dark web or their own platforms. They have been involved in attacks against various sectors, including telecommunications, political parties, and healthcare.",
+      "meta": {
+        "country": "ES",
+        "refs": [
+          "https://securelist.com/kaspersky-security-bulletin-apt-predictions-2024/111048/",
+          "https://www.privacyaffairs.com/kelvinsecurity-hacking-group-morena/",
+          "https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-31/",
+          "https://www.ibtimes.com/anonymous-challenges-russias-supposed-cyber-prowess-repeat-rosatom-breach-leaks-data-3505131"
+        ]
+      },
+      "uuid": "7b8845d9-d7f5-4895-9dcc-54da3492bd55",
+      "value": "KelvinSecurity"
     }
   ],
   "version": 296