From cf895b3b200a858a5d8469b21ee93dfb597788f4 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 13 Nov 2023 04:36:57 -0800
Subject: [PATCH] [threat-actors] Add TA482

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 8452bb8..f7f9fc7 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12918,6 +12918,17 @@
       },
       "uuid": "7cae7378-5595-4d1e-be63-e13216162a20",
       "value": "TAG-56"
+    },
+    {
+      "description": "Since early 2022, Proofpoint researchers have observed a prolific threat actor, tracked as TA482, regularly engaging in credential harvesting campaigns that target the social media accounts of mostly US-based journalists and media organizations. This victimology, TA482’s use of services originating from Turkey to host its domains and infrastructure, as well as Turkey’s history of leveraging social media to spread pro-President Recep Tayyip Erdogan and pro-Justice and Development Party (Turkey’s ruling party) propaganda support Proofpoint’s assessment that TA482 is aligned with the Turkish state.",
+      "meta": {
+        "country": "TR",
+        "refs": [
+          "https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists"
+        ]
+      },
+      "uuid": "610a7301-5963-4653-8aa2-eeb8573dfad9",
+      "value": "TA482"
     }
   ],
   "version": 293