new threat actors

2018-09-20 12:10:20 +02:00 · 2018-09-20 12:10:20 +02:00 · d0864a6531
parent 0a724bee3d
commit d0864a6531
1 changed files with 103 additions and 4 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -1873,7 +1873,7 @@
      "value": "Rocket Kitten"
    },
    {
-      "description": "A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies.",
+      "description": "A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies. This threat actor targets entities in the government, energy, and technology sectors that are located in or do business with Saudi Arabia.",
      "meta": {
        "cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
        "cfr-suspected-victims": [
@ -1903,7 +1903,8 @@
          "http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf",
          "https://www.secureworks.com/research/the-curious-case-of-mia-ash",
          "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/",
-          "https://www.cfr.org/interactive/cyber-operations/operation-cleaver"
+          "https://www.cfr.org/interactive/cyber-operations/operation-cleaver",
+          "https://www.cfr.org/interactive/cyber-operations/magic-hound"
        ],
        "synonyms": [
          "Operation Cleaver",
@ -1914,7 +1915,8 @@
          "Cobalt Gypsy",
          "Ghambar",
          "Cutting Kitten",
-          "Group 41"
+          "Group 41",
+          "Magic Hound"
        ]
      },
      "related": [
@ -5733,7 +5735,104 @@
        ]
      },
      "uuid": "6a0ea861-229a-45a6-98f5-228f69b43905"
+    },
+    {
+      "value": "Operation BugDrop",
+      "description": "This threat actor targets critical infrastructure entities in the oil and gas sector, primarily in Ukraine. The threat actors deploy the BugDrop malware to remotely access the microphones in their targets' computers to eavesdrop on conversations.",
+      "meta": {
+        "refs": [
+          "https://www.cfr.org/interactive/cyber-operations/operation-bugdrop"
+        ],
+        "cfr-suspected-victims": [
+          "Ukraine",
+          "Austria",
+          "Russia",
+          "Saudi Arabia"
+        ],
+        "cfr-suspected-state-sponsor": "Russian Federation",
+        "cfr-type-of-incident": "Espionage",
+        "cfr-target-category": [
+          "Private sector"
+        ]
+      },
+      "uuid": "75ae52b2-bca3-11e8-af90-a78f33eee6c1"
+    },
+    {
+      "value": "Red October",
+      "description": "This threat actor targets governments, diplomatic missions, academics, and energy and aerospace organizations for the purpose of espionage. Also known as the Rocra and believed to be the same threat actor as Cloud Atlas",
+      "meta": {
+        "refs": [
+          "https://www.cfr.org/interactive/cyber-operations/red-october"
+        ],
+        "synonyms": [
+          "the Rocra"
+        ],
+        "cfr-suspected-victims": [
+          "Russia",
+          "Belgium",
+          "Armenia",
+          "Ukraine",
+          "Belarus",
+          "Kazakhstan",
+          "India",
+          "Iran",
+          "United States",
+          "Greece",
+          "Azerbaijan",
+          "Afghanistan",
+          "Turkmenistan",
+          "Vietnam",
+          "Italy"
+        ],
+        "cfr-suspected-state-sponsor": "Russian Federation",
+        "cfr-type-of-incident": "Espionage",
+        "cfr-target-category": [
+          "Government",
+          "Private sector"
+        ]
+      },
+      "uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0",
+      "related": [
+        {
+          "dest-uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "same-as"
+        }
+      ]
+    },
+    {
+      "value": "Cloud Atlas",
+      "description": "This threat actor targets governments and diplomatic organizations for espionage purposes.",
+      "meta": {
+        "refs": [
+          "https://www.cfr.org/interactive/cyber-operations/cloud-atlas"
+        ],
+        "cfr-suspected-victims": [
+          "Russia",
+          "India",
+          "Kazakhstan",
+          "Czech Republic",
+          "Belarus"
+        ],
+        "cfr-suspected-state-sponsor": "Russian Federation",
+        "cfr-type-of-incident": "Espionage",
+        "cfr-target-category": [
+          "Government"
+        ]
+      },
+      "uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
+      "related": [
+        {
+          "dest-uuid": "358b8982-bcaa-11e8-8a5b-4b618197c5b0",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "same-as"
+        }
+      ]
    }
  ],
-  "version": 61
+  "version": 62
 }