From d1f382602c7ef63e64c44feeee287f518ffd371e Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Tue, 7 Nov 2023 14:47:11 +0100
Subject: [PATCH] [threat-actors] Add DustSquad

---
 clusters/threat-actor.json | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b5c6426..2430253 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12540,6 +12540,22 @@
       },
       "uuid": "51f056f5-b596-446e-9394-a310af4e2e75",
       "value": "Guacamaya"
+    },
+    {
+      "description": "Prodaft researchers have published a report on Paperbug, a cyber-espionage campaign carried out by suspected Russian-speaking group Nomadic Octopus and which targeted entities in Tajikistan. According to Prodaft, known compromised victims included high-ranking government officials, telcos, and public service infrastructures. Compromised devices also included OT devices, besides your typical computers, servers, and mobile devices. In typical Prodaft fashion, the company also gained access to one of the group's C&C server backend panels.",
+      "meta": {
+        "aliases": [
+          "Nomadic Octopus"
+        ],
+        "country": "RU",
+        "refs": [
+          "https://securelist.com/octopus-infested-seas-of-central-asia/88200/",
+          "https://www.prodaft.com/m/reports/PAPERBUG_TLPWHITE-1.pdf",
+          "https://www.virusbulletin.com/conference/vb2018/abstracts/nomadic-octopus-cyber-espionage-central-asia/"
+        ]
+      },
+      "uuid": "7b227f41-efea-4dc0-8a2a-148893795ce4",
+      "value": "DustSquad"
     }
   ],
   "version": 292