From d3836318a24a5d88442052a0920e7d5884315165 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 17 Nov 2023 02:59:55 -0800
Subject: [PATCH] [threat-actors] Add UNC4841

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index afc5ec0..87d7abc 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13125,6 +13125,19 @@
       },
       "uuid": "e284c356-4b77-4f86-a8f2-7793cbe8662b",
       "value": "AppMilad"
+    },
+    {
+      "description": "UNC4841 is a well-resourced threat actor that has utilized a wide range of malware and purpose-built tooling to enable their global espionage operations. They have been observed selectively deploying specific malware families at high priority targets, with SKIPJACK being the most widely deployed. UNC4841 primarily targeted government and technology organizations, but they have also been observed targeting other verticals.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://blog.polyswarm.io/unc4841-targeting-government-entities-with-barracuda-esg-0day-cve-2023-2868",
+          "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation",
+          "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
+        ]
+      },
+      "uuid": "8959fbb4-95f0-485d-bba2-db9140b95386",
+      "value": "UNC4841"
     }
   ],
   "version": 294