From d3d241ca547676c076e6fe4feadfc4df8c219b0d Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Wed, 2 Mar 2022 13:53:29 +0100 Subject: [PATCH] Update Gamaredon target --- clusters/threat-actor.json | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 7e15b541..de827d5d 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -4190,6 +4190,12 @@ { "description": "Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities.", "meta": { + "cfr-suspected-victims": [ + "Ukraine" + ], + "cfr-target-category": [ + "Government" + ], "refs": [ "http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution", "https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf", @@ -4200,7 +4206,8 @@ "https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine", "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/", - "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/" + "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/", + "https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/" ], "synonyms": [ "Primitive Bear",