From d4c2788b877a7f6c07305e360c37a4af920ebd14 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Wed, 29 Nov 2023 11:28:37 -0800
Subject: [PATCH] [threat-actors] Add LightBasin

---
 clusters/threat-actor.json | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index bf16ce6..ee93d17 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13553,6 +13553,22 @@
       },
       "uuid": "40375ed2-04ec-433f-969d-b9a004c0272e",
       "value": "DragonForce"
+    },
+    {
+      "description": "UNC1945 is an APT group that has been targeting telecommunications companies globally. They use Linux-based implants to maintain long-term access in compromised networks. UNC1945 has demonstrated advanced technical abilities, utilizing various tools and techniques to evade detection and move laterally through networks. They have also been observed targeting other industries, such as financial and professional consulting, and have been linked to other threat actors, including MustangPanada and RedDelta.",
+      "meta": {
+        "refs": [
+          "https://www.mandiant.com/resources/unc2891-overview",
+          "https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/",
+          "https://blog.talosintelligence.com/introducing-shrouded-snooper/"
+        ],
+        "synonyms": [
+          "UNC1945",
+          "CL-CRI-0025"
+        ]
+      },
+      "uuid": "a1955738-563c-413c-8602-ea5b8c89ce21",
+      "value": "LightBasin"
     }
   ],
   "version": 295