From e393780af898cbfe02804ee92df29295106311b0 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Mon, 2 Oct 2023 15:11:10 +0200
Subject: [PATCH] [threa-actors] Add Scattered Canary

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 60e1cae..ff32c7b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -11766,6 +11766,19 @@
       ],
       "uuid": "8cb6f57b-9ebb-45a6-a89f-9efdb8065d70",
       "value": "Storm-0324"
+    },
+    {
+      "description": "When the first member of Scattered Canary, who, for the purposes of this report, we call\nAlpha, began his operations, he was a lone wolf—working mostly Craigslist scams as he learned\nthe tricks of the trade from a mentor. However, within a few years, he had honed his craft\nenough to expand into romance scams, where he met his first “employee,” Beta. Once they\nhad secured enough mules via their romance scams to launder their stolen money, they shifted\nfrom targeting individuals to targeting enterprises, and the group’s BEC operation was born.",
+      "meta": {
+        "country": "Nigeria",
+        "motive": "Cybercrime",
+        "references": [
+          "https://cofense.com/blog/gift-card-fraud-ecosystem-shifts-what-paxfuls-closing-means-for-business-email-compromise/",
+          "https://static.fortra.com/agari/pdfs/guide/ag-scattered-canary-gd.pdf",
+          "https://www.agari.com/blog/covid-19-unemployment-fraud-cares-act?_gl=1%2Ayzg6ns%2A_ga%2AMTkyMzIyOTI4MC4xNjk2MjUyMDA2%2A_ga_NHMHGJWX49%2AMTY5NjI1MjAwNS4xLjAuMTY5NjI1MjAwNS42MC4wLjA.&utm_source=press-release&utm_medium=prnewswire&utm_campaign=scattered20"
+        ]
+      },
+      "value": "Scattered Canary"
     }
   ],
   "version": 282