new: [threat-actor] Storm-0558 added + Fix #880

2023-10-31 09:05:19 +01:00 · 2023-10-31 09:05:19 +01:00 · e7ca55277c
parent 38afdbb80f
commit e7ca55277c
1 changed files with 23 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -12059,7 +12059,29 @@
      },
      "uuid": "9ee446fd-b0cd-4662-9cd1-a60b429192db",
      "value": "Camaro Dragon"
+    },
+    {
+      "description": "Storm-0558 is a China-based threat actor with espionage objectives. While there are some minimal overlaps with other Chinese groups such as Violet Typhoon (ZIRCONIUM, APT31), Microsoft maintain high confidence that Storm-0558 operates as its own distinct group",
+      "meta": {
+        "attribution-confidence": "50",
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-suspected-victims": [
+          "United States"
+        ],
+        "cfr-target-category": [
+          "Government"
+        ],
+        "cfr-type-of-incident": "Espionage",
+        "country": "CN",
+        "references": [
+          "https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/",
+          "https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr",
+          "https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/"
+        ]
+      },
+      "uuid": "5b30bcb8-4923-45cc-bc89-29651ca5d54e",
+      "value": "Storm-0558"
    }
  ],
-  "version": 287
+  "version": 288
 }