From e7ca55277c666ff80415fd48194d8820d6dd3c88 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 31 Oct 2023 09:05:19 +0100
Subject: [PATCH] new: [threat-actor] Storm-0558 added + Fix #880

---
 clusters/threat-actor.json | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 80133a3..d97d664 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12059,7 +12059,29 @@
       },
       "uuid": "9ee446fd-b0cd-4662-9cd1-a60b429192db",
       "value": "Camaro Dragon"
+    },
+    {
+      "description": "Storm-0558 is a China-based threat actor with espionage objectives. While there are some minimal overlaps with other Chinese groups such as Violet Typhoon (ZIRCONIUM, APT31), Microsoft maintain high confidence that Storm-0558 operates as its own distinct group",
+      "meta": {
+        "attribution-confidence": "50",
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-suspected-victims": [
+          "United States"
+        ],
+        "cfr-target-category": [
+          "Government"
+        ],
+        "cfr-type-of-incident": "Espionage",
+        "country": "CN",
+        "references": [
+          "https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/",
+          "https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr",
+          "https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/"
+        ]
+      },
+      "uuid": "5b30bcb8-4923-45cc-bc89-29651ca5d54e",
+      "value": "Storm-0558"
     }
   ],
-  "version": 287
+  "version": 288
 }