diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 5fb5f74e..d216fbc2 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -1538,6 +1538,23 @@ "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/silverterrier-next-evolution-in-nigerian-cybercrime.pdf" ] } + }, + { + "value": "WildNeutron", + "description": "A corporate espionage group has compromised a string of major corporations over the past three years in order to steal confidential information and intellectual property. The gang, which Symantec calls Butterfly, is not-state sponsored, rather financially motivated. It has attacked multi-billion dollar companies operating in the internet, IT software, pharmaceutical, and commodities sectors. Twitter, Facebook, Apple, and Microsoft are among the companies who have publicly acknowledged attacks.", + "meta": { + "country": "", + "refs": [ + "https://www.symantec.com/connect/blogs/butterfly-profiting-high-level-corporate-attacks", + "https://securelist.com/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/", + "https://research.kudelskisecurity.com/2015/11/05/sphinx-moth-expanding-our-knowledge-of-the-wild-neutron-morpho-apt/" + ], + "synonyms": [ + "Butterfly", + "Morpho", + "Sphinx Moth" + ] + } } ], "name": "Threat actor", @@ -1552,5 +1569,5 @@ ], "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", - "version": 21 + "version": 22 }