From ed0d3c6f57abd5b89dd47835e3694e60d66eeee3 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 17 Nov 2023 02:59:55 -0800
Subject: [PATCH] [threat-actors] Add CL-STA-0043

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 87d7abc..bcd9653 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13138,6 +13138,17 @@
       },
       "uuid": "8959fbb4-95f0-485d-bba2-db9140b95386",
       "value": "UNC4841"
+    },
+    {
+      "description": "CL-STA-0043 is a highly skilled and sophisticated threat actor, believed to be a nation-state, targeting governmental entities in the Middle East and Africa. They exploit vulnerabilities in on-premises Internet Information Services and Microsoft Exchange servers to infiltrate target networks. They engage in reconnaissance, locate vital assets, and have been observed using native Windows tools for privilege escalation.",
+      "meta": {
+        "refs": [
+          "https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-june-2023/",
+          "https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-uncovering-a-new-activity-group-targeting-governments-in-the-middle-east-and-africa/"
+        ]
+      },
+      "uuid": "5d0aee14-f18a-44da-a44d-28d950f06b9c",
+      "value": "CL-STA-0043"
     }
   ],
   "version": 294