From f4d69382cf2d836ef965f1f625fb02e0abac81da Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 15 Feb 2024 03:42:29 -0800
Subject: [PATCH] [threat-actors] Add Blackatom

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index ca2f74f..836beb2 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14991,6 +14991,17 @@
       },
       "uuid": "1697dace-fe21-452c-acee-bef62fc5e386",
       "value": "TA2725"
+    },
+    {
+      "description": "Recent campaigns suggest Hamas-linked actors may be advancing their\nTTPs to include intricate social engineering lures specially crafted to\nappeal to a niche group of high value targets. In September 2023, a Palestine-based group likely linked to Hamas targeted Israeli software engineers\nusing an elaborate social engineering ruse that ultimately installed malware\nand stole cookies. The attackers, which Google’s Threat Analysis Group (TAG) tracks as BLACKATOM, posed as employees of legitimate companies\nand reached out via LinkedIn to invite targets to apply for software development freelance opportunities. Targets included software engineers in\nthe Israeli military, as well as Israel’s aerospace and defense industry",
+      "meta": {
+        "country": "PS",
+        "refs": [
+          "https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf"
+        ]
+      },
+      "uuid": "264687b8-82f4-43b5-b7bb-dc3e0b9246bc",
+      "value": "Blackatom"
     }
   ],
   "version": 300