From f759525c251aded26d18da808de89a0b6173a27e Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 16 Nov 2023 07:10:18 -0800
Subject: [PATCH] [threat-actors] Add Chernovite

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1187c10..ada4f3e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13028,6 +13028,20 @@
       },
       "uuid": "fcb18ca2-ea45-4f5c-a827-ed8b6b697a08",
       "value": "VulzSecTeam"
+    },
+    {
+      "description": "Chernovite is a highly capable and sophisticated threat actor group that has developed a modular ICS malware framework called PIPEDREAM. They are known for targeting industrial control systems and operational technology environments, with the ability to disrupt, degrade, and potentially destroy physical processes. Chernovite has demonstrated a deep understanding of ICS protocols and intrusion techniques, making them a significant threat to critical infrastructure sectors.",
+      "meta": {
+        "country": "RU",
+        "refs": [
+          "https://www.dragos.com/blog/pipedream-mousehole-opcua-module/",
+          "https://www.dragos.com/blog/industry-news/chernovite-pipedream-malware-targeting-industrial-control-systems/",
+          "https://www.dragos.com/threats/the-2022-ics-ot-vulnerability-briefing-recap/",
+          "https://www.dragos.com/blog/responding-to-chernovites-pipedream-with-dragos-global-services/"
+        ]
+      },
+      "uuid": "2ce00149-9a25-4dea-8dd5-59bdb68d11a1",
+      "value": "Chernovite"
     }
   ],
   "version": 294