Merge pull request #969 from Mathieu4141/threat-actors/74b921ec-6404-4d0c-b49b-169be387d1f9

[threat actors] add 2 actors
[threat-actors] Add USDoD
2024-04-26 20:05:16 +02:00 · 2024-04-26 09:01:34 -07:00 · 2024-04-26 09:01:34 -07:00
1 changed files with 26 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -15917,6 +15917,32 @@
      },
      "uuid": "97a10d3b-5cb5-4df9-856c-515994f3e953",
      "value": "ArcaneDoor"
+    },
+    {
+      "description": "UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called \"Line Runner\" and \"Line Dancer.\" The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/"
+        ],
+        "synonyms": [
+          "UAT4356"
+        ]
+      },
+      "uuid": "3d94ef07-9fd6-4d64-bf1e-f1316f2686a4",
+      "value": "STORM-1849"
+    },
+    {
+      "description": "USDoD is a threat actor known for leaking large databases of personal information, including from companies like Airbus and the U.S. Environmental Protection Agency. They have a history of engaging in high-profile data breaches, such as exposing data from the FBI's InfraGard program. USDoD has also been involved in web scraping to obtain information from websites like LinkedIn.",
+      "meta": {
+        "refs": [
+          "https://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/",
+          "https://www.cysecurity.news/2023/09/transunion-refutes-data-breach-reports.html",
+          "https://socradar.io/unmasking-usdod-the-enigma-of-the-cyber-realm/",
+          "https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/"
+        ]
+      },
+      "uuid": "d6882fb9-d1e4-4cec-889c-5423c772d199",
+      "value": "USDoD"
    }
  ],
  "version": 308
Author	SHA1	Message	Date
Alexandre Dulaunoy	e97c01101a	Merge pull request #969 from Mathieu4141/threat-actors/74b921ec-6404-4d0c-b49b-169be387d1f9 [threat actors] add 2 actors	2024-04-26 20:05:16 +02:00
Mathieu4141	dd14938a49	[threat-actors] Add USDoD	2024-04-26 09:01:34 -07:00
Mathieu4141	2bf2bad2a9	[threat-actors] Add STORM-1849	2024-04-26 09:01:34 -07:00