Skip to content

Commit

Permalink
new: [threat-actor] Storm-0558 added + Fix #880
Browse files Browse the repository at this point in the history
  • Loading branch information
adulau committed Oct 31, 2023
1 parent 38afdbb commit e7ca552
Showing 1 changed file with 23 additions and 1 deletion.
24 changes: 23 additions & 1 deletion clusters/threat-actor.json
Original file line number Diff line number Diff line change
Expand Up @@ -12059,7 +12059,29 @@
},
"uuid": "9ee446fd-b0cd-4662-9cd1-a60b429192db",
"value": "Camaro Dragon"
},
{
"description": "Storm-0558 is a China-based threat actor with espionage objectives. While there are some minimal overlaps with other Chinese groups such as Violet Typhoon (ZIRCONIUM, APT31), Microsoft maintain high confidence that Storm-0558 operates as its own distinct group",
"meta": {
"attribution-confidence": "50",
"cfr-suspected-state-sponsor": "China",
"cfr-suspected-victims": [
"United States"
],
"cfr-target-category": [
"Government"
],
"cfr-type-of-incident": "Espionage",
"country": "CN",
"references": [
"https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/",
"https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr",
"https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/"
]
},
"uuid": "5b30bcb8-4923-45cc-bc89-29651ca5d54e",
"value": "Storm-0558"
}
],
"version": 287
"version": 288
}

0 comments on commit e7ca552

Please sign in to comment.