Turla and APT26 share the same synonym #942

frenkiesp · 2024-03-05T14:28:23Z

Hello,
We noticed that the threat actors Turla and APT26 share the same alias/synonym "Hippo Team". How is this possible? Is this a mistake?
Thanks.
Francesco

adulau · 2024-03-08T07:39:39Z

Interesting. I’ll do a review. Thanks for the notification.

adulau · 2024-03-11T09:03:15Z

Thanks for the notification, it's now fixed.

frenkiesp · 2024-03-11T09:54:39Z

Hi Alexandre,
thanks for the fix. We found other six cases that have this issue. I attached a CSV file
misp_shared_aliases.csv

Tanks a lot,
Francesco

adulau · 2024-03-11T13:21:20Z

Thanks for the CSV and I just quickly reviewed those:

PLA Navy is more the sponsoring organisation. We should move it in a meta on the three clusters like sponsor-organisation
Grizzly Steppe is correct to be a synonym for APT28 and APT29
Andariel is a sub-group of Lazarous group
Cobalt Gypsy seems to be correct as it's historical with a discovery of multiple IR-sponsored groups
Golden Chickens seems to be a generic group to describe group 01 and 02 globally

adulau self-assigned this Mar 8, 2024

adulau closed this as completed in 3f039b5 Mar 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Turla and APT26 share the same synonym #942

Turla and APT26 share the same synonym #942

frenkiesp commented Mar 5, 2024

adulau commented Mar 8, 2024

adulau commented Mar 11, 2024

frenkiesp commented Mar 11, 2024

adulau commented Mar 11, 2024

Turla and APT26 share the same synonym #942

Turla and APT26 share the same synonym #942

Comments

frenkiesp commented Mar 5, 2024

adulau commented Mar 8, 2024

adulau commented Mar 11, 2024

frenkiesp commented Mar 11, 2024

adulau commented Mar 11, 2024