{
	"id": "1b36b18d-b130-4c33-a8ce-83682703d2d9",
	"created_at": "2026-04-06T00:06:48.262564Z",
	"updated_at": "2026-04-10T03:31:17.858657Z",
	"deleted_at": null,
	"sha1_hash": "426af4419787cd6e1338adba2f6b31d05708bd0d",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 36473,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:23:40 UTC\n(Wikipedia) The Central Intelligence Agency is a civilian foreign intelligence service of the federal government of\nthe United States, tasked with gathering, processing, and analyzing national security information from around the\nworld, primarily through the use of human intelligence (HUMINT). As one of the principal members of the United\nStates Intelligence Community (IC), the CIA reports to the Director of National Intelligence and is primarily\nfocused on providing intelligence for the President and Cabinet of the United States.\n(Yahoo) In September 2018, Bolton announced that Trump had signed a presidential directive easing Obama-era\nrules governing military cyber operations. Although the administration disclosed the existence of that directive —\nknown as National Security Presidential Memorandum 13 — the underlying rules of engagement for military\ncyber operations remain secret. The administration also kept secret the CIA finding, which gave the agency its\nnew authorities.\nFormer officials declined to speak in detail about cyber operations the CIA has carried out as a result of the\nfinding, but they said the agency has already conducted covert hack-and-dump actions aimed at both Iran and\nRussia.\nThis more permissive environment may also intensify concerns about the CIA’s ability to secure its hacking\narsenal. In 2017, WikiLeaks published a large cache of CIA hacking tools known as “Vault 7” (see [Vault 7/8].)\nThe leak, which a partially declassified CIA assessment called “the largest data loss in CIA history,” was made\npossible by “woefully lax” security practices at the CIA’s top hacker unit, the assessment said.\nThe CIA was also one of the parties involved in Operation Olympic Games where Stuxnet was deployed in Iran.\nWhile not strictly related to APT activity and not just involving the CIA, the following publication in 3 parts sheds\nmore light:\n1. 2. 3. The CIA has 2 subgroups:\n1. Subgroup: Longhorn, The Lamberts.\n2. Subgroup: [Unnamed group USA].\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=a3785768-7d9e-4cf7-9fed-77a2267a90d5\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=a3785768-7d9e-4cf7-9fed-77a2267a90d5\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=a3785768-7d9e-4cf7-9fed-77a2267a90d5"
	],
	"report_names": [
		"showcard.cgi?u=a3785768-7d9e-4cf7-9fed-77a2267a90d5"
	],
	"threat_actors": [
		{
			"id": "c91e335e-42be-48d9-96b5-ba56749a723b",
			"created_at": "2022-10-25T16:07:23.458346Z",
			"updated_at": "2026-04-10T02:00:04.616481Z",
			"deleted_at": null,
			"main_name": "CIA",
			"aliases": [
				"Central Intelligence Agency"
			],
			"source_name": "ETDA:CIA",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "65c27056-1931-4600-aee6-7883b1c819ae",
			"created_at": "2022-10-25T16:07:23.463834Z",
			"updated_at": "2026-04-10T02:00:04.619054Z",
			"deleted_at": null,
			"main_name": "[Unnamed group USA]",
			"aliases": [
				"[Unnamed group USA]"
			],
			"source_name": "ETDA:[Unnamed group USA]",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "c1f1d9ce-ad31-49db-9f82-cc0dd12374da",
			"created_at": "2023-01-06T13:46:39.006986Z",
			"updated_at": "2026-04-10T02:00:03.17886Z",
			"deleted_at": null,
			"main_name": "[Unnamed group]",
			"aliases": [],
			"source_name": "MISPGALAXY:[Unnamed group]",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d7c5a1bf-85c9-4d2f-bdbd-1455f5f2ae65",
			"created_at": "2022-10-25T16:07:23.978074Z",
			"updated_at": "2026-04-10T02:00:04.817311Z",
			"deleted_at": null,
			"main_name": "Operation Olympic Games",
			"aliases": [
				"GOSSIPGIRL"
			],
			"source_name": "ETDA:Operation Olympic Games",
			"tools": [
				"Stuxnet",
				"W32.Stuxnet"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "740a85d2-4072-42a6-9dfc-c72449ccdfa5",
			"created_at": "2022-10-25T16:07:24.58714Z",
			"updated_at": "2026-04-10T02:00:05.044403Z",
			"deleted_at": null,
			"main_name": "[Vault 7/8]",
			"aliases": [],
			"source_name": "ETDA:[Vault 7/8]",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "56742211-e3f9-40b7-bafb-8a6cebf257d0",
			"created_at": "2023-01-06T13:46:39.030574Z",
			"updated_at": "2026-04-10T02:00:03.18915Z",
			"deleted_at": null,
			"main_name": "[Vault 7/8]",
			"aliases": [],
			"source_name": "MISPGALAXY:[Vault 7/8]",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "e993faab-f941-4561-bd87-7c33d609a4fc",
			"created_at": "2022-10-25T16:07:23.460301Z",
			"updated_at": "2026-04-10T02:00:04.617715Z",
			"deleted_at": null,
			"main_name": "Longhorn",
			"aliases": [
				"APT-C-39",
				"Platinum Terminal",
				"The Lamberts"
			],
			"source_name": "ETDA:Longhorn",
			"tools": [
				"Black Lambert",
				"Blue Lambert",
				"Corentry",
				"Cyan Lambert",
				"Fluxwire",
				"Gray Lambert",
				"Green Lambert",
				"Magenta Lambert",
				"Pink Lambert",
				"Plexor",
				"Purple Lambert",
				"Silver Lambert",
				"Violet Lambert",
				"White Lambert"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "70db80bd-31b7-4581-accb-914cd8252913",
			"created_at": "2023-01-06T13:46:38.57727Z",
			"updated_at": "2026-04-10T02:00:03.028845Z",
			"deleted_at": null,
			"main_name": "Longhorn",
			"aliases": [
				"the Lamberts",
				"APT-C-39",
				"PLATINUM TERMINAL"
			],
			"source_name": "MISPGALAXY:Longhorn",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "23dfc9f5-1862-4510-a6ae-53d8e51f17b1",
			"created_at": "2024-05-01T02:03:08.146025Z",
			"updated_at": "2026-04-10T02:00:03.67072Z",
			"deleted_at": null,
			"main_name": "PLATINUM TERMINAL",
			"aliases": [
				"APT-C-39 ",
				"Longhorn ",
				"The Lamberts ",
				"Vault7 "
			],
			"source_name": "Secureworks:PLATINUM TERMINAL",
			"tools": [
				"AfterMidnight",
				"Assassin",
				"Marble Framework"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434008,
	"ts_updated_at": 1775791877,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/426af4419787cd6e1338adba2f6b31d05708bd0d.pdf",
		"text": "https://archive.orkl.eu/426af4419787cd6e1338adba2f6b31d05708bd0d.txt",
		"img": "https://archive.orkl.eu/426af4419787cd6e1338adba2f6b31d05708bd0d.jpg"
	}
}