Dragos experts linked the campaigns conducted by the Dragonfly APT group and Dymalloy APT, aka Energetic Bear and Crouching Yeti, to a threat actors they tracked as ‘Allanite.’
Experts believe the APT group is conducting reconnaissance and gathering intelligence for later attacks.
For those that are unaware of Dymalloy APT, the threat actor was discovered by Dragos researchers while investigating the Dragonfly’s operations. The Dragonfly APT group is allegedly linked to Russian intelligence and it is believed to be responsible for the Havex malware.
According to the researchers, the TA17-293A alert published by the DHS in October 2017 suggests a link between Dragonfly attacks with Allanite operations
Dragos experts highlighted that Allanite operations present similarities with the Palmetto Fusion campaign associated with Dragonfly by the DHS in July 2017.
At the same time, the experts believe the threat actor is different from Dragonfly and Dymalloy.
Like Dragonfly and Dymalloy, Allanite hackers leverage spear phishing and watering hole attacks, but differently from them, they don’t use any malware.
Is Allanite a Russia-linked threat actor?
Many security experts linked the APT group to Russia, but Dragos researchers did not corroborate the same thesis.
According to the Dragos, the hackers harvest information directly from ICS networks in campaigns conducted in 2017.
At the time the group has never hacked into a system to cause any disruption or damage.
The report published by Dragos on the Allanite APT is the first analysis of a collection of related to threat groups targeting critical infrastructure.
Summary info on threat actors will be made available through an Activity Groups dashboard, but users interested in the full technical report need to pay it.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – SCADA, APT)
[adrotate banner=”5″]
[adrotate banner=”13″]
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks'…
Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services,…
This website uses cookies.