Nation-State Actor

Dragonfly (Energetic Bear)

Russia • Active since 2011

Dragonfly is Russia's energy sector hackers. They break into power plants and energy companies to steal secrets and potentially sabotage systems. They know how to attack the computers that control power grids.

Overview

Dragonfly is a Russian state-sponsored threat group that targets energy and critical infrastructure sectors worldwide. They have demonstrated capabilities to disrupt industrial control systems.

Also Known As

Energetic Bear, Crouching Yeti, Iron Liberty, Berserk Bear

Target Industries

Energy, Utilities, Critical Infrastructure, Nuclear, Oil & Gas

Target Regions

United States, Europe, Turkey

Is your business exposed?

Tactics, Techniques & Procedures

  • Watering hole attacks
  • Supply chain compromise
  • Trojanized ICS software
  • Strategic web compromise
  • Credential theft

Known Tools & Malware

Havex, Karagany, Goodor, Heriplor, Trojan.Karagany

Notable Campaigns

Dragonfly 2.0 (2017)

Gained access to US and European energy sector networks and ICS systems.

Energy Sector Reconnaissance (2015-2016)

Targeted energy companies with trojanized ICS vendor software.

MITRE ATT&CK Techniques

T1189, T1195.002, T1078, T1003, T1071

Defense Recommendations

  1. 1.

    Implement ICS security controls

  2. 2.

    Monitor for Havex indicators

  3. 3.

    Air-gap critical control systems

Related Threat Actors

Sandworm, Turla

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices