Dragonfly

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Dragonfly is a notable threat actor known for its malicious activities in the cybersecurity landscape. This group has been particularly active in targeting the energy sector across various countries, including the United States, Switzerland, and Turkey. The tactics employed by Dragonfly often involve traditional IT attack vectors, affecting both IT and OT environments. Notably, Dragonfly was involved in a series of watering hole attacks in 2017, as reported by Symantec. This same technique was observed again in subsequent instances, highlighting the group's consistent approach to cyber warfare. In July 2023, Trail of Bits conducted a comprehensive review of the Dragonfly codebase. Their findings were published in a report which included a maturity evaluation of the codebase, a list of identified code quality issues, and guidance for running static and dynamic analysis tooling on the Dragonfly codebase. Notably, the MD5 hash of “scr.exe” matched that of ScreenUtil, aligning with details from the Symantec Dragonfly 2.0 report. In at least two instances, the threat actors used batch scripts labeled “pss.bat” and “psc.bat” to run the PsExec tool, revealing their modus operandi. Dragonfly is also linked to a peer-to-peer file distribution and image acceleration system, which is a CNCF-hosted project. It features integrity checking for downloaded files, download speed limiting, the ability to isolate abnormal peers, and a public registry of artifacts aimed at being “the trusted cloud native repository for Kubernetes.” A subproject of Dragonfly, Nydus, implements a content-addressable filesystem to enable high-efficiency distribution for cloud-native resources. However, security companies like Harpie, supported by Coinbase Ventures and Dragonfly Capital, are working diligently to counteract these threats and secure the cyber landscape.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Havex
2
Havex, also known as Dragonfly or the Energetic Bear RAT, is a prominent threat actor in the cybersecurity landscape. Spotted initially in 2013, Havex was part of a broad industrial espionage campaign. The threat actors behind Havex utilized various techniques to infect their targets, including phis
Energetic Bear
2
Energetic Bear, also known as DragonFly, Crouching Yeti, and Berserk Bear, is a threat actor that has been operational since at least 2011. The group has been linked to various cyber-espionage campaigns targeting the energy sector in Europe and North America, with the primary focus on defense and av
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Espionage
russian
State Sponso...
Symantec
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dragonfly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Dragonfly: Western energy sector targeted by sophisticated attack group
MITRE
a year ago
Endpoint Protection - Symantec Enterprise
MITRE
a year ago
Hackers Have Penetrated Energy Grid, Symantec Warns
MITRE
a year ago
Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors | CISA
MITRE
a year ago
Russia's FSB malign activity: factsheet
MITRE
a year ago
Four Russian Government Employees Charged in Two Historical Hacking
MITRE
a year ago
Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions
MITRE
a year ago
DYMALLOY Threat Group | Dragos
CERT-EU
4 months ago
Securing open-source infrastructure with OSTIF
CERT-EU
8 months ago
The Fiji Times » Cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
10 months ago
Perth's Trinity Networks partners with Fast50 company DragonFly
CERT-EU
6 months ago
Weaponizing Wheat: How Strategic Competition With Russia Could Threaten American Food Security – Analysis
CERT-EU
a year ago
Ransomware attacks: is your supply chain software safe? | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
a year ago
Search | arXiv e-print repository
CERT-EU
a year ago
Новая программа-вымогатель CatB использует DLL Hijacking для скрытного внедрения в целевые системы
CERT-EU
a year ago
Links 01/05/2023: Mayday Mayday
CERT-EU
a year ago
ICS/SCADA
MITRE
a year ago
Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets | CISA
CERT-EU
7 months ago
The Urgency for Robust Utility Cybersecurity
CERT-EU
6 months ago
Search | arXiv e-print repository