Raspite

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
RASPITE is a threat actor that focuses on initial access operations within the electric utility sector and targets entities across the US, Middle East, Europe, and East Asia. Although they have not demonstrated an ICS-specific capability to date, their recent targeting focus and methodology are clear indicators of necessary activity for potential ICS events in the future. RASPITE leverages strategic website compromise to gain initial access to target networks and deploys install scripts for a malicious service to beacon back to their controlled infrastructure, allowing remote access to victim machines. RASPITE's activity overlaps significantly with Symantec's LEAFMINER, which recently released a report on the group's activity in the Middle East. While RASPITE has not yet demonstrated an ICS capability, their targeting and methodology suggest that they may be preparing the way for later potential ICS events. Therefore, it is important for entities in the electric utility sector to be aware of this threat actor and to take appropriate measures to secure their IT networks against potential attacks. Overall, RASPITE represents a significant threat to entities within the electric utility sector. Their focus on initial access operations and broad targeting across multiple regions highlights the need for heightened awareness and proactive security measures. Entities should work to identify and remediate vulnerabilities in their systems, deploy effective threat detection and response capabilities, and stay informed about emerging threats from actors like RASPITE.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Dragos
Windows
Beacon
Ics
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LeafminerUnspecified
1
Leafminer is a highly active threat actor group, primarily targeting organizations in the Middle East. The group employs various intrusion methods such as watering hole websites, vulnerability scans of network services on the internet, and brute-force/dictionary login attempts. Leafminer's arsenal i
DYMALLOYUnspecified
1
DYMALLOY is a long-standing threat actor that employs a range of tactics to target industrial organizations, including spear-phishing and watering hole attacks. The group has been active since at least 2015 and has been associated with activity going back to 2011. DYMALLOY's attacks have successfull
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Raspite Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
RASPITE | Dragos