Group: XENOTIME, TEMP.Veles

From attackics
Jump to navigation Jump to search
XENOTIME, TEMP.Veles
Group
ID G0001
Associated Groups XENOTIME, TEMP.Veles
External Contributors Dragos Threat Intelligence

XENOTIME is a threat group that has targeted and compromised industrial systems, specifically safety instrumented systems that are designed to provide safety and protective functions. Xenotime has previously targeted oil & gas, as well as electric sectors within the Middle east, Europe, and North America. Xenotime has also been reported to target ICS vendors, manufacturers, and organizations in the middle east. This group is one of the few with reported destructive capabilities.1

Associated Group Descriptions

  • XENOTIME - 1
  • TEMP.Veles - Fireeye attributes with high confidence that intrusion activity and Triton development was supported by a Russian government-owned technical research institution.2

Techniques Used

  • Valid Accounts - XENOTIME used valid credentials when laterally moving through RDP jump boxes into the ICS environment.4

Software