Group: ALLANITE, Palmetto Fusion

ALLANITE is a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within the United States and United Kingdom. The group's tactics and techniques are reportedly similar to Dragonfly / Dragonfly 2.0, although ALLANITE’s technical capabilities have not exhibited disruptive or destructive abilities. It has been suggested that the group maintains a presence in ICS for the purpose of gaining understanding of processes and to maintain persistence.1

Associated Group Descriptions

• ALLANITE - 1
• Palmetto Fusion - 12

Techniques Used

• Drive-by Compromise - ALLANITE leverages watering hole attacks to gain access into electric utilities.3

• Screen Capture - ALLANITE has been identified to collect and distribute screenshots of ICS systems such as HMIs.12

• Spearphishing Attachment - ALLANITE utilized spear phishing to gain access into energy sector environments.4

• Valid Accounts - ALLANITE utilized credentials collected through phishing and watering hole attacks.1