This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
Group: ALLANITE, Palmetto Fusion
Jump to navigation
Jump to search
| ALLANITE, Palmetto Fusion | |
|---|---|
| Group | |
| ID | G0009 |
| Associated Groups | ALLANITE, Palmetto Fusion |
| External Contributors | Dragos Threat Intelligence |
ALLANITE is a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within the United States and United Kingdom. The group's tactics and techniques are reportedly similar to Dragonfly / Dragonfly 2.0, although ALLANITE’s technical capabilities have not exhibited disruptive or destructive abilities. It has been suggested that the group maintains a presence in ICS for the purpose of gaining understanding of processes and to maintain persistence.1
Associated Group Descriptions
Techniques Used
- Drive-by Compromise - ALLANITE leverages watering hole attacks to gain access into electric utilities.3
- Screen Capture - ALLANITE has been identified to collect and distribute screenshots of ICS systems such as HMIs.12
- Spearphishing Attachment - ALLANITE utilized spear phishing to gain access into energy sector environments.4
- Valid Accounts - ALLANITE utilized credentials collected through phishing and watering hole attacks.1
References
