This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.

Difference between revisions of "Group/G0002"

From attackics
Jump to navigation Jump to search
 
Line 20: Line 20:
 
}}
 
}}
 
|TechniqueObjects={{Technique Object
 
|TechniqueObjects={{Technique Object
 +
|Technique=Technique/T0817
 +
|Description={{LinkByID|G0002}} utilized watering hole attacks on energy sector websites by injecting a redirect iframe to deliver {{LinkByID|S0003}} or [https://attack.mitre.org/software/S0094/ Trojan.Karagany].[[CiteRef::Symantec Dragonfly]]
 +
}}{{Technique Object
 
|Technique=Technique/T0865
 
|Technique=Technique/T0865
|Description={{LinkByID|G0002}}conducted a targeted phishing campaign against energy sector executives and senior personnel. Deceptive subject lines were used to portray a high importance. Malicious PDFs were then used to infect the user’s device.[[CiteRef::Symantec Dragonfly]]
+
|Description={{LinkByID|G0002}} conducted a targeted phishing campaign against energy sector executives and senior personnel. Deceptive subject lines were used to portray a high importance. Malicious PDFs were then used to infect the user’s device.[[CiteRef::Symantec Dragonfly]]
 
}}{{Technique Object
 
}}{{Technique Object
 
|Technique=Technique/T0862
 
|Technique=Technique/T0862
 
|Description={{LinkByID|G0002}} trojanized legitimate ICS equipment providers software packages available for download on their websites.[[CiteRef::Symantec Dragonfly]]
 
|Description={{LinkByID|G0002}} trojanized legitimate ICS equipment providers software packages available for download on their websites.[[CiteRef::Symantec Dragonfly]]
}}{{Technique Object
 
|Technique=Technique/T0817
 
|Description={{LinkByID|G0002}} utilized watering hole attacks on energy sector websites by injecting a redirect iframe to deliver {{LinkByID|S0003}} or [https://attack.mitre.org/software/S0094/ Trojan.Karagany].[[CiteRef::Symantec Dragonfly]]
 
 
}}
 
}}
 
|SoftwareReferences={{Software Reference
 
|SoftwareReferences={{Software Reference

Latest revision as of 14:03, 11 April 2021

Dragonfly, Energetic Bear, ...
Group
ID G0002
Associated Groups Dragonfly, Energetic Bear, TG-4192, Crouching Yeti, IRON LIBERTY

Dragonfly is a cyber espionage group that has been active since at least 2011. They initially targeted defense and aviation companies but shifted to focus on the energy sector in early 2013. They have also targeted companies related to industrial control systems.1

A similar group emerged in 2015 and was identified by Symantec as Dragonfly 2.0. There is debate over the extent of the overlap between Dragonfly and Dragonfly 2.0, but there is sufficient evidence to lead to these being tracked as two separate groups.1

Associated Group Descriptions

  • Dragonfly - 2
  • Energetic Bear - 2
  • TG-4192 - 1
  • Crouching Yeti - 1
  • IRON LIBERTY - 1

Techniques Used

  • Spearphishing Attachment - Dragonfly conducted a targeted phishing campaign against energy sector executives and senior personnel. Deceptive subject lines were used to portray a high importance. Malicious PDFs were then used to infect the user’s device.2

Software