SYMBOLCOMMON_NAMEaka. SYNONYMS

Energetic Bear  (Back to overview)

aka: Beserk Bear, ALLANITE, CASTLE, DYMALLOY, TG-4192, Dragonfly, Crouching Yeti, Group 24, Havex, CrouchingYeti, Koala Team, IRON LIBERTY

A Russian group that collects intelligence on the energy industry.

Associated Families
php.wso win.dorshel win.havex_rat win.heriplor win.karagany win.listrix
References
2022-05-04MandiantBrandan Schondorfer, Nader Zaveri, Tyler McLellan, Jennifer Brito
@online{schondorfer:20220504:old:47943c4, author = {Brandan Schondorfer and Nader Zaveri and Tyler McLellan and Jennifer Brito}, title = {{Old Services, New Tricks: Cloud Metadata Abuse by UNC2903}}, date = {2022-05-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903}, language = {English}, urldate = {2022-05-05} } Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
WSO
2022-04-05Government of United KingdomGovernment of United Kingdom
@online{kingdom:20220405:russias:58a2500, author = {Government of United Kingdom}, title = {{Russia's FSB malign activity: factsheet}}, date = {2022-04-05}, organization = {Government of United Kingdom}, url = {https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet}, language = {English}, urldate = {2022-04-07} } Russia's FSB malign activity: factsheet
Energetic Bear
2022-03-24CISAUS-CERT
@online{uscert:20220324:alert:03a7f21, author = {US-CERT}, title = {{Alert (AA22-083A) Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector}}, date = {2022-03-24}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-083a}, language = {English}, urldate = {2022-03-25} } Alert (AA22-083A) Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Havex RAT Triton
2021-06-24GigamonJoe Slowik
@techreport{slowik:20210624:baffling:d37b293, author = {Joe Slowik}, title = {{The Baffling Berserk Bear: A Decade's Activity targeting Critical Infrastructure}}, date = {2021-06-24}, institution = {Gigamon}, url = {https://vblocalhost.com/uploads/VB2021-Slowik.pdf}, language = {English}, urldate = {2021-10-26} } The Baffling Berserk Bear: A Decade's Activity targeting Critical Infrastructure
Havex RAT Heriplor Karagany
2020-12-21IronNetAdam Hlavek, Kimberly Ortiz
@online{hlavek:20201221:russian:804662f, author = {Adam Hlavek and Kimberly Ortiz}, title = {{Russian cyber attack campaigns and actors}}, date = {2020-12-21}, organization = {IronNet}, url = {https://www.ironnet.com/blog/russian-cyber-attack-campaigns-and-actors}, language = {English}, urldate = {2021-01-05} } Russian cyber attack campaigns and actors
WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess
2020-11-04Stranded on Pylos BlogJoe Slowik
@online{slowik:20201104:enigmatic:c2d7b4e, author = {Joe Slowik}, title = {{The Enigmatic Energetic Bear}}, date = {2020-11-04}, organization = {Stranded on Pylos Blog}, url = {https://pylos.co/2020/11/04/the-enigmatic-energetic-bear/}, language = {English}, urldate = {2020-11-06} } The Enigmatic Energetic Bear
EternalPetya Havex RAT
2020SecurityWeekSecureWorks
@online{secureworks:2020:iron:fc4ff3c, author = {SecureWorks}, title = {{IRON LIBERTY}}, date = {2020}, organization = {SecurityWeek}, url = {https://www.secureworks.com/research/threat-profiles/iron-liberty}, language = {English}, urldate = {2020-05-23} } IRON LIBERTY
Havex RAT Karagany
2019-07-24SecureworksCTU Research Team
@online{team:20190724:resurgent:287b932, author = {CTU Research Team}, title = {{Resurgent Iron Liberty Targeting Energy Sector}}, date = {2019-07-24}, organization = {Secureworks}, url = {https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector}, language = {English}, urldate = {2019-12-06} } Resurgent Iron Liberty Targeting Energy Sector
Energetic Bear TeamSpy Crew
2019-07-24SecureworksCTU Research Team
@online{team:20190724:updated:a73327c, author = {CTU Research Team}, title = {{Updated Karagany Malware Targets Energy Sector}}, date = {2019-07-24}, organization = {Secureworks}, url = {https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector}, language = {English}, urldate = {2020-01-07} } Updated Karagany Malware Targets Energy Sector
Karagany
2019-03-25Carnegie Mellon UniversityKyle O'Meara
@online{omeara:20190325:api:eca9d8e, author = {Kyle O'Meara}, title = {{API Hashing Tool, Imagine That}}, date = {2019-03-25}, organization = {Carnegie Mellon University}, url = {https://insights.sei.cmu.edu/cert/2019/03/api-hashing-tool-imagine-that.html}, language = {English}, urldate = {2019-08-05} } API Hashing Tool, Imagine That
Heriplor
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:crouching:cebf192, author = {Cyber Operations Tracker}, title = {{Crouching Yeti}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/crouching-yeti}, language = {English}, urldate = {2019-12-20} } Crouching Yeti
Energetic Bear
2019MITREMITRE ATT&CK
@online{attck:2019:dragonfly:c84141f, author = {MITRE ATT&CK}, title = {{Group description: Dragonfly}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0035/}, language = {English}, urldate = {2019-12-20} } Group description: Dragonfly
Energetic Bear
2017-11-02RiskIQYonathan Klijnsma
@online{klijnsma:20171102:new:d98411c, author = {Yonathan Klijnsma}, title = {{New Insights into Energetic Bear’s Watering Hole Cyber Attacks on Turkish Critical Infrastructure}}, date = {2017-11-02}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/labs/energetic-bear/}, language = {English}, urldate = {2020-01-13} } New Insights into Energetic Bear’s Watering Hole Cyber Attacks on Turkish Critical Infrastructure
Energetic Bear
2017-10-20SymantecSecurity Response Attack Investigation Team
@online{team:20171020:dragonfly:ccf277c, author = {Security Response Attack Investigation Team}, title = {{Dragonfly: Western energy sector targeted by sophisticated attack group}}, date = {2017-10-20}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group}, language = {English}, urldate = {2019-12-17} } Dragonfly: Western energy sector targeted by sophisticated attack group
Dorshel Heriplor Karagany Listrix
2017-10-20SymantecCritical Attack Discovery and Intelligence Team
@online{team:20171020:dragonfly:1f70a20, author = {Critical Attack Discovery and Intelligence Team}, title = {{Dragonfly: Western energy sector targeted by sophisticated attack group}}, date = {2017-10-20}, organization = {Symantec}, url = {https://symantec-blogs.broadcom.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks}, language = {English}, urldate = {2020-04-21} } Dragonfly: Western energy sector targeted by sophisticated attack group
Dorshel Goodor Heriplor Karagany Listrix Energetic Bear
2017-10-20SymantecSecurity Response Attack Investigation Team
@online{team:20171020:dragonfly:4f3d40d, author = {Security Response Attack Investigation Team}, title = {{Dragonfly: Western energy sector targeted by sophisticated attack group}}, date = {2017-10-20}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks}, language = {English}, urldate = {2019-11-22} } Dragonfly: Western energy sector targeted by sophisticated attack group
Energetic Bear
2017-08-07Independent.ieCathal McMahon
@online{mcmahon:20170807:statesponsored:593ff09, author = {Cathal McMahon}, title = {{'State-sponsored' hackers targeted EirGrid electricity network in 'devious attack'}}, date = {2017-08-07}, organization = {Independent.ie}, url = {https://www.independent.ie/irish-news/statesponsored-hackers-targeted-eirgrid-electricity-network-in-devious-attack-36005921.html}, language = {English}, urldate = {2020-01-07} } 'State-sponsored' hackers targeted EirGrid electricity network in 'devious attack'
Energetic Bear
2017-06-13DragosDragos
@techreport{dragos:20170613:crashoverride:33b0a7e, author = {Dragos}, title = {{CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations}}, date = {2017-06-13}, institution = {Dragos}, url = {https://dragos.com/wp-content/uploads/CrashOverride-01.pdf}, language = {English}, urldate = {2020-01-13} } CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations
Energetic Bear
2017-05-01Kaspersky LabsKaspersky
@online{kaspersky:20170501:crouching:a5be2eb, author = {Kaspersky}, title = {{Crouching Yeti (Energetic Bear) Malware}}, date = {2017-05-01}, organization = {Kaspersky Labs}, url = {https://www.kaspersky.com/resource-center/threats/crouching-yeti-energetic-bear-malware-threat}, language = {English}, urldate = {2020-01-10} } Crouching Yeti (Energetic Bear) Malware
Energetic Bear
2017-01-18ReutersPavel Polityuk, Oleg Vukmanovic, Stephen Jewkes
@online{polityuk:20170118:ukraines:88cbe2f, author = {Pavel Polityuk and Oleg Vukmanovic and Stephen Jewkes}, title = {{Ukraine's power outage was a cyber attack: Ukrenergo}}, date = {2017-01-18}, organization = {Reuters}, url = {https://www.reuters.com/article/us-ukraine-cyber-attack-energy-idUSKBN1521BA}, language = {English}, urldate = {2020-01-07} } Ukraine's power outage was a cyber attack: Ukrenergo
Energetic Bear
2016-01-22SANSNell Nelson
@online{nelson:20160122:impact:3c6330e, author = {Nell Nelson}, title = {{The Impact of Dragonfly Malware on Industrial Control Systems}}, date = {2016-01-22}, organization = {SANS}, url = {https://www.sans.org/reading-room/whitepapers/ICS/impact-dragonfly-malware-industrial-control-systems-36672}, language = {English}, urldate = {2020-01-08} } The Impact of Dragonfly Malware on Industrial Control Systems
Energetic Bear
2014-10-27NetresecErik Hjelmvik
@online{hjelmvik:20141027:full:83d84ee, author = {Erik Hjelmvik}, title = {{Full Disclosure of Havex Trojans}}, date = {2014-10-27}, organization = {Netresec}, url = {http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans}, language = {English}, urldate = {2019-11-29} } Full Disclosure of Havex Trojans
Energetic Bear
2014-07-07SymantecSecurity Response
@techreport{response:20140707:dragonfly:72d3430, author = {Security Response}, title = {{Dragonfly: Cyberespionage Attacks Against Energy Suppliers}}, date = {2014-07-07}, institution = {Symantec}, url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf}, language = {English}, urldate = {2020-04-21} } Dragonfly: Cyberespionage Attacks Against Energy Suppliers
Karagany Energetic Bear
2014-07-07SymantecSymantec Security Response
@techreport{response:20140707:dragonfly:9cd61f0, author = {Symantec Security Response}, title = {{Dragonfly: Cyberespionage Attacks Against Energy Suppliers}}, date = {2014-07-07}, institution = {Symantec}, url = {http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf}, language = {English}, urldate = {2020-01-08} } Dragonfly: Cyberespionage Attacks Against Energy Suppliers
Energetic Bear
2014-06-23F-SecureDaavid
@online{daavid:20140623:havex:21f2ca4, author = {Daavid}, title = {{Havex Hunts For ICS/SCADA Systems}}, date = {2014-06-23}, organization = {F-Secure}, url = {https://www.f-secure.com/weblog/archives/00002718.html}, language = {English}, urldate = {2020-01-09} } Havex Hunts For ICS/SCADA Systems
Havex RAT
2014-03-13Threatpost2014-03-13
@online{20140313:20140313:energy:8736af5, author = {2014-03-13}, title = {{Energy Watering Hole Attack Used LightsOut Exploit Kit}}, date = {2014-03-13}, organization = {Threatpost}, url = {https://threatpost.com/energy-watering-hole-attack-used-lightsout-exploit-kit/104772/}, language = {English}, urldate = {2020-01-08} } Energy Watering Hole Attack Used LightsOut Exploit Kit
Energetic Bear
Credits: MISP Project