Energetic Bear  (Back to overview)

aka: Dragonfly, Crouching Yeti, Group 24, Havex, CrouchingYeti, Koala Team, IRON LIBERTY

A Russian group that collects intelligence on the energy industry.

Associated Families
php.wso win.dorshel win.havex_rat win.heriplor win.karagany win.listrix
References
2019-07-24 ⋅ SecureworksCTU Research Team
@online{team:20190724:updated:a73327c, author = {CTU Research Team}, title = {{Updated Karagany Malware Targets Energy Sector}}, date = {2019-07-24}, organization = {Secureworks}, url = {https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector}, language = {English}, urldate = {2020-01-07} } Updated Karagany Malware Targets Energy Sector
Karagany
2019-07-24 ⋅ SecureworksCTU Research Team
@online{team:20190724:resurgent:287b932, author = {CTU Research Team}, title = {{Resurgent Iron Liberty Targeting Energy Sector}}, date = {2019-07-24}, organization = {Secureworks}, url = {https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector}, language = {English}, urldate = {2019-12-06} } Resurgent Iron Liberty Targeting Energy Sector
Energetic Bear TeamSpy Crew
2019-03-25 ⋅ Carnegie Mellon UniversityKyle O'Meara
@online{omeara:20190325:api:eca9d8e, author = {Kyle O'Meara}, title = {{API Hashing Tool, Imagine That}}, date = {2019-03-25}, organization = {Carnegie Mellon University}, url = {https://insights.sei.cmu.edu/cert/2019/03/api-hashing-tool-imagine-that.html}, language = {English}, urldate = {2019-08-05} } API Hashing Tool, Imagine That
Heriplor
2019 ⋅ MITREMITRE ATT&CK
@online{attck:2019:dragonfly:c84141f, author = {MITRE ATT&CK}, title = {{Group description: Dragonfly}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0035/}, language = {English}, urldate = {2019-12-20} } Group description: Dragonfly
Energetic Bear
2019 ⋅ Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:crouching:cebf192, author = {Cyber Operations Tracker}, title = {{Crouching Yeti}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/crouching-yeti}, language = {English}, urldate = {2019-12-20} } Crouching Yeti
Energetic Bear
2017-11-02 ⋅ RiskIQYonathan Klijnsma
@online{klijnsma:20171102:new:d98411c, author = {Yonathan Klijnsma}, title = {{New Insights into Energetic Bear’s Watering Hole Cyber Attacks on Turkish Critical Infrastructure}}, date = {2017-11-02}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/labs/energetic-bear/}, language = {English}, urldate = {2020-01-13} } New Insights into Energetic Bear’s Watering Hole Cyber Attacks on Turkish Critical Infrastructure
Energetic Bear
2017-10-20 ⋅ SymantecSecurity Response Attack Investigation Team
@online{team:20171020:dragonfly:ccf277c, author = {Security Response Attack Investigation Team}, title = {{Dragonfly: Western energy sector targeted by sophisticated attack group}}, date = {2017-10-20}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group}, language = {English}, urldate = {2019-12-17} } Dragonfly: Western energy sector targeted by sophisticated attack group
Dorshel Heriplor Karagany Listrix
2017-10-20 ⋅ SymantecSecurity Response Attack Investigation Team
@online{team:20171020:dragonfly:4f3d40d, author = {Security Response Attack Investigation Team}, title = {{Dragonfly: Western energy sector targeted by sophisticated attack group}}, date = {2017-10-20}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks}, language = {English}, urldate = {2019-11-22} } Dragonfly: Western energy sector targeted by sophisticated attack group
Energetic Bear
2017-08-07 ⋅ Independent.ieCathal McMahon
@online{mcmahon:20170807:statesponsored:593ff09, author = {Cathal McMahon}, title = {{'State-sponsored' hackers targeted EirGrid electricity network in 'devious attack'}}, date = {2017-08-07}, organization = {Independent.ie}, url = {https://www.independent.ie/irish-news/statesponsored-hackers-targeted-eirgrid-electricity-network-in-devious-attack-36005921.html}, language = {English}, urldate = {2020-01-07} } 'State-sponsored' hackers targeted EirGrid electricity network in 'devious attack'
Energetic Bear
2017-06-13 ⋅ DragosDragos
@techreport{dragos:20170613:crashoverride:33b0a7e, author = {Dragos}, title = {{CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations}}, date = {2017-06-13}, institution = {Dragos}, url = {https://dragos.com/wp-content/uploads/CrashOverride-01.pdf}, language = {English}, urldate = {2020-01-13} } CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations
Energetic Bear
2017-05-01 ⋅ Kaspersky LabsKaspersky
@online{kaspersky:20170501:crouching:a5be2eb, author = {Kaspersky}, title = {{Crouching Yeti (Energetic Bear) Malware}}, date = {2017-05-01}, organization = {Kaspersky Labs}, url = {https://www.kaspersky.com/resource-center/threats/crouching-yeti-energetic-bear-malware-threat}, language = {English}, urldate = {2020-01-10} } Crouching Yeti (Energetic Bear) Malware
Energetic Bear
2017-01-18 ⋅ ReutersPavel Polityuk, Oleg Vukmanovic, Stephen Jewkes
@online{polityuk:20170118:ukraines:88cbe2f, author = {Pavel Polityuk and Oleg Vukmanovic and Stephen Jewkes}, title = {{Ukraine's power outage was a cyber attack: Ukrenergo}}, date = {2017-01-18}, organization = {Reuters}, url = {https://www.reuters.com/article/us-ukraine-cyber-attack-energy-idUSKBN1521BA}, language = {English}, urldate = {2020-01-07} } Ukraine's power outage was a cyber attack: Ukrenergo
Energetic Bear
2016-01-22 ⋅ SANSNell Nelson
@online{nelson:20160122:impact:3c6330e, author = {Nell Nelson}, title = {{The Impact of Dragonfly Malware on Industrial Control Systems}}, date = {2016-01-22}, organization = {SANS}, url = {https://www.sans.org/reading-room/whitepapers/ICS/impact-dragonfly-malware-industrial-control-systems-36672}, language = {English}, urldate = {2020-01-08} } The Impact of Dragonfly Malware on Industrial Control Systems
Energetic Bear
2014-10-27 ⋅ NetresecErik Hjelmvik
@online{hjelmvik:20141027:full:83d84ee, author = {Erik Hjelmvik}, title = {{Full Disclosure of Havex Trojans}}, date = {2014-10-27}, organization = {Netresec}, url = {http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans}, language = {English}, urldate = {2019-11-29} } Full Disclosure of Havex Trojans
Energetic Bear
2014-07-07 ⋅ SymantecSymantec Security Response
@techreport{response:20140707:dragonfly:9cd61f0, author = {Symantec Security Response}, title = {{Dragonfly: Cyberespionage Attacks Against Energy Suppliers}}, date = {2014-07-07}, institution = {Symantec}, url = {http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf}, language = {English}, urldate = {2020-01-08} } Dragonfly: Cyberespionage Attacks Against Energy Suppliers
Energetic Bear
2014-06-23 ⋅ F-SecureDaavid
@online{daavid:20140623:havex:21f2ca4, author = {Daavid}, title = {{Havex Hunts For ICS/SCADA Systems}}, date = {2014-06-23}, organization = {F-Secure}, url = {https://www.f-secure.com/weblog/archives/00002718.html}, language = {English}, urldate = {2020-01-09} } Havex Hunts For ICS/SCADA Systems
Havex RAT
2014-03-13 ⋅ Threatpost2014-03-13
@online{20140313:20140313:energy:8736af5, author = {2014-03-13}, title = {{Energy Watering Hole Attack Used LightsOut Exploit Kit}}, date = {2014-03-13}, organization = {Threatpost}, url = {https://threatpost.com/energy-watering-hole-attack-used-lightsout-exploit-kit/104772/}, language = {English}, urldate = {2020-01-08} } Energy Watering Hole Attack Used LightsOut Exploit Kit
Energetic Bear
Credits: MISP Project