G1000 ALLANITE
ALLANITE is a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within the United States and United Kingdom. The group’s tactics and techniques are reportedly similar to Dragonfly, although ALLANITEs technical capabilities have not exhibited disruptive or destructive abilities. It has been suggested that the group maintains a presence in ICS for the purpose of gaining understanding of processes and to maintain persistence. 1
| Item | Value |
|---|---|
| ID | G1000 |
| Associated Names | |
| Version | 1.0 |
| Created | 31 May 2017 |
| Last Modified | 24 May 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| ics | T0817 | Drive-by Compromise | ALLANITE leverages watering hole attacks to gain access into electric utilities. 2 |
| ics | T0852 | Screen Capture | ALLANITE has been identified to collect and distribute screenshots of ICS systems such as HMIs. 1 4 |
| ics | T0865 | Spearphishing Attachment | ALLANITE utilized spear phishing to gain access into energy sector environments. 3 |
| ics | T0859 | Valid Accounts | ALLANITE utilized credentials collected through phishing and watering hole attacks. 1 |
References
-
Eduard Kovacs 2018, May 10 ‘Allanite’ Group Targets ICS Networks at Electric Utilities in US, UK Retrieved. 2020/01/03 ↩
-
Jeff Jones 2018, May 10 Dragos Releases Details on Suspected Russian Infrastructure Hacking Team ALLANITE Retrieved. 2020/01/03 ↩
-
ICS-CERT 2017, October 21 Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors Retrieved. 2017/10/23 ↩