Skip to content


ALLANITE is a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within the United States and United Kingdom. The group’s tactics and techniques are reportedly similar to Dragonfly, although ALLANITEs technical capabilities have not exhibited disruptive or destructive abilities. It has been suggested that the group maintains a presence in ICS for the purpose of gaining understanding of processes and to maintain persistence. 1

Item Value
ID G1000
Associated Names
Version 1.0
Created 31 May 2017
Last Modified 24 May 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
ics T0817 Drive-by Compromise ALLANITE leverages watering hole attacks to gain access into electric utilities. 2
ics T0852 Screen Capture ALLANITE has been identified to collect and distribute screenshots of ICS systems such as HMIs. 1 4
ics T0865 Spearphishing Attachment ALLANITE utilized spear phishing to gain access into energy sector environments. 3
ics T0859 Valid Accounts ALLANITE utilized credentials collected through phishing and watering hole attacks. 1