Dragos Releases Details on Suspected Russian Infrastructure Hacking Team ALLANITE

Posting ID 115909
Date Added: 5/10/2018
Date Modified: 5/10/2018
Jeff Jones | E-ISAC Staff

Description

The cyber research firm Dragos today detailed the operations of a suspected Russian hacker group that focuses on penetrating critical infrastructure networks. The group, which Dragos calls ALLANITE, “accesses business and industrial control (ICS) networks, conducts reconnaissance and gathers intelligence in United States and United Kingdom electric utility sectors,” according to a newly published profile, the first in a series about infrastructure-focused hacking teams. Dragos said that ALLANITE hackers “continue to maintain ICS network access” so they can “understand the operational environment necessary to develop disruptive capabilities” and be ready to disrupt those systems when called upon to do so. The company, which does not attribute hacking groups to nation-states, acknowledged that ALLANITE'S “activity closely resembles” a Russian cyber intrusion campaign that U.S. officials have dubbed Palmetto Fusion. “Russian government cyber actors ... targeted small commercial facilities’ networks where they staged malware, conducted spear phishing and gained remote access into energy sector networks,” DHS said in a March 15 alert. Dragos said that ALLANITE uses spearphishing and malware-laden websites to harvest the login information necessary to penetrate networks. So far, the company said, ALLANITE campaigns “limit themselves to information gathering and have not demonstrated any disruptive or damaging capabilities.”

Category Type:
Cyber Security
TLP - White
Shared Count (4)
  • CRISP - Cyber Risk Info Sharing Program
  • E-ISAC AOO Members
  • E-ISAC Staff
  • Watch Floor