ALLANITE is a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within the United States and United Kingdom. The group's tactics and techniques are reportedly similar to Dragonfly, although ALLANITEs technical capabilities have not exhibited disruptive or destructive abilities. It has been suggested that the group maintains a presence in ICS for the purpose of gaining understanding of processes and to maintain persistence. [1]

ID: G1000
Contributors: Dragos Threat Intelligence
Version: 1.0
Created: 31 May 2017
Last Modified: 24 May 2022

Techniques Used

Domain ID Name Use
ICS T0817 Drive-by Compromise

ALLANITE leverages watering hole attacks to gain access into electric utilities. [2]

ICS T0852 Screen Capture

ALLANITE has been identified to collect and distribute screenshots of ICS systems such as HMIs. [1] [3]

ICS T0865 Spearphishing Attachment

ALLANITE utilized spear phishing to gain access into energy sector environments. [4]

ICS T0859 Valid Accounts

ALLANITE utilized credentials collected through phishing and watering hole attacks. [1]