Dragonfly

OriginRússia

Techniques (MITRE ATT&CK)56

SourceMITRE ATT&CK

Also known as:TEMP.IsotopeDYMALLOYBerserk BearTG-4192Crouching YetiIRON LIBERTYEnergetic BearGhost BlizzardBROMINE

Vexday analysis

Dragonfly é um grupo de espionagem cibernética atribuído ao Centro 16 do Serviço Federal de Segurança da Rússia (FSB), ativo desde pelo menos 2010. Seus alvos incluem empresas de defesa e aviação, entidades governamentais, organizações ligadas a sistemas de controle industrial e setores de infraestrutura crítica ao redor do mundo, com ataques conduzidos por meio de comprometimento de cadeias de suprimento, spearphishing e drive-by compromise. O grupo é rastreado pelo MITRE ATT&CK sob o identificador G0035, com 56 técnicas documentadas e 8 CVEs atribuídas à sua atuação, sendo também conhecido pelos aliases TEMP.Isotope, DYMALLOY, Berserk Bear, TG-4192, Crouching Yeti e IRON LIBERTY.

Techniques (MITRE ATT&CK) 56

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance

Business Relationships Vulnerability Scanning Spearphishing Attachment Spearphishing Link

Resource development

Domains Virtual Private Server Server Tool Drive-by Target

Initial access

Drive-by Compromise Exploit Public-Facing Application Compromise Software Supply Chain Spearphishing Attachment

Execution

Scheduled Task Command and Scripting Interpreter PowerShell Windows Command Shell Python Exploitation for Client Execution Malicious File

Persistence

Additional Local or Domain Groups External Remote Services Local Account Web Shell Registry Run Keys / Startup Folder

Credential access

Security Account Manager NTDS LSA Secrets Brute Force Password Cracking Forced Authentication

Discovery

Query Registry System Network Configuration Discovery Remote System Discovery System Owner/User Discovery Domain Groups File and Directory Discovery Domain Account Network Share Discovery

Lateral movement

Remote Desktop Protocol Exploitation of Remote Services

Collection

Data from Local System Local Data Staging Screen Capture Remote Email Collection Archive Collected Data

Command and control

File Transfer Protocols Ingress Tool Transfer

defense-impairment

Modify Registry Clear Windows Event Logs Disable or Modify System Firewall

stealth

Masquerade Account Name File Deletion Valid Accounts Template Injection Hidden Users

Exploited vulnerabilities 8

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2019-19781CRITICALEPSS 100%KEV CVE-2018-13379CRITICALEPSS 100%KEV CVE-2020-0688HIGHEPSS 100%KEV CVE-2014-7169CRITICALEPSS 100%KEV CVE-2020-1472MEDIUMEPSS 100%KEV CVE-2011-0611HIGHEPSS 99%KEV CVE-2016-6662EPSS 68%CVE-2017-0176EPSS 46%

Dragonfly uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →