Dragonfly
Aliases: TEMP.Isotope, DYMALLOY, Berserk Bear, TG-4192, Crouching Yeti, IRON LIBERTY, Energetic Bear, Ghost Blizzard, BROMINE
Dragonfly is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16. Active since at least 2010, Dragonfly has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.
Open interactive actor investigation
ATT&CK techniques
T1560
Archive Collected DataT1113
Screen CaptureT1564.002
Hidden UsersT1505.003
Web ShellT1204.002
Malicious FileT1591.002
Business RelationshipsT1078
Valid AccountsT1016
System Network Configuration DiscoveryT1584.004
ServerT1083
File and Directory DiscoveryT1136.001
Local AccountT1221
Template InjectionT1203
Exploitation for Client ExecutionT1110.002
Password CrackingT1608.004
Drive-by TargetT1562.004
Disable or Modify System FirewallT1012
Query RegistryT1566.001
Spearphishing AttachmentT1189
Drive-by CompromiseT1583.001
DomainsT1003.002
Security Account ManagerT1598.002
Spearphishing AttachmentT1070.001
Clear Windows Event LogsT1005
Data from Local SystemT1070.004
File DeletionT1059
Command and Scripting InterpreterT1112
Modify RegistryT1588.002
ToolT1195.002
Compromise Software Supply ChainT1036.010
Masquerade Account NameT1003.003
NTDST1098.007
Additional Local or Domain GroupsT1583.003
Virtual Private ServerT1059.003
Windows Command ShellT1071.002
File Transfer ProtocolsT1598.003
Spearphishing LinkT1053.005
Scheduled TaskT1069.002
Domain GroupsT1114.002
Remote Email CollectionT1595.002
Vulnerability ScanningT1547.001
Registry Run Keys / Startup FolderT1105
Ingress Tool TransferT1133
External Remote ServicesT1003.004
LSA SecretsT1190
Exploit Public-Facing ApplicationT1135
Network Share DiscoveryT1110
Brute ForceT1021.001
Remote Desktop ProtocolT1187
Forced AuthenticationT1033
System Owner/User DiscoveryT1074.001
Local Data StagingT1059.001
PowerShellT1210
Exploitation of Remote ServicesT1059.006
PythonT1018
Remote System DiscoveryT1087.002
Domain AccountT1547.009
Shortcut ModificationT1566
PhishingT1136
Create AccountT1070
Indicator RemovalT1114
Email CollectionT1036
MasqueradingT1003
OS Credential DumpingT1053
Scheduled Task/Job
Archive Collected DataT1113
Screen CaptureT1564.002
Hidden UsersT1505.003
Web ShellT1204.002
Malicious FileT1591.002
Business RelationshipsT1078
Valid AccountsT1016
System Network Configuration DiscoveryT1584.004
ServerT1083
File and Directory DiscoveryT1136.001
Local AccountT1221
Template InjectionT1203
Exploitation for Client ExecutionT1110.002
Password CrackingT1608.004
Drive-by TargetT1562.004
Disable or Modify System FirewallT1012
Query RegistryT1566.001
Spearphishing AttachmentT1189
Drive-by CompromiseT1583.001
DomainsT1003.002
Security Account ManagerT1598.002
Spearphishing AttachmentT1070.001
Clear Windows Event LogsT1005
Data from Local SystemT1070.004
File DeletionT1059
Command and Scripting InterpreterT1112
Modify RegistryT1588.002
ToolT1195.002
Compromise Software Supply ChainT1036.010
Masquerade Account NameT1003.003
NTDST1098.007
Additional Local or Domain GroupsT1583.003
Virtual Private ServerT1059.003
Windows Command ShellT1071.002
File Transfer ProtocolsT1598.003
Spearphishing LinkT1053.005
Scheduled TaskT1069.002
Domain GroupsT1114.002
Remote Email CollectionT1595.002
Vulnerability ScanningT1547.001
Registry Run Keys / Startup FolderT1105
Ingress Tool TransferT1133
External Remote ServicesT1003.004
LSA SecretsT1190
Exploit Public-Facing ApplicationT1135
Network Share DiscoveryT1110
Brute ForceT1021.001
Remote Desktop ProtocolT1187
Forced AuthenticationT1033
System Owner/User DiscoveryT1074.001
Local Data StagingT1059.001
PowerShellT1210
Exploitation of Remote ServicesT1059.006
PythonT1018
Remote System DiscoveryT1087.002
Domain AccountT1547.009
Shortcut ModificationT1566
PhishingT1136
Create AccountT1070
Indicator RemovalT1114
Email CollectionT1036
MasqueradingT1003
OS Credential DumpingT1053
Scheduled Task/Job