Cyber Threat Report: 'Dragonfly: Cyberespionage Attacks Against Energy Suppliers'

This report by Symantec details activities of the cyberespionage group known as Dragonfly. The reporting covers a campaign which initially focused on defense and aviation in the US and Canada before shifting to target energy firms in the US and Europe in early 2013. Dragonfly employed various tactics including spam campaigns and watering hole attacks to ultimately compromise industrial control system (ICS) software updates. Symantec name the custom malware used by the group Backdoor.Oldrea and Trojan.Karagany. The attackers could have potentially caused damage or disruption to the energy supply in affected countries. The report includes a technical appendix with indicators of compromise (IoCs) and detailed analysis.