← All Threat Actors
Threat Actor Profile

Dragonfly

ATK 6 Berserk Bear BROMINE Crouching Yeti Dragonfly 2.0 DYMALLOY Energetic Bear FSB Center 16 G0035 Ghost Blizzard IRON LIBERTY Static Bear TEMP.Isotope TG-4192
▲ High Threat
[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022) Active since at least 2010, [Dragonfly](https://attack.mitre.org/groups/G0035) has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Symantec Dragonfly Sept 2017)(Citation: Fortune Dragonfly 2.0 Sept 2017)(Citation: Gigamon Berserk Bear October 2021)(Citation: CISA AA20-296A Berserk Bear December 2020)(Citation: Symantec Dragonfly 2.0 October 2017)
Origin

Known TTPs

Archive Collected Data
Screen Capture
Hidden Users
Web Shell
Malicious File
Business Relationships
Valid Accounts
System Network Configuration Discovery
Server
File and Directory Discovery
Local Account
Template Injection
Exploitation for Client Execution
Password Cracking
Drive-by Target
Query Registry
Spearphishing Attachment
Drive-by Compromise
Domains
Security Account Manager
Spearphishing Attachment
Data from Local System
File Deletion
Command and Scripting Interpreter
Clear Windows Event Logs
Disable or Modify System Firewall
Modify Registry
Tool
Compromise Software Supply Chain
Masquerade Account Name
NTDS
Additional Local or Domain Groups
Virtual Private Server
Windows Command Shell
File Transfer Protocols
Spearphishing Link
Scheduled Task
Domain Groups
Remote Email Collection
Vulnerability Scanning
Registry Run Keys / Startup Folder
Ingress Tool Transfer
External Remote Services
LSA Secrets
Exploit Public-Facing Application
Network Share Discovery
Brute Force
Remote Desktop Protocol
Forced Authentication
System Owner/User Discovery
Local Data Staging
PowerShell
Exploitation of Remote Services
Python
Remote System Discovery
Domain Account

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD