Dragonfly

Mid 2014 Symantec released a report on a threat actor Dragonfly targeting energy companies. Early September 2017 Symantec released an updated report on Dragonfly v2 where they describe that the threat actor shifted their attention from merely observing the environment to having remote access to the environment of energy providers.

This shift could indicate that the threat actor has a changed objective, from monitoring to actually intervening and potentially conducting sabotage.

Mindmap on Dragonfly

I created two mindmaps based on the open source information available on Dragonfly from Symantec, Cisco Talos (take special notice for the template injection method) and Malwr.com. The mindmaps (and exported JPGs) are available via Github at https://github.com/cudeso/tools/tree/master/Dragonfly.

Dragonfly version 1 :