Dragonfly v2 : Mindmap on energy sector targeted by sophisticated attack group


Mid 2014 Symantec released a report on a threat actor Dragonfly targeting energy companies. Early September 2017 Symantec released an updated report on Dragonfly v2 where they describe that the threat actor shifted their attention from merely observing the environment to having remote access to the environment of energy providers.

This shift could indicate that the threat actor has a changed objective, from monitoring to actually intervening and potentially conducting sabotage.

Mindmap on Dragonfly

I created two mindmaps based on the open source information available on Dragonfly from Symantec, Cisco Talos (take special notice for the template injection method) and Malwr.com. The mindmaps (and exported JPGs) are available via Github at https://github.com/cudeso/tools/tree/master/Dragonfly.

Dragonfly version 1 :

Dragonfly version 2:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.