Allanite Hackers Group Aims ICS Networks at Electric Utilities in US, UK
Industrial Network Security vendor Dragos said that the “Allanite” hacking organization has been attacking the business and industrial control networks of various power companies in the United Kingdom and the United States. The company also believes that the hacker organization with Dragonfly and Dymalloy hackers attack activity has been associated.
The Allanite organization has been active since at least May 2017 and has continued to carry out various intrusions. Its main target is the business of the U.S. and U.K. power companies and the ICS network to carry out investigations and intelligence gathering.
Today, we're unveiling a public dashboard of ICS-focused activity groups that aim to exploit, disrupt, and potentially destroy industrial systems. Each week this month, we'll release new content discussing these adversary details that you can read here: https://t.co/nzJteOPLtb
— Dragos, Inc. (@DragosInc) May 3, 2018
Dragos stated that in a report released by the US Department of Homeland Security in October 2017, the Dragonfly attack was linked with the activities of Allanite, Allanite’s actions with the US Department of Homeland Security (DHS) in the report against the Palmetto Fusion Hacker behind Dragonfly The description made by the organization is very similar.
Although these hacking organizations are highly similar in terms of goals and technical means, Dragos believes that Allanite is still different from Dragonfly and Dymalloy.
The Allanite hacker group used phishing and waterhole attacks to gain access to the target network. Instead of using any malware, the organization relied on legitimate tools commonly found in Windows to complete the invasion. Although the U.S. government and several private companies have linked the Allanite activity with Russia, Dragos stated that it has not confirmed its specific ownership.
In July 2017, U.S. government officials said in an interview with the media that the Allanite hacking organization did not successfully access the operating network. However, as confirmed by Dragos, the Allanite hacking organization did collect a large amount of information directly from the ICS network, but it has not caused any actual damage or damage so far. The company believes that after a successful attack on an industrial system, a malicious attacker can obtain a large amount of information that can be used to support its destructive attack capabilities and launch full-scale impact when appropriate.
Source: securityaffairs