ICS

H  Activity  Alert  APT  Attacks/Hacks  BigBrother  BotNet  CERT  Crime  Cryptocurrency  Exploit  GHDB  ICS  Incident  Malware  MITRE  Phishing  Ransom  Spam  Vulnerebility  List 

H  ATT&CK Matrix for Enterprise  PRE-ATT&CK Techniques  Mobile Techniques  Software  ICS CERT  H  Tactics  Techniques  Technique Matrix  Software  Groups 

Source: https://attack.mitre.org/

The MITRE ATT&CK for ICS Matrix™ is an overview of the tactics and techniques described in the ATT&CK for ICS knowledge base. It visually aligns individual techniques under the tactics in which they can be applied. Some techniques span more than one tactic because they can be used for different purposes.

• Raspite - active since at least 2017, targets the utility sector (political and strategic targets in the Middle East)

• Chrysene (OilRig, APT34, Greenbug) - in the game since at least mid-2017, focuses on electric utilities, oil and gas companies in Europe, North America, and the Middle East; likely involved in the development of ZeroCleare data-wiping malware

• Allanite - carries ICS intrusion and reconnaissance operations against victims in the U.S. and the U.K.

• Dyalloy - active since at least 2015, typically focuses on energy companies and advanced industry organizations in Europe, Turkey, and North America. In 2019 the group targeted entities in Ukraine; relies on commodity malware Goodor, DorShel, and Karagany

• Xenotime - carries out disruptive attacks, considered the most dangerous of the bunch tracked by Dragos; deployed the Triton/Trisis malware in an oil and gas facility in 2017

• Magnallium - initially focused on oil and gas targets in the Middle East, expanded to the North America region to attack companies electric utilities, government, and financial institutions; in 2019 it gained the capability to disrupt and destroy via malware that Dragos named Killgrave, likely developed in collaboration with Parisite