Free Webinar:

Join us Aug. 18 to understand TSA's New Pipeline Security Directive and what the requirements mean for critical pipelines and natural gas facilities.

Skip to main content
Threat Activity Groups

Your first line of defense against adversaries

Powered by human intelligence, Dragos’ main threat detection method is based on analytics codified by our Threat Intelligence team. Our experts track adversary behaviors and extract their tactics, techniques, and procedures (TTP), which are then characterized into threat analytics we use to power the Dragos Platform’s accurate threat detection capabilities.

Dragos Industrial Cybersecurity

What goes into tracking the world’s top Industrial Threat Activity Groups?

Dragos collects and analyzes information on cyber intrusions and attempts to compromise ICS networks
We create profiles of known groups targeting ICS environments so we can focus on how they operate
Finally, we establish robust analytics with comprehensive data around actions, capabilities, and intentions

Learn how we classify activity groups.

Sergio Caltagirone, Vice President of Threat Intelligence, shares how to properly leverage the Diamond Model for Intrusion Analysis to stop incidents and categorize threat activity.
Watch Webinar

Threat Activity Groups We’re Tracking

The Threat Activity Group reports below are compiled by our expert practitioners to provide awareness about your threat landscape and evolving threats, so you can create defensive plans to protect your ICS environments.

a token from CHERNOVITE has the capability to disrupt, degrade, and potentially destroy industrial environments and physical processes in industrial environments.
CHERNOVITE
since 2021
CHERNOVITE has the capability to disrupt, degrade, and potentially destroy industrial environments and physical processes in industrial environments.
ERYTHRITE adversary group trading card from Dragos
ERYTHRITE
since 2020
ERYTHRITE is an activity group that broadly targets organizations in the U.S. and Canada with ongoing, iterative malware campaigns.
KOSTOVITE adversary group PETROVITE trading card from Dragos
KOSTOVITE
since 2021
In March of 2021, the activity group KOSTOVITE compromised a renewable energy operator.
adversary group PETROVITE trading card from Dragos
PETROVITE
since 2019
PETROVITE demonstrates Stage 1 of the ICS Kill Chain capabilities and targets mining and energy operations in Kazakhstan.
TALONITE
TALONITE
since 2019
Focused on physical destruction and long-term persistence
KAMACITE
KAMACITE
since 2014
Known to facilitate operations leading to disruptive ICS attack
STIBNITE
STIBNITE
since 2019
VPN compromise of IT networks to conduct reconnaissance
Vanadinite adversary group trading card from Dragos
VANADINITE
since 2019
IT compromise and information gathering
Xenotime logo
XENOTIME
since 2014
Focused on physical destruction and long-term persistence
Covellite Icon
COVELLITE
since 2017
IT compromise with hardened anti-analysis malware against industrial orgs
Electrum Icon
ELECTRUM
since 2016
Electric grid disruption and long-term persistence
dymalloy logo
DYMALLOY
since 2016
Deep ICS environment information gathering, operator credentials, industrial process details
Magnallium logo
MAGNALLIUM
since 2017
IT network limited, information gathering against industrial orgs
Raspite logo
RASPITE
since 2017
IT network limited, information gathering on electric utilities with some similarities to CHRYSENE
hexane logo
HEXANE
since 2018
IT compromise and information gathering against ICS entities
Parisite logo
PARISITE
since 2017
VPN compromise of IT networks to conduct reconnaissance
wassonite logo
WASSONITE
since 2018
IT compromise and information gathering
Allanite icon
ALLANITE
since 2017
Watering-hole and phishing leading to ICS recon and screenshot collection
Chrysene logo
CHRYSENE
since 2017
IT compromise, information gathering and recon against industrial orgs

Dragos Threat Intelligence

Want more in-depth visibility of adversaries, vulnerabilities and threats? Full reports detailing the tactics, techniques, and procedures (TTP) and Dragos’ research is available to our Threat Intelligence subscribers. Request a free 30-day trial today.