REGISTRATION NOW OPEN:

Join us for our 9th Annual DISC Conference exclusively for OT asset owners & operators.

Register Now
Skip to main content
Threat Groups

Your first line of defense against adversaries

Powered by human intelligence, Dragos’ main threat detection method is based on analytics codified by our Threat Intelligence team. Our experts track adversary behaviors and extract their tactics, techniques, and procedures (TTP), which are then characterized into threat analytics we use to power the Dragos Platform’s accurate threat detection capabilities.

Request a Demo
Dragos ot Cybersecurity threat groups

What goes into tracking the world’s top Industrial Threat Groups?

Dragos collects and analyzes information on cyber intrusions and attempts to compromise ICS networks
We create profiles of known groups targeting ICS environments so we can focus on how they operate
Finally, we establish robust analytics with comprehensive data around actions, capabilities, and intentions

Threat Groups We’re Tracking

The Threat Group reports below are compiled by our expert practitioners to provide awareness about your threat landscape and evolving threats, so you can create defensive plans to protect your ICS environments.

a token from CHERNOVITE has the capability to disrupt, degrade, and potentially destroy industrial environments and physical processes in industrial environments.
CHERNOVITE
since 2021
Development of ICS malware to disrupt, degrade, and destroy industrial environments and processes.
TALONITE
TALONITE
since 2019
Spearphishing with malicious documents or executables for initial access compromise.
KAMACITE
KAMACITE
since 2014
Spearphishing, exploiting SOHO routers, and leveraging custom capabilities to enable ELECTRUM operations.
Vanadinite adversary group trading card from Dragos
VANADINITE
since 2019
Targets vulnerable external-facing network appliances to access IT networks and establish foothold.
Xenotime logo
XENOTIME
since 2014
Development of ICS malware for physical disruption causing unsafe conditions and long-term persistence.
dymalloy logo
DYMALLOY
since 2016
Deep ICS environment information gathering, including operator credentials and industrial processes.
Magnallium logo
MAGNALLIUM
since 2017
Relies on phishing campaigns, password spraying, and malware delivery for reconnaissance.
hexane logo
HEXANE
since 2018
Uses third-party connections from telecom providers for network access to industrial organizations.
Parisite logo
PARISITE
since 2017
Exploits known VPN vulnerabilities and open-source pentesting tools for reconnaissance, initial access, C2.
Chrysene logo
CHRYSENE
since 2017
Watering-hole attacks, malware, and covert communication for reconnaissance.

Dragos Threat Intelligence

Want more in-depth visibility of adversaries, vulnerabilities and threats? Full reports detailing the tactics, techniques, and procedures (TTP) and Dragos’ research is available to our Threat Intelligence subscribers. Request a free 30-day trial today.

View Threat Intelligence

Related Threat Activity Resources

View More
Press Releases
Threat Groups Threat Intelligence Year In Review
Dragos Reports OT/ICS Cyber Threats Escalate Amid Geopolitical Conflicts and Increasing…
Calendar Icon
Read More
Reports
Europe European Union Threat Groups Threat Hunting Threat Intelligence
Understanding the Evolution & Growth of the European OT Threat Landscape
Read More
View More