GANANITE

Impersonates victims, exploits vulnerabilities, targets internet-exposed endpoints, and exfiltrates data.

THREAT DESCRIPTION

GANANITE targets critical infrastructure and government entities in the Commonwealth of Independent States and Central Asian nations, focusing on espionage and data theft.

GANANITE targets critical infrastructure and government entities in the Commonwealth of Independent States and Central Asian nations, focusing on espionage and data theft with the possibility of handing off initial access to other threat groups.

Although GANANITE has not yet shown evidence of moving into OT networks or an elevated capability resembling Stage 2 actions, their assessed capabilities show efficient use of multiple phases across Stage 1 of the ICS Kill Chain.

Industrial organizations in Europe and Central Asia face a significant risk from GANANITE due to their initial intrusion capabilities, post-compromise espionage TTPs, and intellectual property theft, all of which can be used in follow-on attacks against the victim organizations.

Date: Since 2022

ADVERSARY

Overlap with YORO TROOPER, TOMIRIS, STURGEON PHISHER

CAPABILITIES

Uses multiple remote access trojans (RATs) & public proofs of concept exploits
Credential phishing via lookalike domains to obtain credentials

VICTIM

Targets Commonwealth of Independent States & Central Asia
Focus on Oil & Gas, Logistics, Transportation, and Government entities

INFRASTRUCTURE

Frequent use of VPNs and anonymizing infrastructure
Uses telegram bot for data exfiltration

ICS IMPACT

Loss of convention confidentiality, Theft of operations information
Espionage, exfiltration, initial access, data theft

Explore Threat Groups

VOLTZITE

September 4, 2025 11:25 AM
HEXANE

September 4, 2025 11:23 AM
CHERNOVITE

September 4, 2025 11:19 AM