ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Allanite

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Allanite

NamesAllanite (Dragos)
Palmetto Fusion (DHS)
Country[Unknown]
MotivationInformation theft and espionage
First seen2017
Description(Dragos) Allanite accesses business and industrial control (ICS) networks, conducts reconnaissance, and gathers intelligence in United States and United Kingdom electric utility sectors. Dragos assesses with moderate confidence that Allanite operators continue to maintain ICS network access to: (1) understand the operational environment necessary to develop disruptive capabilities, (2) have ready access from which to disrupt electric utilities.

Allanite uses email phishing campaigns and compromised websites called watering holes to steal credentials and gain access to target networks, including collecting and distributing screenshots of industrial control systems. Allanite operations limit themselves to information gathering and have not demonstrated any disruptive or damaging capabilities.

Allanite conducts malware-less operations primarily leveraging legitimate and available tools in the Windows operating system.
ObservedSectors: Energy.
Countries: UK, USA.
Tools usedInveigh, PsExec, SecreetsDump, THC Hydra and Powershell scripts.
Information<https://dragos.com/resource/allanite/>
MITRE ATT&CK<https://attack.mitre.org/groups/G1000/>

Last change to this card: 30 December 2022

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]