Defending Against the Dragonfly Cybersecurity Attack Part B – Analyzing the Malware

Download Now


The age of malware specifically targeting industrial control systems (ICS) began in 2010 when Stuxnet1 was revealed to be disrupting operations at one of Iran’s nuclear enrichment facilities. Recently, a sophisticated malware, known as Dragonfly by some and Energetic Bear by others, was discovered executing cyber espionage on industrial facilities. This white paper analyzes the Dragonfly malware campaign, looking at its targets, its methods of attacks, its results and what it means for defending operations from similar attacks with the goal of improving cyber resilience.

Learn about the components of the Dragonfly malware campaign and how it signals a new era of Offense in Depth. The white paper details:

  • The arsenal of attack vectors used to infect organizations
  • The three malware components involved: Havex, Sysmain and Karagany
  • How Trojanized software from trusted supply chain vendors was a pathway to control systems
  • How the malware was updated over time through the use of a Command and Control infrastructure
  • New insights about ICS security gained from understanding Dragonfly