ICS H Tactics Techniques Technique Matrix Software Groups
The MITRE ATT&CK for ICS Matrix™ is an overview of the tactics and techniques described in the ATT&CK for ICS knowledge base. It visually aligns individual techniques under the tactics in which they can be applied. Some techniques span more than one tactic because they can be used for different purposes.
Raspite - active since at least 2017, targets the utility sector (political and strategic targets in the Middle East)
Chrysene (OilRig, APT34, Greenbug) - in the game since at least mid-2017, focuses on electric utilities, oil and gas companies in Europe, North America, and the Middle East; likely involved in the development of ZeroCleare data-wiping malware
Allanite - carries ICS intrusion and reconnaissance operations against victims in the U.S. and the U.K.
Dyalloy - active since at least 2015, typically focuses on energy companies and advanced industry organizations in Europe, Turkey, and North America. In 2019 the group targeted entities in Ukraine; relies on commodity malware Goodor, DorShel, and Karagany
Xenotime - carries out disruptive attacks, considered the most dangerous of the bunch tracked by Dragos; deployed the Triton/Trisis malware in an oil and gas facility in 2017
Magnallium - initially focused on oil and gas targets in the Middle East, expanded to the North America region to attack companies electric utilities, government, and financial institutions; in 2019 it gained the capability to disrupt and destroy via malware that Dragos named Killgrave, likely developed in collaboration with Parisite