ETDA ThaiCERT
Report
Search
Home > List all groups > Allanite

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Allanite

NamesAllanite (Dragos)
Palmetto Fusion (DHS)
Country[Unknown]
MotivationInformation theft and espionage
First seen2017
Description(Dragos) Allanite accesses business and industrial control (ICS) networks, conducts reconnaissance, and gathers intelligence in United States and United Kingdom electric utility sectors. Dragos assesses with moderate confidence that Allanite operators continue to maintain ICS network access to: (1) understand the operational environment necessary to develop disruptive capabilities, (2) have ready access from which to disrupt electric utilities.

Allanite uses email phishing campaigns and compromised websites called watering holes to steal credentials and gain access to target networks, including collecting and distributing screenshots of industrial control systems. Allanite operations limit themselves to information gathering and have not demonstrated any disruptive or damaging capabilities.

Allanite conducts malware-less operations primarily leveraging legitimate and available tools in the Windows operating system.
ObservedSectors: Energy.
Countries: UK, USA.
Tools usedInveigh, PsExec, SecreetsDump, THC Hydra and Powershell scripts.
Information<https://dragos.com/resource/allanite/>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: Aggah
Next: Anchor Panda, APT 14

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key