At Dragos, we track a number of Activity Groups. By collecting and analyzing cyber intrusions or attempts to compromise ICS networks, we have created profiles of the known groups targeting ICS environments. Dragos does not attribute behaviors to individuals or nation-states. Instead, we focus not on who but on how they operate. This allows Dragos to create robust analytics that provide comprehensive data around actions, capabilities, and intentions which defenders can use in creating defensive plans.
With this project, Dragos is putting our Activity Groups in one place. Here, you will find high-level information compiled by the Threat Intelligence team, outlining the descriptions, associations, capabilities, and victimology of each Activity Group. Full reports detailing the TTPs and Dragos’ research is available to our WorldView subscribers.