GANANITE targets critical infrastructure and government entities in the Commonwealth of Independent States and Central Asian nations, focusing on espionage and data theft. 

GANANITE targets critical infrastructure and government entities in the Commonwealth of Independent States and Central Asian nations, focusing on espionage and data theft with the possibility of handing off initial access to other threat groups.  

Although GANANITE has not yet shown evidence of moving into OT networks or an elevated capability resembling Stage 2 actions, their assessed capabilities show efficient use of multiple phases across Stage 1 of the ICS Kill Chain. 

Industrial organizations in Europe and Central Asia face a significant risk from GANANITE due to their initial intrusion capabilities, post-compromise espionage TTPs, and intellectual property theft, all of which can be used in follow-on attacks against the victim organizations.

About Dragos Threat Intelligence

Dragos threat intelligence leverages the Dragos Platform, our threat operations center, and other sources to provide comprehensive insight into threats affecting industrial control security and safety worldwide. Dragos does not corroborate nor conduct political attribution to threat activity. Dragos instead focuses on threat behaviors and appropriate detection and response. Read more about Dragos’s approach to categorizing threat activity and attribution.  

Dragos does not publicly describe ICS threat group technical details except in extraordinary circumstances in order to limit tradecraft proliferation. However, full details on GANANITE and other group tools, techniques, procedures, and infrastructure are available to network defenders via Dragos WorldView.