DHS Releases Additional Information Regarding Targeted Activity Against Critical Infrastructure

On October 20, 2017 the U.S. Department of Homeland Security released TA17-293A providing significant detail regarding targeted activity against critical infrastructure organization as well as the government. Definitive attribution of this activity is not given; however, the DHS alert does mention that a recent report by Symantec on the actor it calls "Dragonfly" does align with activity described in TA17-293A. Symantec equates Dragonfly to "Energetic Bear" which is a named used by CrowdStrike to describe a Russian adversary that has historically targeted the energy sector.

Although not specifically called out in TA17-293A, this appears to be additional details regarding the same campaign that was widely reported in the media in July. The Cyber Intelligence and Policy Project (CIPP) wrote a blog post related to this activity in July.

Below is a consolidated list of indicators provided by DHS in TA17-293A. CIPP is continuing to conduct analysis to find additional publicly available information that may shed some more light on this campaign.

038a97b4e2f37f34b255f0643e49fc9d

31008de622ca9526f5f4a1dd3f16f4ea

5acc56c93c5ba1318dd2fa9c3509d60b

65a1a73253f04354886f375b59550b46

722154a36f32ba10e98020a8ad758a7a

8341e48a6b91750d99a8295c97fd55d5

99aa0d0eceefce4c0856532181b449b1

a6d36749eebbbc51b552e5803ed1fd58

4383c60926261d467662f95b11efc044

e29d1f5d79cd906f75c88177c7f6168e

04738ca02f59a5cd394998a99fcd9613

3b6c3df08e99b40148548e96cd1ac872

5dbef7bddaf50624e840ccbce2816594

61c909d2f625223db2fb858bbdf42a76

61e2679cd208e0a421adc4940662c583

7dbfa8cbb39192ffe2a930fc5258d4c1

8943e71a8c73b5e343aa9d2e19002373

a07aa521e7cafb360294e56969eda5d6

aa905a3508d9309a93ad5c0ec26ebc9b

aeee996fd3484f28e5cd85fe26b6bdcd

ba756dd64c1147515ba2298b6a760260
 

5.153.58.45
91.183.104.150
67.199.248.10
104.20.219.42
192.81.76.117
187.130.251.249
184.154.150.66
2.229.10.193
41.78.157.34
176.53.11.130
82.222.188.18
130.25.10.158
41.205.61.221
5.150.143.107
193.213.49.115
195.87.199.197
167.114.44.147  
imageliners[.]com
bit[.]ly/2m0x8IH                                                                                                                        tinyurl[.]com/h3sdqck