On October 20, 2017 the U.S. Department of Homeland Security released TA17-293A providing significant detail regarding targeted activity against critical infrastructure organization as well as the government. Definitive attribution of this activity is not given; however, the DHS alert does mention that a recent report by Symantec on the actor it calls "Dragonfly" does align with activity described in TA17-293A. Symantec equates Dragonfly to "Energetic Bear" which is a named used by CrowdStrike to describe a Russian adversary that has historically targeted the energy sector.
Although not specifically called out in TA17-293A, this appears to be additional details regarding the same campaign that was widely reported in the media in July. The Cyber Intelligence and Policy Project (CIPP) wrote a blog post related to this activity in July.
Below is a consolidated list of indicators provided by DHS in TA17-293A. CIPP is continuing to conduct analysis to find additional publicly available information that may shed some more light on this campaign.