{ "type": "bundle", "id": "bundle--bb0972a5-450a-4e6d-b585-e3b2a771a600", "spec_version": "2.0", "objects": [ { "aliases": [ "ALLANITE", "Palmetto Fusion" ], "x_mitre_domains": [ "ics-attack" ], "x_mitre_contributors": [ "Dragos Threat Intelligence" ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "intrusion-set", "id": "intrusion-set--190242d7-73fc-4738-af68-20162f7a5aae", "created": "2017-05-31T21:31:57.307Z", "x_mitre_version": "1.0", "external_references": [ { "source_name": "mitre-attack", "external_id": "G1000", "url": "https://attack.mitre.org/groups/G1000" }, { "source_name": "Dragos", "url": "https://dragos.com/resource/allanite/", "description": "Dragos Allanite Retrieved. 2019/10/27 " } ], "x_mitre_deprecated": false, "revoked": false, "description": "[ALLANITE](https://attack.mitre.org/groups/G1000) is a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within the United States and United Kingdom. The group's tactics and techniques are reportedly similar to [Dragonfly](https://attack.mitre.org/groups/G0035), although [ALLANITE](https://attack.mitre.org/groups/G1000)s technical capabilities have not exhibited disruptive or destructive abilities. It has been suggested that the group maintains a presence in ICS for the purpose of gaining understanding of processes and to maintain persistence. (Citation: Dragos)", "modified": "2022-05-24T19:26:10.721Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "name": "ALLANITE", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }