Havex (Dragonfly RAT).

An ICS-aware remote access trojan used by the Dragonfly / Energetic Bear / Berserk Bear group between 2013 and 2014 in espionage campaigns against Western energy and manufacturing sectors, notable for scanning OPC servers from inside victim networks. Pertenece a la categoría de OT / ICS / IoT en ciberseguridad.

An ICS-aware remote access trojan used by the Dragonfly / Energetic Bear / Berserk Bear group between 2013 and 2014 in espionage campaigns against Western energy and manufacturing sectors, notable for scanning OPC servers from inside victim networks.

Havex is a modular remote-access trojan used by the threat group variously called Dragonfly (Symantec), Energetic Bear (CrowdStrike), and Berserk Bear (others), widely attributed to Russian state interests. It was the primary RAT in a 2013–2014 espionage campaign documented by F-Secure, Symantec, and ICS-CERT against energy, defense, and pharmaceutical companies across Europe and North America. Distribution combined spear-phishing, watering-hole compromises of energy-sector websites, and trojanized installers downloaded from compromised ICS vendor sites — the first widely reported supply-chain attacks on ICS engineering software vendors. The notable ICS-specific behavior was an OPC-scanning module: once inside a victim network, Havex enumerated OPC Classic servers and gathered DCOM-exposed information about the connected industrial devices, suggesting reconnaissance for later disruptive operations rather than immediate sabotage. Havex is a landmark case for ICS defenders because it demonstrated that espionage-grade tooling routinely reaches OT engineering segments via IT compromises and trojanized vendor downloads.

Las defensas contra Havex (Dragonfly RAT) combinan habitualmente controles técnicos y prácticas operativas, como se detalla en la definición.

Nombres alternativos comunes: Dragonfly RAT, Energetic Bear RAT.