Havex (Dragonfly RAT).

An ICS-aware remote access trojan used by the Dragonfly / Energetic Bear / Berserk Bear group between 2013 and 2014 in espionage campaigns against Western energy and manufacturing sectors, notable for scanning OPC servers from inside victim networks. サイバーセキュリティの OT / ICS / IoT カテゴリに属します。

An ICS-aware remote access trojan used by the Dragonfly / Energetic Bear / Berserk Bear group between 2013 and 2014 in espionage campaigns against Western energy and manufacturing sectors, notable for scanning OPC servers from inside victim networks.

Havex is a modular remote-access trojan used by the threat group variously called Dragonfly (Symantec), Energetic Bear (CrowdStrike), and Berserk Bear (others), widely attributed to Russian state interests. It was the primary RAT in a 2013–2014 espionage campaign documented by F-Secure, Symantec, and ICS-CERT against energy, defense, and pharmaceutical companies across Europe and North America. Distribution combined spear-phishing, watering-hole compromises of energy-sector websites, and trojanized installers downloaded from compromised ICS vendor sites — the first widely reported supply-chain attacks on ICS engineering software vendors. The notable ICS-specific behavior was an OPC-scanning module: once inside a victim network, Havex enumerated OPC Classic servers and gathered DCOM-exposed information about the connected industrial devices, suggesting reconnaissance for later disruptive operations rather than immediate sabotage. Havex is a landmark case for ICS defenders because it demonstrated that espionage-grade tooling routinely reaches OT engineering segments via IT compromises and trojanized vendor downloads.

Havex (Dragonfly RAT) に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Dragonfly RAT, Energetic Bear RAT。