Havex (Dragonfly RAT).

An ICS-aware remote access trojan used by the Dragonfly / Energetic Bear / Berserk Bear group between 2013 and 2014 in espionage campaigns against Western energy and manufacturing sectors, notable for scanning OPC servers from inside victim networks. Pertence à categoria OT / ICS / IoT da cibersegurança.

An ICS-aware remote access trojan used by the Dragonfly / Energetic Bear / Berserk Bear group between 2013 and 2014 in espionage campaigns against Western energy and manufacturing sectors, notable for scanning OPC servers from inside victim networks.

Havex is a modular remote-access trojan used by the threat group variously called Dragonfly (Symantec), Energetic Bear (CrowdStrike), and Berserk Bear (others), widely attributed to Russian state interests. It was the primary RAT in a 2013–2014 espionage campaign documented by F-Secure, Symantec, and ICS-CERT against energy, defense, and pharmaceutical companies across Europe and North America. Distribution combined spear-phishing, watering-hole compromises of energy-sector websites, and trojanized installers downloaded from compromised ICS vendor sites — the first widely reported supply-chain attacks on ICS engineering software vendors. The notable ICS-specific behavior was an OPC-scanning module: once inside a victim network, Havex enumerated OPC Classic servers and gathered DCOM-exposed information about the connected industrial devices, suggesting reconnaissance for later disruptive operations rather than immediate sabotage. Havex is a landmark case for ICS defenders because it demonstrated that espionage-grade tooling routinely reaches OT engineering segments via IT compromises and trojanized vendor downloads.

As defesas contra Havex (Dragonfly RAT) costumam combinar controles técnicos e práticas operacionais, conforme detalhado na definição acima.

Nomes alternativos comuns: Dragonfly RAT, Energetic Bear RAT.