Havex (Dragonfly RAT).

An ICS-aware remote access trojan used by the Dragonfly / Energetic Bear / Berserk Bear group between 2013 and 2014 in espionage campaigns against Western energy and manufacturing sectors, notable for scanning OPC servers from inside victim networks. 它属于网络安全的 OT / ICS / 物联网 分类。

An ICS-aware remote access trojan used by the Dragonfly / Energetic Bear / Berserk Bear group between 2013 and 2014 in espionage campaigns against Western energy and manufacturing sectors, notable for scanning OPC servers from inside victim networks.

Havex is a modular remote-access trojan used by the threat group variously called Dragonfly (Symantec), Energetic Bear (CrowdStrike), and Berserk Bear (others), widely attributed to Russian state interests. It was the primary RAT in a 2013–2014 espionage campaign documented by F-Secure, Symantec, and ICS-CERT against energy, defense, and pharmaceutical companies across Europe and North America. Distribution combined spear-phishing, watering-hole compromises of energy-sector websites, and trojanized installers downloaded from compromised ICS vendor sites — the first widely reported supply-chain attacks on ICS engineering software vendors. The notable ICS-specific behavior was an OPC-scanning module: once inside a victim network, Havex enumerated OPC Classic servers and gathered DCOM-exposed information about the connected industrial devices, suggesting reconnaissance for later disruptive operations rather than immediate sabotage. Havex is a landmark case for ICS defenders because it demonstrated that espionage-grade tooling routinely reaches OT engineering segments via IT compromises and trojanized vendor downloads.

针对 Havex (Dragonfly RAT) 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: Dragonfly RAT, Energetic Bear RAT。