Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it. What is clear is that Dragonfly is a highly experienced threat actor, capable of compromising numerous organizations, stealing information, and gaining access to key systems. What it plans to do with all this intelligence has yet to become clear, but its capabilities do extend to materially disrupting targeted organizations should it choose to do so.
Symantec customers are protected against Dragonfly activity, Symantec has also made efforts to notify identified targets of recent Dragonfly activity. Symantec has also developed a list of Indicators of Compromise to assist in identifying Dragonfly activity:. Dragonfly relies heavily on stolen credentials to compromise a network. Important passwords, such as those with high privileges, should be at least characters long and preferably longer and include a mixture of letters and numbers.
Encourage users to avoid reusing the same passwords on multiple websites and sharing passwords with others should be forbidden. Delete unused credentials and profiles and limit the number of administrative-level profiles created. Emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single point failures in any specific technology or protection method. This should include the deployment of regularly updated firewalls as well as gateway antivirus, intrusion detection or protection systems IPS , website vulnerability with malware protection, and web security gateway solutions throughout the network.
Implement and enforce a security policy whereby any sensitive data is encrypted at rest and in transit.
Ensure that customer data is encrypted as well. This can help mitigate the damage of potential data leaks from within an organization. Implement SMB egress traffic filtering on perimeter devices to prevent SMB traffic leaving your network onto the internet. Beyond technical understanding of the group, strategic intelligence that informs the motivation, capability, and likely next moves of the adversaries ensures more timely and effective decisions in proactively safeguarding your environment from these threats.
A dragonfly is an insect belonging to the order Odonata, infraorder Anisoptera Adult dragonflies are characterized by large, multifaceted eyes, two pairs of strong. According to press reports, Dragonfly is an Internet search engine app being prototyped by Google that is designed to be compatible with China's state.
The Attack Investigation Team is a group of security experts within Symantec Security Response whose mission is to investigate targeted attacks, drive enhanced protection in Symantec products, and offer analysis which helps customers respond to attacks. Security Response Attack Investigation Team.
An outline of the Dragonfly group's activities in its most recent campaign. This toolkit became generally available on GitHub in late , As well as sending malicious emails, the attackers also used watering hole attacks to harvest network credentials, by compromising websites that were likely to be visited by those involved in the energy sector. Links between current and earlier Dragonfly cyber attack campaigns. Clues or false flags? However, some were also in French, which indicates that one of these languages may be a false flag.
The Phishery toolkit became available on Github in , and a tool used by the group—Screenutil—also appears to use some code from CodeProject. The attackers also did not use any zero days. Some code strings in the malware were in Russian. Protection Symantec customers are protected against Dragonfly activity, Symantec has also made efforts to notify identified targets of recent Dragonfly activity. Symantec has the following specific detections in place for the threats called out in this blog: Karagany Symantec has also developed a list of Indicators of Compromise to assist in identifying Dragonfly activity: Best Practices Dragonfly relies heavily on stolen credentials to compromise a network.
We encourage you to share your thoughts on your favorite social platform. We respect your privacy.
Google's first China-specific platform, Google. Unlike Dragonfly, though, Google. In January , Google fell victim to Operation Aurora , a sophisticated series of cyberattacks carried out by Chinese hackers who targeted a number of major U.
Other critics alleged that Google's shuttering of Google. Since March , when Google stopped servicing China via Google. It currently clocks in at million users, but could grow to 1.
Google's advertising strategy is highly targeted: Google has missed out on nearly a decade of data on prospective Chinese users, making that advertising strategy difficult to execute, at least immediately. Project Dragonfly has been subject to harsh criticism, particularly from Google employees and users. They argued that a Dragonfly launch would set a precedent for the implementation of censored Google services in other countries, and expressed concern about Dragonfly's potential to contribute to a program of widespread state surveillance in China. Purchasing alcohol and jaywalking reduce a citizen's score, for example, while purchasing diapers increases it.
Chinese corporations are required by law to disclose the consumer data they collect to the government, presumably in part so it can be used to calculate these scores. Following the publication of the second Intercept article about the project, which alleged that Google bypassed standard security and privacy checks of Dragonfly, Google engineer Liz Fong-Jones tweeted a proposal for Google employees worldwide to go on strike.
American politicians have also spoken out against Project Dragonfly. In a speech in October , U. Vice President Mike Pence called for an end to Google's development of the Dragonfly search engine, and said that, if launched, it would strengthen Communist Party censorship and compromise the privacy of Chinese customers.
Amid widespread backlash, one contingent of Google employees has expressed its support for the project. In late November , a Google employee submitted an unsigned letter to TechCrunch , an online technology news platform, calling for work on Dragonfly to continue because the project aligns with Google's mission to "organize the world's information and make it universally accessible and useful. From Wikipedia, the free encyclopedia.
Retrieved September 26, Here's why that's so controversial". Google suppressed an explosive memo about its Chinese search engine". Retrieved October 10, South China Morning Post.
Retrieved November 27, Retrieved October 16, Retrieved December 8,