A joint Technical Alert, TA17–293A, released over the weekend by the FBI and Department of Homeland Security describing the activities of a Russian APT may contain signatures and rules likely to trigger false positives in some security systems.
The alert, made available Saturday morning, dissects the activity of the Dragonfly APT, also known as Energetic Bear, Crouching Yeti and a host of other nicknames. The group targets energy sector and other critical utilities including nuclear, as well as government agencies and manufacturing.
