## The Cyber Shafarat - Treadstone 71

#### We See What Others Cannot – WWW.TREADSTONE71.COM

**[ADVERSARIES, ANONYMOUS, ASHIYANE, BEHAVIOR ANALYSIS, CEO, CFO, CICBK, CICMM, CIO, CISO,](https://cybershafarat.com/category/adversaries/)**
**[CLANDESTINE, COUNTERINTELLIGENCE, COUNTERSTRIKE, CYBER INTELLIGENCE, CYBER INTELLIGENCE](https://cybershafarat.com/category/clandestine/)**
**[CAPABILITY MATURITY MODEL, CYBER INTELLIGENCE CBK, CYBER INTELLIGENCE COMMON BODY OF](https://cybershafarat.com/category/cyber-intelligence-cbk/)**
**[KNOWLEDGE, CYBER OPERATIONS, CYBER PSYOPS, CYBER THREAT INTELLIGENCE, CYBER TRAINING, CYBER](https://cybershafarat.com/category/cyber-operations-2/)**
**[WARFARE, ESPIONAGE, GRU, HUMINT, HUNT, ICS, INCIDENT RESPONSE, INFORMATION SECURITY, INFOSEC,](https://cybershafarat.com/category/espionage/)**
**[INTELLIGENCE ANALYSIS, INTELLIGENCE ESTIMATE, INTELLIGENCE TRAINING, OSINT, PLC, PROGRAMMABLE](https://cybershafarat.com/category/intelligence-analysis/)**
**[LOGIC CONTROLLER, REPORTING, RSA CONFERENCE, RUSSIA, SABOTAGE, SANS, SANSPAPER, SANSTIP, SCADA,](https://cybershafarat.com/category/reporting/)**
**[TARGET CENTRIC, TARGET-CENTRIC, THREAT INTELLIGENCE, THREAT INTELLIGENCE TRAINING, TRADECRAFT,](https://cybershafarat.com/category/target-centric/)**
**[TREADSTONE 71 CYBER INTELLIGENCE CAPABILITY MATURITY MODEL](https://cybershafarat.com/category/treadstone-71-cyber-intelligence-capability-maturity-model/)**

# Dragonfly 2.0? Delta Elektroniks and Pre-embedded Malware


-----

**[Date: 06/09/2017Author: Treadstone 71 �](https://cybershafarat.com/2017/09/06/dragonflydelta/)** **0 Comments**


-----

### Delta Elektroniks highly likely supported by the Russian government and a direct threat to energy sector supply chain operations

Treadstone 71 asserts with high confidence that Delta Elektroniks (DE) is likely a front company directly associated with Energetic
Bear (Dragonfly), and the equipment purchased from DE is vulnerable to supply chain threats due to malware embedded in the
Taiwanese Delta Electronics (T-DE) programmable logic controller (PLC) software. T-DE is not aware of the infections allowing
customers to download and install infected PLC software for the initial purposes of cyber espionage. Long term intentions include
possible physical sabotage operations. The PLCs appear to be genuine production parts with malware introduced post
production. Verification of Oleg Vladimirovich Strekozov’s identity is incomplete; the name is likely fictitious and probably statesponsored. Evidence that suggests this outcome:

Malware Targets SCADA Devices

TTPs are like Dragonfly or Energetic Bear (B2)
Targeting SCADA devices is consistent with espionage practices (B2)

Provides hackers a foothold into US critical infrastructure Delta Website in Taiwan
A copycat website in Russia is suspicious and consistent with masquerade techniques (C3)
A legitimate Russian business would not conduct themselves in such a way (C2)
Multiple other sites deliver the same software (C3) …

[The full report: Intelligence Games in the Power Grid – 2016](https://treadstone71llc.files.wordpress.com/2017/09/intelligence-games-in-the-power-grid-2016.pdf)

[The associated PPTX: Treadstone 71 Intelligence Games in the Power Grid](https://treadstone71llc.files.wordpress.com/2017/09/treadstone-71-intelligence-games-in-the-power-grid.pdf)

Many of the original files are located here: http://ow.ly/3Ly730f2P0A

Use Hybrid-Analysis.com or https://joesecurity.org/

Recent reports from Symantec:

[http://www.eweek.com/security/dragonfly-2.0-hackers-targeting-the-energy-sector-symantec-finds](http://www.eweek.com/security/dragonfly-2.0-hackers-targeting-the-energy-sector-symantec-finds)

[https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group](https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group)


-----

**[DELTA ELECTRONICS](https://cybershafarat.com/tag/delta-electronics/)** **[DELTA ELEKTRONIKS](https://cybershafarat.com/tag/delta-elektroniks/)** **[ENERGY](https://cybershafarat.com/tag/energy/)** **[HACKING](https://cybershafarat.com/tag/hacking/)** **[MILITARY](https://cybershafarat.com/tag/military/)** **[OPEN SOURCE](https://cybershafarat.com/tag/open-source/)** **[PLC](https://cybershafarat.com/tag/plc/)** **[SCADA](https://cybershafarat.com/tag/scada/)** **[STUXNET](https://cybershafarat.com/tag/stuxnet/)** **[TECHNIQUES](https://cybershafarat.com/tag/techniques/)**

## Published by Treadstone 71

@Treadstone71LLC cyber intelligence, counterintelligence, infiltration, OSINT, Clandestine Cyber HUMINT, cyber intel and
[OSINT training and analysis, cyber psyops, strategic cyber security, Interim CISO Services View all posts by Treadstone 71](https://cybershafarat.com/author/jeffbardin/)

**[© 2017 THE CYBER SHAFARAT - TREADSTONE 71](https://cybershafarat.com/)**

**[BLOG AT WORDPRESS.COM.](https://wordpress.com/?ref=footer_blog)**


-----