The following material was compiled from a variety of relability sources, and contains information covering the various aspects of the Dragonfly/Energetic Bear campaign and the Havex trojan directly and indirectly targeting industrial control systems. If you find anything new and useful, including some sample binary code, please email me.

Dragonfly (Security Response) - Version 1.0 - published by Symantec June 30, 2014
Western Energy Companies Under Sabotage Threat - published by Symantec June 30, 2014
Havex Hunts for ICS/SCADA Systems - published by F-Secure June 23, 2014

ICSA-14-178-01 - published June 30, 2014
ICS-ALERT-14-176-02A - published June 27, 2014

List Last Updated: July 9, 2014 - 7:45am GMT

Added July 9, 2014
Motives Behind Havex ICS Malware Campaign Remain a Mystery - ThreatPost - 7/7/14
Stakes rising as malware matures - GCN - 7/7/14
Russian Programmers Look to Control-Alt-Delete U.S. Energy - Motley Fool - 7/7/14
U.S. Urges Energy Companies To Be On Guard Against Russian Cyberattacks - OilPrice.com - 7/6/14
US Midwest power grid thwarts cyberattack - Economic Times - 7/5/14
Malware Targets Industrial Controls and OPC Servers - Drives & Controls - 7/3/14
Dragonfly and cybercrime: A global threat needs a global response - Oil & Gas Technology - 7/3/14
US Energy Firms Report Cyber Attacks - TechWeek Europe - 7/3/14
An anti-US Stuxnet? Startling attack against industrial complex revealed - CSM - 7/1/14
Havex Malware Targets ICS/SCADA Systems - Cimation - 6/30/14

Operation Dragonfly Imperils Industrial Protocol - McAfee (Samani) - 7/2/14
Russia attacks U.S. oil and gas companies in massive hack - CNN - 7/2/14
Hackers Find Open Back Door to Power Grid With Renewables - Bloomberg - 7/2/14
Hackers attacking oil, gas companies using 'Energetic Bear' - FoxNews - 7/1/14
Energy firms hacked by 'cyber-espionage group Dragonfly' - BBCNews - 7/1/14
Dragonfly Russian Hackers Target 1000 Western Energy Firms - Hacker News - 7/1/14
Energy Companies Face Threats From Group Linked to Defense Industry Attacks - WSJ - 6/30/14
Energy Companies Hit by Cyber Attack from Russia-linked Group - Financial Times - 6/30/14
ICS Malware Found on Vendors' Update Installers - ThreatPost - 6/30/14
Dragonfly: Western Energy Companies Under Sabotage Threat - Symantec - 6/30/14
Havex SCADA RAT Summary Report: Analyst Feedback and Remediations - CWZ - 6/27/14
Attackers fling Stuxnet-style RATs at critical control software in EUROPE - The Register - 6/26/14
DHS Investigating Havex Trojan Which Targets Energy Companies - WSJ - 6/26/14
'Havex' malware strikes industrial sector via watering hole attacks - SC Magazine - 6/25/14
New Havex malware variants target industrial control system, SCADA users - ComputerWorld - 6/24/14
New Havex malware variants target industrial control system and SCADA users - PCWorld - 6/24/14
Havex Hunts for ICS/SCADA Systems - F-Secure - 6/23/14
Talk2M Incident Report - eWon - 1/30/14

Latest News from Google

dragonfly ics scada compromise - 7/3/14 - OpenIOC (IOCBucket.com)
havex rat - 6/29/14 - YARA - (IOCBucket.com)
havex ics_scada espionage malware - 6/27/14 - OpenIOC (IOCBucket.com)

Madiant OpenIOC Editor/Viewer

Cyberespionage Campaign Hits Energy Companies ( US format | A4 format )

Global Threat Report 2013 - (Crowd Strike)

Havex OPC Payload - String Definitions Sample
Images by SCADAhacker



Havex OPC Payload - Executable Code Sample
Images by SCADAhacker



Indicators of Compromise
Software by Mandiant / Images by SCADAhacker



Dragonfly/Havex Timeline
Source: Symantec