Threat Actor Profile
Description
ALLANITEis a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within the United States and United Kingdom. The group's tactics and techniques are reportedly similar toDragonfly, althoughALLANITEs technical capabilities have not exhibited disruptive or destructive abilities. It has been suggested that the group maintains a presence in ICS for the purpose of gaining understanding of processes and to maintain persistence.[1]
Confidence Score
Tags
First Seen
Unknown
Last Updated
April 29, 2026
18 hours, 45 minutes ago
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (unmapped)
T0817
No matching TTP object yetT0852
No matching TTP object yetT0865
No matching TTP object yetT0859
No matching TTP object yetIndicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': [],
'description': 'ALLANITEis a suspected Russian cyber espionage group, that '
'has primarily targeted the electric utility sector within the '
"United States and United Kingdom. The group's tactics and "
'techniques are reportedly similar toDragonfly, '
'althoughALLANITEs technical capabilities have not exhibited '
'disruptive or destructive abilities. It has been suggested '
'that the group maintains a presence in ICS for the purpose of '
'gaining understanding of processes and to maintain '
'persistence.[1]',
'external_references': [{'external_id': 'G1000',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G1000/'}],
'id': 'threat-actor--G1000',
'metadata': {'crawled_at': '2026-04-29T14:32:23.023555+00:00',
'mitre_group_id': 'G1000',
'page_title': 'ALLANITE, Palmetto Fusion, Group G1000 | MITRE '
'ATT&CK®'},
'name': 'ALLANITE',
'type': 'threat-actor'}