Nation-state actors are trying to gain access to vital industrial control systems at US energy companies and other critical infrastructure organizations. The threat activity has been ongoing since at least May 2017 and appears to be the handiwork of the Dragonfly advanced persistent threat (APT) group. Dragonfly, also known as Energetic Bear, is a Russia-linked group suspected of numerous attacks on organizations in the manufacturing, pharmaceutical, industrial, and construction sectors globally since 2011. The group has been using a combination of tactics and techniques to break into victim networks including open-source reconnaissance, spear-phishing emails from compromised legitimate accounts.”]