Also known to some vendors as Energetic Bear, the Dragonfly attack is an advanced persistent threat publicized in 2014 initially targets defence and aviation companies in the US and Canada. Moving to targeting strategically important organizations from the energy and pharmaceutical sectors, Dragonfly has a range of malware tools at its disposal for capabilities such as espionage. The attacks involve the installation of Remote Access Tools, seemingly for the purpose of information theft. Three attack vectors were carried out namely: email spear phishing, a watering-hole attack designed to compromise Industrial Control System (ICS) vendors' systems, and a trojanized software designed to spread from the compromised ICS vendors to their customers' systems.