Energetic Bear, the name CrowdStrike has given the attack group, is also known as Crouching Yeti by Kaspersky, Koala Team by iSIGHT Partners, and Dragonfly by Symantec. This group focuses on aviation, defense, energy, industrial controls systems (ICS), and petroleum pipeline operators. Spear phishing and watering hole attacks are also its initial vectors.
Since Russia’s cyber-attacks on the former Soviet state of Estonia in 2007, government analysts and security researchers have kept watch on Russian cyber-operations. In 2013, security firm Kaspersky Lab detailed a five-year operation, attributed to Russia and known as Red October. In 2014, three other major operations came to light—Uroburos, Energetic Bear and APT28—
For each espionage operation, Recorded Future collected the names by which the campaigns were identified, the names of the tools used in each attack and how the attacks were delivered.
Even a simple issue such as the name of an operation is made more complex because security firms typically label each operation differently. For example, Energetic Bear, a named coined by security services firm Crowdstrike, is known as Crouching Yeti by Kaspersky, Koala Team by iSight Partners, and Dragonfly by Symantec. The sheer variety of names used for each operation has complicated analyses, Ahlberg said.
http://www.eweek.com/security/cyber-threats-ascribed-to-russia-crafted-to-hunt-specific-data