01 December 2025
APT and financial attacks on industrial organizations in Q3 2025Using of AI, trusted relationships and historical security problems of traditional OS – there are some interesting details of attacks on industrial enterprises.
Publications
Filter
20 November 2025
God Mode On: Researchers run Doom on a vehicle’s head unit after remotely attacking its modemExploiting a vulnerability identified in a modem installed in the head units of some vehicles enabled Kaspersky ICS CERT experts to gain complete control of the system.
04 September 2025
APT and financial attacks on industrial organizations in Q2 2025Spreading from a compromised organization to its peers with hijacked emails, using the ClickFix social engineering method – non-trivial tactics and techniques were reported this quarter.
13 June 2024
Cinterion EHS5 3G UMTS/HSPA Module ResearchIn the course of the modem security analysis, we found seven locally exploited vulnerabilities and one remotely exploited vulnerability. The combination of these vulnerabilities could allow an attacker to completely get control over the modem.
10 June 2024
APT and financial attacks on industrial organizations in Q1 2024This summary provides an overview of the reports of APT and financial attacks on industrial enterprises, as well as the related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities.
22 November 2022
ICS cyberthreats in 2023 – what to expectCybersecurity incidents were plentiful in 2022, causing many problems for industrial infrastructure owners and operators. Below we share some of our thoughts on potential developments of 2023, though we cannot claim to be providing either a complete picture or a high degree of precision.
29 September 2022
The secrets of Schneider Electric’s UMAS protocolThe UMAS protocol, in its implementation prior to the version in which the CVE-2021-22779 vulnerability was fixed, had significant shortcomings that had a critical effect on the security of control systems based on Schneider Electric controllers.
06 July 2022
Dynamic analysis of firmware components in IoT devicesFirmware analysis is an essential part of security research and targeted search for vulnerabilities in IoT products. This article examines conventional methods of dynamic analysis and some less obvious methods.
23 May 2022
ISaPWN – research on the security of ISaGRAF RuntimeThis report includes an analysis of the ISaGRAF framework, its architecture, the IXL and SNCP protocols and the description of several vulnerabilities the Kaspersky ICS CERT team had identified.
23 November 2021
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021In recent years, we have observed various trends in the changing threat landscape for industrial enterprises, most of which have been evolving for some time. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming year.
Filter
30 May 2023
Why APTs are so successful – stories from IR trenchesDuring IR, while trying to figure out what went wrong, we’ve found numerous issues
20 April 2022
Vulnerability in ICS: assessing the severityOn the last day of March 2022, Claroty (Team82) published an article on two vulnerabilities they had identified in Rockwell Automation products. We believe that the severity of these vulnerabilities has been significantly exaggerated. At the same time, the most dangerous vulnerability in the same products has remained unnoticed.
31 March 2022
Vulnerabilities in Tekon-Automatics solution: (ir)responsible disclosure and scope of the problemResearcher Jose Bertin described the exploitation of several vulnerabilities in a Tekon-Automatics automation solution. We analyze the real scope of what has happened and offer our take on whether this can be considered ethical vulnerability disclosure.
31 March 2021
Good old buffer overflowCISA has issued an advisory on a Rockwell Automation MicroLogix 1400 buffer overflow vulnerability
30 March 2021
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0NAT bypassing techniques recently published by researchers are particularly dangerous for OT networks of industrial enterprises
04 March 2021
More critical vulnerabilities identified in OPC protocol implementationsSolutions that use the OPC family of protocols are affected by multiple vulnerabilities that could lead to equipment failure, remote code execution or leaks of critical data
09 February 2021
Classics: vulnerabilities in web console and third-party components in Pepperl+Fuchs IO-Link-Master gatewaysThe vendor has published an advisory on vulnerabilities in multifunctional gateway devices designed to integrate different types of sensors and PLCs into industrial environments
05 February 2021
Getting back on Treck: more vulnerabilities in the infamous TCP/IP StackVulnerabilities have been identified in the IPv6 component in the Treck TCP/IP stack implementation. It is recommended that vendors of IoT devices using that implementation issue security advisories.
02 February 2021
Much ado about the certificate: what one should know about Siemens SCALANCE X switch configuration to avoid MitMSiemens has released a security alert which describes some cases of SCALANCE X-200/X-200IRT/X-300 switches using hardcoded encryption keys, making them prone to man-in-the-middle attacks
28 January 2021
Cryptographic deadly sins and the security of Modicon M100/M200/M221Weak implementation of cryptographic data protection allows various types of attacks and enables attackers to identify the key in captured traffic
Filter