28 February 2022
APT attacks on industrial companies in H2 2021This summary provides an overview of APT attacks on industrial enterprises disclosed in H2 2021.
Publications
Filter
16 December 2021
PseudoManuscrypt: a mass-scale spyware attack campaignKaspersky products blocked PseudoManuscrypt on more than 35,000 computers in 195 countries of the world. Targets of attacks include a significant number of industrial and government organizations, including enterprises in the military-industrial complex and research laboratories.
23 November 2021
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021In recent years, we have observed various trends in the changing threat landscape for industrial enterprises, most of which have been evolving for some time. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming year.
26 October 2021
APT attacks on industrial organizations in H1 2021This summary provides an overview of APT attacks on industrial enterprises disclosed in H1 2021.
29 March 2021
APT attacks on industrial companies in 2020Overview of APT attacks on industrial enterprises information on which was published in 2020.
25 February 2021
Lazarus targets defense industry with ThreatNeedleIn mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
02 December 2020
ICS threat predictions for 2021We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.
24 April 2020
Threat landscape for industrial automation systems. APT attacks on industrial companies in 2019Overview of APT attacks on industrial enterprises information on which was published in 2019.
27 March 2019
Threat landscape for industrial automation systems. H2 2018Main events of the six-month period, vulnerabilities identified in 2018, relevant threats, and statistics from ICS computers protected by Kaspersky products.
24 January 2019
GreyEnergy’s overlap with ZebrocyZebrocy is the name given to a subset of the Sofacy group (aka Fancy Bear, Sednit, APT28, Tsar Team, etc.). GreyEnergy and Zebrocy used the same servers at the same time and attacked the same organization.
Filter
19 October 2018
New GreyEnergy malware attacks industrial networksExperts point to the similarities between the new malware and BlackEnergy, and a possible connection of the attacks with the TeleBots criminal group
06 August 2018
APT group called RASPITE attacks industrial enterprisesDragos has published information on a newly-identified APT group, which it calls RASPITE. According to Dragos, the group's activity overlaps significantly with that of Leafminer, a group identified earlier by Symantec
25 October 2017
US-CERT Reports APT Attack on Critical InfrastructureUS-CERT has published a report on a targeted (APT) attack on government entities and organizations in energy, nuclear, aviation and other sectors. The attackers were interested in documents on industrial processes in targeted organizations.