Filter
25 February 2021
Lazarus targets defense industry with ThreatNeedleIn mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
26 January 2021
SunBurst industrial victimsHow many industrial organizations had installed backdoored SolarWinds versions? We present the results of our analysis.
08 October 2020
MontysThree: Industrial espionage with steganography and a Russian accent on both sidesIn Summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018.
24 April 2020
Threat landscape for industrial automation systems. Ransomware and other malware: key events of H2 2019This section presents an overview of threats related to ransomware activity against municipal institutions, industrial enterprises and critical infrastructure facilities.
26 March 2020
WildPressure targets industrial-related entities in the Middle EastWe found just three almost unique samples, all in one country. So we consider the attacks to be targeted and have currently named this operation WildPressure.
26 March 2018
Threat Landscape for Industrial Automation Systems in H2 2017In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017.
28 September 2017
Threat Landscape for Industrial Automation Systems in H1 2017Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the results of its research on the threat landscape for industrial automation systems for the first six months of 2017.
22 June 2017
WannaCry on industrial networks: error correctionDuring the period from 12 to 15 May 2017, numerous companies across the globe were attacked by a network cryptoworm called WannaCry. The worm’s victims include various manufacturing companies, oil refineries, city infrastructure objects and electrical distribution network facilities.
Filter
06 August 2018
APT group called RASPITE attacks industrial enterprisesDragos has published information on a newly-identified APT group, which it calls RASPITE. According to Dragos, the group's activity overlaps significantly with that of Leafminer, a group identified earlier by Symantec
26 June 2018
Cyberattack on satellite communications companiesIn a cyberattack on organizations in the US and Southeast Asia, hackers have used legitimate tools to infect systems that monitor and control communications satellites
28 May 2018
VPNFilter malware can be used to detect SCADA equipmentCisco Talos researchers have detected new malware, which has been dubbed VPNFilter. To date, the malware has infected at least 500,000 routers and network-attached storage (NAS) devices in 54 countries of the world.
27 February 2018
OMG botnet turns infected devices into proxy serversA new variant of the Mirai botnet can set up proxy servers on infected IoT devices
18 December 2017
TRITON attack. Comment by Kaspersky Lab ICS CERT expertThe TRITON attack demonstrates an important property of attacks on industrial enterprises: they may show no signs of malicious computer activity.
14 December 2017
The brief awakening of the Satori botnetThe Satori botnet has used embedded exploits to attack ports 37215 and 52869. After reaching the size of 280,000 active bots, the botnet has suddenly folded its operations.
04 December 2017
New Mirai VariantA new variant of the Mirai malware infects vulnerable ZyXEL devices, making them part of a botnet.
09 November 2017
New Botnet Recruits IoT Devices Across the GlobeThe Reaper IoT botnet includes about 10-20 thousand infected devices, with some of these devices possibly being used by industrial enterprises, hospitals, railway terminals and airports
26 October 2017
Bad Rabbit, Brother of [Ex]PetrKaspersky Lab experts believe that the same threat actor is behind ExPetr and Bad Rabbit
07 September 2017
New Wave of Cyberattacks in the Energy Sector of Europe and North AmericaSymantec has published a report on new cyberattacks targeting the energy sector in Europe and North America.
Filter