17 September 2025
Detective investigation of APT and rare virus specimens: Kaspersky ICS CERT experts to present new research at KICC
The Kaspersky Industrial Cybersecurity Conference, one of the leading international events in the field of industrial cybersecurity, takes place from September 23 to 25. It is a major platform for sharing experiences and discussing the latest issues impacting cybersecurity in the industrial sector. This year, it brings together over 400 specialists from around the world.
Kaspersky ICS CERT experts will be presenting the results of their latest research at the conference.
The phishing email detective story. While investigating an attack on Russian organizations that began with a routine phishing campaign, experts identified the ”Librarian Gouls” APT group – or more precisely, individual – targeting Russian organizations to steal design documentation. The experts discovered where the attacker was from, where he lived and where he launched his attacks from, what considerations guided his choice of modus operandi, what information he attempted to obtain, how he spent his free time, and a host of other details. By luring the attacker with their honeypot, the experts learned a great deal about his toolkit.
Zero-day vulnerabilities as a threat to connected cars. A single vulnerability in a publicly available web service of a contractor could lead to the total compromise of a major automotive manufacturer’s telematics infrastructure. A practical example will be presented to highlight the risks of supply chain dependencies and the need for reliable security measures in connected automotive systems.
Supply chain attacks are behind many high-profile incidents in industrial enterprises. Detecting a malicious object that has penetrated the infrastructure through the main entrance – in an official delivery from a trusted supplier – is a daunting task. Clearly, such a threat is capable of stumping the information security team of any industrial enterprise. When it comes to trusted suppliers, discussions about trust usually end with a big question mark. The conference features examples of products from industrial suppliers that became points of entry into their customers’ networks and a means of developing an attack. Our expert also proposes a methodology for selecting products and suppliers that helps reduce the risk of a supply chain attack.
Unprotected connections between industrial networks create conditions for attacks via suppliers and trusted partners. It is commonly believed that supplier attacks are always complex and high-tech, requiring the expertise of serious hacker groups. And this is generally true. However, there are other threats that can move between technological networks with relative ease, such viruses and warms, and rare malware for AutoCAD. These malicious programs have no specific targets, only multiple possible paths of distribution. By analyzing detecting statistics obtained from the telemetry of our security solutions, experts can track the malware’s propagation paths through industrial networks, sometimes spanning dozens of organizations. Much like contrast agents in medicine, these malicious programs identify insecure connections among suppliers of industrial organizations around the world. By detecting and resolving such issues, organizations can largely protect themselves from attacks through chains of trusted partners.
The Kaspersky Industrial Cybersecurity Conference takes place from September 23 to 25, at the Mantera Resort & Congress 5* hotel in Sochi. If you would like to attend the conference, please contact the organizers. An online broadcast will be available for those who register on the conference website.