18 October 2023
Updated MATA attacks industrial companies in Eastern Europe
Kaspersky experts discovered several detections of malware from the MATA cluster, previously attributed to the Lazarus group, compromising defense contractor companies in Eastern Europe.
25 September 2023
APT and financial attacks on industrial organizations in H1 2023
An overview of reports of APT and financial attacks on industrial enterprises, as well as related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities
10 August 2023
Common TTPs of attacks against industrial organizations. Implants for uploading data
In this part we present information on the four types of implants and two tools used during the last (third) stage of the attacks discovered.
31 July 2023
Common TTPs of attacks against industrial organizations. Implants for gathering data
This part of the research is devoted to second stage malware used to gather data on infected systems of industrial organizations.
20 July 2023
Common TTPs of attacks against industrial organizations. Implants for remote access
In this article (which is the first part of the report) we analyze common TTPs of implants used by threat actors to establish a persistent remote access channel into the infrastructure of industrial organizations.
22 November 2022
ICS cyberthreats in 2023 – what to expect
Cybersecurity incidents were plentiful in 2022, causing many problems for industrial infrastructure owners and operators. Below we share some of our thoughts on potential developments of 2023, though we cannot claim to be providing either a complete picture or a high degree of precision.
08 September 2022
H1 2022 – a brief overview of the main incidents in industrial cybersecurity
Events in the cybersecurity world, including ICS, were intense in H1 2022.
08 August 2022
Targeted attack on industrial enterprises and public institutions
The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions. The goal of this series of attacks was cyberespionage.
27 June 2022
Attacks on industrial control systems using ShadowPad
A previously unknown Chinese-speaking threat actor attacking telecommunications, manufacturing, and transport organizations in several Asian countries. The group exploits MS Exchange vulnerability to deploy ShadowPad malware and infiltrates building automation systems of one of the victims.
28 February 2022
APT attacks on industrial companies in H2 2021
This summary provides an overview of APT attacks on industrial enterprises disclosed in H2 2021.