Publications
Services
Advisories
Statistics

Publications
Services
Advisories
Statistics

Publications

Reports

Blog

Events

Filter

16 December 2021

PseudoManuscrypt: a mass-scale spyware attack campaign

Kaspersky products blocked PseudoManuscrypt on more than 35,000 computers in 195 countries of the world. Targets of attacks include a significant number of industrial and government organizations, including enterprises in the military-industrial complex and research laboratories.

APT,
buildings automation,
cyberespionage,
ICS engineering,
Lazarus,
Manuscrypt,
PseudoManuscrypt

25 February 2021

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

APT,
COVID-19,
Lazarus,
Manuscrypt,
ThreatNeedle

Select a date

Select an author 22

All authors

Sergey Anufrienko

Vasily Buzoverya

Pavel Cheremushkin

Yuliya Dashchenko

Vladimir Dashchenko

Maria Garnaeva

Evgeny Goncharov

Nikita Komarov

Vyacheslav Kopeytsev

Alexander Kozlov

Kirill Kruglov

Andrey Lavrentyev

Sergey Melnikov

Andrey Muravitsky

Pavel Nesterov

Alexander Nikolaev

Alexander Nochvay

Anastasiya Oblogina

Ekaterina Rudina

Artem Snegirev

Sergey Temnikov

Artem Zinenko

APT 30

Andariel

APT29

APT31

APT41

APT43

APT overview

Budworm

Cloud Atlas/Inception

Crouching Yeti

Earth Longzhi

Energetic Bear

EV-0530

GreyEnergy

IRIDIUM/Sandworm

Lancefly

Lazarus

Mint Sandstorm

POLONIUM

Sofacy

TA423/Red Ladon

TA428

Tortoiseshell

Tropic Trooper

UNC3890

UNC4034/ZINC

Volt Typhoon

Woody Rat

Worok

YoroTrooper

Zebrocy

Companies and organisations 13

CISA

Colonial Pipeline

Fibaro

Gemalto

General Electric

IIC

Moxa

OPC Foundation

Rockwell Automation

Schneider Electric

Siemens

Telit

vendors

Industrial control systems 4

ICS security

industrial cybersecurity

statistics

сyberincidents overview

Industries 29

aerospace

automotive

biometrics

buildings automation

construction

electronics industry

energy sector

food & beverage

government

healthcare

ICS engineering

ICS integration

industrial automation

irrigation

logistics

manufacturing

metallurgy

military-defense

mining

oil & gas

pharmaceutical

retail

robotics

shipbuilding

textile

transportation

utilities

waste recycling

water supply

Laws and regulation 7

automotive cybersecurity

aviation cybersecurity

biometric data

critical infrastructure

ISO/SAE 21434

legislation

UN R 155

Malware 30

CloudWizard

CommonMagic

CrashOverride/Industroyer

Cring

DarkSide

Expetr

FourteenHi

GandCrab

Kryptik

LockerGoga

Log4Shell

Manuscrypt

MATA

MeatBall

Milum

MontysThree

PlugX

PseudoManuscrypt

RA

REvil

RobinHood

RomCom

Royal

Ryuk

ShadowPad

Snake

SunBurst

ThreatNeedle

Vice Society

WannaCry

Products and services 14

Centurion

Codesys

Codesys Runtime

Fibaro Home Center

FortiGate

ISaGRAF

Log4j

Machine Learning for Anomaly Detection

MOVEit MFT

RMS

SafeNet

SPPA-T3000

TeamViewer

ThingsPro Suite

Technologies 28

802.11

Air-gapped networks

artificial Intelligence

cameras

cloud services

dataleak

digital twins

firmware

fuzzing

HSPA

IoT

Java

miners

network equipment

OPC UA

quantum computing

RAT

RDP

SMTP

steganography

UMAS

UMTS

unitronics

USB removable media

VNC

VPN

Wi-Fi

WPA2

Types of threats 29

0-day

abuse of IT services

adversary-in-the-middle

APT

backdoor

business email compromise

COVID-19

cyberespionage

data leakage

data loss

denial of IT services

denial of operations

denial of production

denial of service

denial of shipment

DLL hijacking

fatalrat

hacktivists

KRACK

living-off-the-land

malware

personal data leakage

phishing

ransomware

spyware

Stolen data exfiltration

supply chain

trojans

vulnerabilities

Filter

Select a date

Select an author 6

All authors

Vladimir Dashchenko

Evgeny Goncharov

Vyacheslav Kopeytsev

Sergey Melnikov

Ekaterina Rudina

Marcel Strecker

APT 1

GreyEnergy

Companies and organisations 51

ABB

Abbott

Advantech

Allen-Bradley

ASCO Industries

AVEVA

Bapco

Beckhoff

BlueScope

Circontrol

Claroty

DESMI

Dragos

Elexon

Emerson

Energias de Portugal

ENISA

Entes

EZAutomation

FIRST

Fuji Electric

General Electric

IIC

Intel

Martem

MITRE

Mitsubishi Electric

Moxa

NCA

NIST

Norsk Hydro

OPC Foundation

Opto22

Palo Alto Networks

Phoenix Contact

Picanol Group

Princeton University

Red Lion Controls

Red Team

Rheinmetall Group

Rockwell Automation

Schneider Electric

Siemens

Stadler

Symantec

US-CERT

US Coast Guard

WAGO

Wecon

Yokogawa

Zelio Soft

Events and conferences 2

IT Security for Industrial Systems

Kaspersky Industrial Cybersecurity Conference 2019

Industrial control systems 5

ICS security

industrial cybersecurity

Industry 4.0

IoT Security Maturity Model

smart manufacturing

Industries 4

energy sector

healthcare and medical

smart cities

water supply

Laws and regulation 4

automotive cybersecurity

critical infrastructure

cyber weapon

legislation

Malware 25

Bad Rabbit

Dragonfly

Dustman

Emotet

Expetr

Leafminer

MartyMcFly

Maze

Mirai

OMG

PoetRAT

Ragnar Locker

RASPITE

Reaper

REvil

Ryuk

Satori

Shamoon

Sodinokibi

Thrip

TrickBot

TRITON

VPNFilter

Yoroi

ZeroCleare

Products and services 58

ABB 800xA

ABB Panel Builder 600

Advantech WebAccess

Alpha5

AMS Device Manager

Automation Worx Software Suite

CirCarLife

Cisco Industrial Network Director

Cisco IOS

Cisco Talos

Codesys

Crimson

Delta Industrial Automation

DeltaV

Dnsmasq

e!DISPLAY

EZ PLC Editor

EZ Touch Editor

Floating License Manager

FL SWITCH

FR Configurator2

FRENIC

GP-Pro EX

IIoT Monitor

Interactive Graphical SCADA System

LeviStudioU

Modicon

Nari PCS-9611

NPort

Optergy Proton/Enterprise

PAC Control Basic

PAC Control Professional

PACSystems

Panel Builder

PCS7

PC Worx

PowerLogic

SCALANCE

SESU

SICK MSC800

SIMATIC

SIMATIC PCS 7

SIMATIC WinCC

SINUMERIK

SiNVR 3

SIPROTEC

SPPA-T3000

Stratix

TD Keypad Designer

TELEM-GW6/GWM

TIA Administrator

TIM 1531 IRC

TwinCAT

U.motion Builder

WebAccess/NMS

Wecon PI Studio

WinCC

XHQ Operations Intelligence

Technologies 13

Bluetooth

cryptominers

HMI

industrial managed switches

industrial networks

IoT

NAT

Open Platform Communications

PLC

RAT

satellite communications

TCP/IP

USB removable media

Types of threats 25

APT

argument injection

BlueBorne

botnets

buffer overflow

COVID-19

denial of service

FragmentSmack

improper privilege management

initial access

IoT botnet

KRACK

Meltdown

MitM

path traversal

phishing

privilege escalation

ransomware

remote code execution

SegmentSmack

Spectre

SQL injection

TTP

vulnerabilities

XXE

Filter

Select a date

Companies and organisations 6

Fraunhofer IOSB

Kaspersky

Kaspersky ICS CERT

MIT

TÜV Austria

UC Berkeley

Conferences 4

Kaspersky Industrial CTF

Kaspersky Industrial Cybersecurity Conference

Kaspersky Security Analyst Summit

S4x19

Products and services 1

KICS for Networks

Technologies 1

IoT

Types of events 8

attack and defense CTF

capture the flag

conference

ICS detection challenge

industrial CTF

seminar

training

webinar

Select a date

Select an author 22

All authors

Sergey Anufrienko

Vasily Buzoverya

Pavel Cheremushkin

Yuliya Dashchenko

Vladimir Dashchenko

Maria Garnaeva

Evgeny Goncharov

Nikita Komarov

Vyacheslav Kopeytsev

Alexander Kozlov

Kirill Kruglov

Andrey Lavrentyev

Sergey Melnikov

Andrey Muravitsky

Pavel Nesterov

Alexander Nikolaev

Alexander Nochvay

Anastasiya Oblogina

Ekaterina Rudina

Artem Snegirev

Sergey Temnikov

Artem Zinenko

APT 30

Andariel

APT29

APT31

APT41

APT43

APT overview

Budworm

Cloud Atlas/Inception

Crouching Yeti

Earth Longzhi

Energetic Bear

EV-0530

GreyEnergy

IRIDIUM/Sandworm

Lancefly

Lazarus

Mint Sandstorm

POLONIUM

Sofacy

TA423/Red Ladon

TA428

Tortoiseshell

Tropic Trooper

UNC3890

UNC4034/ZINC

Volt Typhoon

Woody Rat

Worok

YoroTrooper

Zebrocy

Companies and organisations 13

CISA

Colonial Pipeline

Fibaro

Gemalto

General Electric

IIC

Moxa

OPC Foundation

Rockwell Automation

Schneider Electric

Siemens

Telit

vendors

Industrial control systems 4

ICS security

industrial cybersecurity

statistics

сyberincidents overview

Industries 29

aerospace

automotive

biometrics

buildings automation

construction

electronics industry

energy sector

food & beverage

government

healthcare

ICS engineering

ICS integration

industrial automation

irrigation

logistics

manufacturing

metallurgy

military-defense

mining

oil & gas

pharmaceutical

retail

robotics

shipbuilding

textile

transportation

utilities

waste recycling

water supply

Laws and regulation 7

automotive cybersecurity

aviation cybersecurity

biometric data

critical infrastructure

ISO/SAE 21434

legislation

UN R 155

Malware 30

CloudWizard

CommonMagic

CrashOverride/Industroyer

Cring

DarkSide

Expetr

FourteenHi

GandCrab

Kryptik

LockerGoga

Log4Shell

Manuscrypt

MATA

MeatBall

Milum

MontysThree

PlugX

PseudoManuscrypt

RA

REvil

RobinHood

RomCom

Royal

Ryuk

ShadowPad

Snake

SunBurst

ThreatNeedle

Vice Society

WannaCry

Products and services 14

Centurion

Codesys

Codesys Runtime

Fibaro Home Center

FortiGate

ISaGRAF

Log4j

Machine Learning for Anomaly Detection

MOVEit MFT

RMS

SafeNet

SPPA-T3000

TeamViewer

ThingsPro Suite

Technologies 28

802.11

Air-gapped networks

artificial Intelligence

cameras

cloud services

dataleak

digital twins

firmware

fuzzing

HSPA

IoT

Java

miners

network equipment

OPC UA

quantum computing

RAT

RDP

SMTP

steganography

UMAS

UMTS

unitronics

USB removable media

VNC

VPN

Wi-Fi

WPA2

Types of threats 29

0-day

abuse of IT services

adversary-in-the-middle

APT

backdoor

business email compromise

COVID-19

cyberespionage

data leakage

data loss

denial of IT services

denial of operations

denial of production

denial of service

denial of shipment

DLL hijacking

fatalrat

hacktivists

KRACK

living-off-the-land

malware

personal data leakage

phishing

ransomware

spyware

Stolen data exfiltration

supply chain

trojans

vulnerabilities

Filter

Select a date

Select an author 6

All authors

Vladimir Dashchenko

Evgeny Goncharov

Vyacheslav Kopeytsev

Sergey Melnikov

Ekaterina Rudina

Marcel Strecker

APT 1

GreyEnergy

Companies and organisations 51

ABB

Abbott

Advantech

Allen-Bradley

ASCO Industries

AVEVA

Bapco

Beckhoff

BlueScope

Circontrol

Claroty

DESMI

Dragos

Elexon

Emerson

Energias de Portugal

ENISA

Entes

EZAutomation

FIRST

Fuji Electric

General Electric

IIC

Intel

Martem

MITRE

Mitsubishi Electric

Moxa

NCA

NIST

Norsk Hydro

OPC Foundation

Opto22

Palo Alto Networks

Phoenix Contact

Picanol Group

Princeton University

Red Lion Controls

Red Team

Rheinmetall Group

Rockwell Automation

Schneider Electric

Siemens

Stadler

Symantec

US-CERT

US Coast Guard

WAGO

Wecon

Yokogawa

Zelio Soft

Events and conferences 2

IT Security for Industrial Systems

Kaspersky Industrial Cybersecurity Conference 2019

Industrial control systems 5

ICS security

industrial cybersecurity

Industry 4.0

IoT Security Maturity Model

smart manufacturing

Industries 4

energy sector

healthcare and medical

smart cities

water supply

Laws and regulation 4

automotive cybersecurity

critical infrastructure

cyber weapon

legislation

Malware 25

Bad Rabbit

Dragonfly

Dustman

Emotet

Expetr

Leafminer

MartyMcFly

Maze

Mirai

OMG

PoetRAT

Ragnar Locker

RASPITE

Reaper

REvil

Ryuk

Satori

Shamoon

Sodinokibi

Thrip

TrickBot

TRITON

VPNFilter

Yoroi

ZeroCleare

Products and services 58

ABB 800xA

ABB Panel Builder 600

Advantech WebAccess

Alpha5

AMS Device Manager

Automation Worx Software Suite

CirCarLife

Cisco Industrial Network Director

Cisco IOS

Cisco Talos

Codesys

Crimson

Delta Industrial Automation

DeltaV

Dnsmasq

e!DISPLAY

EZ PLC Editor

EZ Touch Editor

Floating License Manager

FL SWITCH

FR Configurator2

FRENIC

GP-Pro EX

IIoT Monitor

Interactive Graphical SCADA System

LeviStudioU

Modicon

Nari PCS-9611

NPort

Optergy Proton/Enterprise

PAC Control Basic

PAC Control Professional

PACSystems

Panel Builder

PCS7

PC Worx

PowerLogic

SCALANCE

SESU

SICK MSC800

SIMATIC

SIMATIC PCS 7

SIMATIC WinCC

SINUMERIK

SiNVR 3

SIPROTEC

SPPA-T3000

Stratix

TD Keypad Designer

TELEM-GW6/GWM

TIA Administrator

TIM 1531 IRC

TwinCAT

U.motion Builder

WebAccess/NMS

Wecon PI Studio

WinCC

XHQ Operations Intelligence

Technologies 13

Bluetooth

cryptominers

HMI

industrial managed switches

industrial networks

IoT

NAT

Open Platform Communications

PLC

RAT

satellite communications

TCP/IP

USB removable media

Types of threats 25

APT

argument injection

BlueBorne

botnets

buffer overflow

COVID-19

denial of service

FragmentSmack

improper privilege management

initial access

IoT botnet

KRACK

Meltdown

MitM

path traversal

phishing

privilege escalation

ransomware

remote code execution

SegmentSmack

Spectre

SQL injection

TTP

vulnerabilities

XXE

Filter

Select a date

Companies and organisations 6

Fraunhofer IOSB

Kaspersky

Kaspersky ICS CERT

MIT

TÜV Austria

UC Berkeley

Conferences 4

Kaspersky Industrial CTF

Kaspersky Industrial Cybersecurity Conference

Kaspersky Security Analyst Summit

S4x19

Products and services 1

KICS for Networks

Technologies 1

IoT

Types of events 8

attack and defense CTF

capture the flag

conference

ICS detection challenge

industrial CTF

seminar

training

webinar

Filter

Newsletter subscription E-mail

Your company or organization name

Vulnerability data

Threat Information

I agree to provide my contact information to Kaspersky Lab (first name, last name, email address, phone, country postal code) to be contacted by Kaspersky Lab sales representatives by phone for a personalized offer that could be based, in particular, on geography and company size information provided; to receive information via email about Kaspersky Lab products and services including promotional offers, product updates and premium assets like white papers, webcasts, videos, events etc.; to participate in surveys to vocalize opinion on various aspects of Kaspersky Lab business, in particular, about products, and technical support. I understand that I can withdraw this consent at any time via unsubscribe link from email or via Privacy Policy

A global project run by Kaspersky to coordinate the efforts of industrial automation system vendors and industrial facility owners and operators.

Publications
Services
Advisories
Statistics
About

Download PGP/GPG key

Authorized to Use CERT™

CERT is a mark owned by
Carnegie Mellon University

© 2026 AO Kaspersky Lab

Privacy policy Terms of Use Cookies

If you have any questions remaining, please email us at ics-cert@kaspersky.com