Publications

25 September 2023

An overview of reports of APT and financial attacks on industrial enterprises, as well as related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities

• Andariel,
• APT,
• APT29,
• APT41,
• APT43,
• CloudWizard,
• CommonMagic,
• Earth Longzhi,
• Kryptik,
• Lancefly,
• Lazarus,
• malware,
• MATA,
• Mint Sandstorm,
• PlugX,
• RA,
• ransomware,
• RomCom,
• Royal,
• Snake,
• Sofacy,
• Tortoiseshell,
• Vice Society,
• Volt Typhoon,
• YoroTrooper

10 August 2023

In this part we present information on the four types of implants and two tools used during the last (third) stage of the attacks discovered.

• APT,
• cloud services,
• DLL hijacking,
• FourteenHi

31 July 2023

This part of the research is devoted to second stage malware used to gather data on infected systems of industrial organizations.

• Air-gapped networks,
• APT,
• DLL hijacking,
• FourteenHi,
• Stolen data exfiltration,
• USB removable media

20 July 2023

In this article (which is the first part of the report) we analyze common TTPs of implants used by threat actors to establish a persistent remote access channel into the infrastructure of industrial organizations.

• APT,
• APT31,
• cloud services,
• DLL hijacking,
• FourteenHi,
• MeatBall

22 November 2022

Cybersecurity incidents were plentiful in 2022, causing many problems for industrial infrastructure owners and operators. Below we share some of our thoughts on potential developments of 2023, though we cannot claim to be providing either a complete picture or a high degree of precision.

• APT,
• ICS security,
• industrial cybersecurity,
• phishing,
• vulnerabilities

08 September 2022

Events in the cybersecurity world, including ICS, were intense in H1 2022.

• APT,
• automotive,
• electronics industry,
• energy sector,
• hacktivists,
• oil & gas,
• ransomware

08 August 2022

The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions. The goal of this series of attacks was cyberespionage.

• APT,
• cyberespionage,
• government,
• manufacturing,
• phishing,
• TA428

27 June 2022

A previously unknown Chinese-speaking threat actor attacking telecommunications, manufacturing, and transport organizations in several Asian countries. The group exploits MS Exchange vulnerability to deploy ShadowPad malware and infiltrates building automation systems of one of the victims.

• APT,
• buildings automation,
• manufacturing,
• ShadowPad,
• transportation

28 February 2022

This summary provides an overview of APT attacks on industrial enterprises disclosed in H2 2021.

• APT

16 December 2021

Kaspersky products blocked PseudoManuscrypt on more than 35,000 computers in 195 countries of the world. Targets of attacks include a significant number of industrial and government organizations, including enterprises in the military-industrial complex and research laboratories.

• APT,
• buildings automation,
• cyberespionage,
• ICS engineering,
• Lazarus,
• Manuscrypt,
• PseudoManuscrypt