16 December 2021
PseudoManuscrypt: a mass-scale spyware attack campaign
Kaspersky products blocked PseudoManuscrypt on more than 35,000 computers in 195 countries of the world. Targets of attacks include a significant number of industrial and government organizations, including enterprises in the military-industrial complex and research laboratories.
23 November 2021
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021
In recent years, we have observed various trends in the changing threat landscape for industrial enterprises, most of which have been evolving for some time. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming year.
26 October 2021
APT attacks on industrial organizations in H1 2021
This summary provides an overview of APT attacks on industrial enterprises disclosed in H1 2021.
29 March 2021
APT attacks on industrial companies in 2020
Overview of APT attacks on industrial enterprises information on which was published in 2020.
25 February 2021
Lazarus targets defense industry with ThreatNeedle
In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
02 December 2020
ICS threat predictions for 2021
We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.
24 April 2020
Threat landscape for industrial automation systems. APT attacks on industrial companies in 2019
Overview of APT attacks on industrial enterprises information on which was published in 2019.
27 March 2019
Threat landscape for industrial automation systems. H2 2018
Main events of the six-month period, vulnerabilities identified in 2018, relevant threats, and statistics from ICS computers protected by Kaspersky products.
24 January 2019
GreyEnergy’s overlap with Zebrocy
Zebrocy is the name given to a subset of the Sofacy group (aka Fancy Bear, Sednit, APT28, Tsar Team, etc.). GreyEnergy and Zebrocy used the same servers at the same time and attacked the same organization.
06 September 2018
Threat landscape for industrial automation systems: H1 2018
In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018.