28 February 2022
APT attacks on industrial companies in H2 2021This summary provides an overview of APT attacks on industrial enterprises disclosed in H2 2021.
Filter
19 January 2022
Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networksTargets of spyware attacks in which each malware sample has a limited-scope and a short lifetime include industrial enterprises. Victim organizations’ SMTP services are abused to send phishing emails and collect stolen data.
30 December 2021
Log4Shell at industrial enterprisesAlthough it is still difficult to say to what extent vulnerable ICS systems are exposed to potential attacks, we hope that, unlike IT infrastructures, most vulnerable OT systems cannot accept inputs coming from untrusted sources.
16 December 2021
PseudoManuscrypt: a mass-scale spyware attack campaignKaspersky products blocked PseudoManuscrypt on more than 35,000 computers in 195 countries of the world. Targets of attacks include a significant number of industrial and government organizations, including enterprises in the military-industrial complex and research laboratories.
23 November 2021
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021In recent years, we have observed various trends in the changing threat landscape for industrial enterprises, most of which have been evolving for some time. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming year.
26 October 2021
APT attacks on industrial organizations in H1 2021This summary provides an overview of APT attacks on industrial enterprises disclosed in H1 2021.
09 September 2021
Threat landscape for industrial automation systems. Statistics for H1 2021The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
21 May 2021
DarkChronicles: the consequences of the Colonial Pipeline attackThis article began as an overview of the Colonial Pipeline incident. However, the events unfolded so rapidly that the scope of the publication has gone beyond a single incident.
07 April 2021
Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacksAn incident investigation conducted by Kaspersky ICS CERT experts at one of the attacked enterprises revealed that attacks of the Cring ransomware exploit a vulnerability in FortiGate VPN servers.
29 March 2021
APT attacks on industrial companies in 2020Overview of APT attacks on industrial enterprises information on which was published in 2020.
Filter
Filter
10 January 2020
Dustman wiper attack on Bapco oil companyDustman is an upgraded version of the ZeroCleare wiper. The attack exploited a vulnerability in VPN appliances
30 December 2019
Ryuk ransomware attacks unnamed US maritime transportation facilityThe infection affected the facility’s corporate network and industrial control systems that control cargo transfer. The primary operations of the facility were shut down for over 30 hours
24 December 2019
German cities under attack by Emotet botnetEmotet was distributed via phishing emails and was used to deploy ransomware
20 December 2019
Multiple vulnerabilities in WAGO PLCsNine vulnerabilities have been identified in WAGO PFC200 and PFC100 PLCs. They could lead to arbitrary code execution or cause denial of service
20 December 2019
More ransomware attacksVictims of the latest attacks include Pensacola and New Orleans city administrations in the US and a hospital in Benešov (Czech Republic)
19 December 2019
Multiple vulnerabilities in Modicon controllersIf exploited, the vulnerabilities could result in denial of service. They can be fixed by updating device firmware
18 December 2019
Multiple vulnerabilities in SPPA-T3000 componentsVulnerabilities have been identified in SPPA-T3000 Application Server and MS3000 Migration Server. Some of the faults are critical and could allow attackers to execute arbitrary code on the server
17 December 2019
Multiple vulnerabilities in Siemens productsVulnerable solutions include SiNVR 3, XHQ Operations Intelligence, RUGGEDCOM ROS, and Siemens EN100
01 October 2019
Vulnerability in Cisco IOS and IOS XE affecting industrial routersAffected devices include Cisco 800 Series industrial routers and Cisco 1000 Series Connected Grid Routers (CGR 1000)
01 October 2019
Cyberattack on Rheinmetall technology groupA malware attack has disrupted production at Rheinmetall Group plants in three countries. The company expects it to take 2 to 4 weeks to eliminate the disruption