Home / Reports


Lazarus targets defense industry with ThreatNeedle

25 February 2021

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
SunBurst industrial victims

26 January 2021

We were specifically interested in analyzing how many industrial organizations used backdoored SolarWinds versions and fell victim to the attack.
ICS threat predictions for 2021

02 December 2020

We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.
Attacks on industrial enterprises using RMS and TeamViewer: new data

05 November 2020

This report in a nutshell Technical Analysis Spreading Malware Features Infrastructure Victims Attribution Conclusions. Recommendations Appendix I – Indicators of Compromise Appendix II – MITRE ATT&CK Mapping In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the...
Practical example of fuzzing OPC UA applications

19 October 2020

We continue to describe our approaches to searching for vulnerabilities in industrial systems based on the OPC UA protocol. In this article, we examine new techniques that can be used to search for memory corruption vulnerabilities if the source code is available. We also discuss an example of fuzzing using libfuzzer.
What it feels like for a turbine

13 October 2020

The goal of the article is to raise awareness on security of Distributed Control Systems (DCS), propose a methodology for assessment, and a remediation strategy. Defenders are always behind attackers, and this publication is trying to balance things out.
MontysThree: Industrial espionage with steganography and a Russian accent on both sides

08 October 2020

In Summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018.
Threat landscape for industrial automation systems. H1 2020

24 September 2020

Contents H1 2020 Report at a glance Overall downward trend for percentages of attacked computers globally Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. In H1 2020 the percentage of ICS computers on which malicious...
The State of Industrial Cybersecurity 2020

15 September 2020

In 2020 ARC Advisory Group on behalf of Kaspersky conducted a survey on the state of industrial cybersecurity, as well as the current priorities and challenges of industrial organizations. More than 330 industrial companies and organizations across the globe were surveyed online and 10 industry representatives were interviewed at trade fairs and ARC forums worldwide....
Cyberthreats for ICS in Energy in Europe. Q1 2020

31 August 2020

Object of research Computers in European countries which are used to configure, maintain and control equipment in the energy industry on which Kaspersky products are installed. This includes Windows computers on which various software packages for the energy industry are installed, including but not limited to human-machine interface (HMI), OPC gateway, engineering, control and data...