Home / Reports


Threat landscape for industrial automation systems. Statistics for H1 2021

09 September 2021

In H1 2021, the percentage of ICS computers on which malicious objects were blocked was 33.8%, which was 0.4 p.p. more than in H2 2020.
DarkChronicles: the consequences of the Colonial Pipeline attack

21 May 2021

This article began as an overview of the Colonial Pipeline incident. However, the events unfolded so rapidly that the scope of the publication has gone beyond a single incident.
Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks

07 April 2021

An incident investigation conducted by Kaspersky ICS CERT experts at one of the attacked enterprises revealed that attacks of the Cring ransomware exploit a vulnerability in FortiGate VPN servers.
APT attacks on industrial companies in 2020

29 March 2021

Since 2018, Kaspersky ICS CERT has published annual summaries of advanced persistent threat (APT) activity targeting industrial-related organizations.
Threat landscape for industrial automation systems. Statistics for H2 2020

25 March 2021

The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Threat landscape for the ICS engineering and integration sector. 2020

17 March 2021

The threat landscape for computers in the ICS engineering and integration sector varies depending on a computer’s environment, including its geographical location, ability to access external networks and services, and user behavior.
Lazarus targets defense industry with ThreatNeedle

25 February 2021

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
SunBurst industrial victims

26 January 2021

We were specifically interested in analyzing how many industrial organizations used backdoored SolarWinds versions and fell victim to the attack.
ICS threat predictions for 2021

02 December 2020

We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.
Attacks on industrial enterprises using RMS and TeamViewer: new data

05 November 2020

This report in a nutshell Technical Analysis Spreading Malware Features Infrastructure Victims Attribution Conclusions. Recommendations Appendix I – Indicators of Compromise Appendix II – MITRE ATT&CK Mapping In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the...