Home / Reports


Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021

23 November 2021

In recent years, we have observed various trends in the changing threat landscape for industrial enterprises, most of which have been evolving for some time. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming year.
APT attacks on industrial organizations in H1 2021

26 October 2021

This summary provides an overview of APT attacks on industrial enterprises disclosed in H1 2021.
Threat landscape for industrial automation systems. Statistics for H1 2021

09 September 2021

In H1 2021, the percentage of ICS computers on which malicious objects were blocked was 33.8%, which was 0.4 p.p. more than in H2 2020.
DarkChronicles: the consequences of the Colonial Pipeline attack

21 May 2021

This article began as an overview of the Colonial Pipeline incident. However, the events unfolded so rapidly that the scope of the publication has gone beyond a single incident.
Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks

07 April 2021

An incident investigation conducted by Kaspersky ICS CERT experts at one of the attacked enterprises revealed that attacks of the Cring ransomware exploit a vulnerability in FortiGate VPN servers.
APT attacks on industrial companies in 2020

29 March 2021

Since 2018, Kaspersky ICS CERT has published annual summaries of advanced persistent threat (APT) activity targeting industrial-related organizations.
Threat landscape for industrial automation systems. Statistics for H2 2020

25 March 2021

The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Threat landscape for the ICS engineering and integration sector. 2020

17 March 2021

The threat landscape for computers in the ICS engineering and integration sector varies depending on a computer’s environment, including its geographical location, ability to access external networks and services, and user behavior.
Lazarus targets defense industry with ThreatNeedle

25 February 2021

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
SunBurst industrial victims

26 January 2021

We were specifically interested in analyzing how many industrial organizations used backdoored SolarWinds versions and fell victim to the attack.