Updated MATA attacks industrial companies in Eastern Europe

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry. Continue reading Updated MATA attacks industrial companies in Eastern Europe

Focus on DroxiDat/SystemBC

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack. Continue reading Focus on DroxiDat/SystemBC

Common TTPs of attacks against industrial organizations

In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Continue reading Common TTPs of attacks against industrial organizations

Threat landscape for industrial automation systems for H2 2022

In H2 2022, the percentage of ICS computers on which malicious objects were blocked increased by 3.5 percentage points compared to the previous six-month period, reaching 34.3%. Continue reading Threat landscape for industrial automation systems for H2 2022

Reassessing cyberwarfare. Lessons learned in 2022

In this report, we propose to go over the various activities that were observed in cyberspace in relation to the conflict in Ukraine, understand their meaning in the context of the current conflict, and study their impact on the cybersecurity field as a whole. Continue reading Reassessing cyberwarfare. Lessons learned in 2022

ICS cyberthreats in 2023 – what to expect

The coming year looks to be much more complicated. In the post we share some of our thoughts on potential developments of 2023, though we cannot claim to be providing either a complete picture or a high degree of precision. Continue reading ICS cyberthreats in 2023 – what to expect