Collaborate Disseminate
In recent years, we have observed various trends in the changing threat landscape for industrial enterprises. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming year. Continue reading Threats to ICS and industrial enterprises in 2022
We deliver a range of services: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or complementary expert activities for their internal incident response teams. Continue reading Incident response analyst report 2020
Statistics on industrial automation system threats in the first half of 2021: by Kaspersky ICS CERT: share of attacked ICS computers, detected malware etc. Continue reading Threat landscape for industrial automation systems in H1 2021
During the reported period, our MDR processed approximately 65 000 alerts, followed by an investigation that resulted in 1 506 incidents reported to customers, approximately 93% of which were mapped to the MITRE ATT&CK framework. Continue reading Managed Detection and Response in Q4 2020
We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS. Continue reading Wildpressure targets the macOS platform
We continued our observations and identified a number of trends that could, in our opinion, be due to circumstances connected with the pandemic in one way or another, as well as the reaction of governments, organizations and people to these circumstances. Continue reading Threat landscape for industrial automation systems. Statistics for H2 2020
In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns. Continue reading Lazarus targets defense industry with ThreatNeedle
In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. Continue reading Attacks on industrial enterprises using RMS and TeamViewer: new data
In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. The malware authors named the toolset “MT3”; following this abbreviation we have named the toolset “MontysThree”. Continue reading MontysThree: Industrial espionage with steganography and a Russian accent on both sides
Now, this unique year presents us with a new surprise: the second SAS in one calendar year! Once again, everyone can visit this online event. Continue reading SAS@Home is back this fall