Kaspersky ICS CERT

Featured in: Favicon

kaspersky.com Favicon

cioafrica.co

Articles

SideWinder APT’s post-exploitation framework analysis

Oct 15, 2024 | securelist.com | Alexander Kryazhev |Denis Sitchikhin |Mohamad Amin Hasbini |Kaspersky ICS CERT

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been military and government entities in Pakistan, Sri Lanka, China and Nepal.
Analyzing the Awaken Likho APT group implant: new tools and techniques

Oct 7, 2024 | securelist.com | Kaspersky ICS CERT |Anna Larkina |Flavio Negrini |Anna Pavlovskaya

IntroductionIn July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat actor we named Awaken Likho (also named by other vendors as Core Werewolf).
Threat landscape for industrial automation systems, Q2 2024

Sep 26, 2024 | securelist.com | Kaspersky ICS CERT |Artem Ushkov |Anna Pavlovskaya

Statistics across all threatsIn the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%. The percentage has decreased by 3.3 pp compared to the second quarter of 2023, when the indicator reached its highest level since records began in 2022. Regions rankingIn most regions, the percentage of ICS computers that blocked malicious objects decreased compared to the first quarter of 2024.
CloudSorcerer APT uses cloud services and GitHub as C2

Jul 8, 2024 | securelist.com | Sergey Lozhkin |Alexey Antonov |Kaspersky ICS CERT |Georgy Kiguradze

In May 2024, we discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens.
New cyberthreat research for SMB in 2024

Jun 25, 2024 | securelist.com | Kaspersky ICS CERT |Georgy Kiguradze |Olga Svistunova |Anton Kivva

Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges . The cost of data breaches can cripple operations, making preventive measures essential. This is a growing tendency that continues to pose a challenge for businesses.
Cinterion EHS5 3G UMTS/HSPA Module Research

Jun 13, 2024 | securelist.com | Kaspersky ICS CERT |Anton Kivva |David Emm |Dmitry Kachan

Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many product developers do not think of protecting their device from a potential modem compromise.
How scammers bypass 2FA

Jun 10, 2024 | securelist.com | Olga Svistunova |Dmitry Kachan |Alina Sukhanova |Kaspersky ICS CERT

IntroductionTwo-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today’s websites offer some form of it, and some of them won’t even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain types of organizations to protect users’ accounts with 2FA.
Malware report Q1 2024 - quarter review

Jun 3, 2024 | securelist.com | David Emm |Dmitry Kachan |Alina Sukhanova |Kaspersky ICS CERT

IT threat evolution Q1 2024IT threat evolution Q1 2024. Mobile statisticsIT threat evolution Q1 2024.
Kaspersky crimeware report: GoPIX, Lumar, and Rhysida.

Oct 24, 2023 | securelist.com | Kaspersky ICS CERT |Vladislav Tushkanov |Anna Larkina |Dmitry Galov

IntroductionAs a cybersecurity company, Kaspersky is constantly dealing with known and brand-new malware samples. As part of our crimeware reporting service, we provide our customers with technical reports on the evolution of existing crimeware families, as well as newly emerging ones.
Updated MATA attacks industrial companies in Eastern Europe

Oct 18, 2023 | securelist.com | Kaspersky ICS CERT |Vladislav Tushkanov |Anna Larkina |Giampaolo Dedola

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. As we were collecting and analyzing the relevant telemetry data, we realized the campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry.