top of page

Targeted attack on industrial enterprises and public institutions

In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military industrial complex enterprises and public institutions in several Eastern European countries and Afghanistan. In the course of the research, Kaspersky was able to identify over a dozen of attacked organizations. The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions.


MALWARE FAMILIES: Ladon, PortDoor, nccTrojan, Cotx, DNSep, Logtu, CotSam

ATT&CK IDS: T1560 - Archive Collected Data, T1041 - Exfiltration Over C2 Channel, T1203 - Exploitation for Client Execution, T1193 - Spearphishing Attachment, T1049 - System Network Connections Discovery, T1547 - Boot or Logon Autostart Execution, T1592 - Gather Victim Host Information, T1590 - Gather Victim Network Information, T1001 - Data Obfuscation, T1036 - Masquerading, T1038 - DLL Search Order Hijacking, T1055 - Process Injection, T1105 - Ingress Tool Transfer, T1210 - Exploitation of Remote Services, T1053 - Scheduled Task/Job, T1558.001 - Golden Ticket

Read More:

1 view


Commenting has been turned off.
bottom of page