Pierluigi Paganini
September 07, 2017
While the first Dragonfly campaigns appear to have been a more reconnaissance phase, the Dragonfly 2.0 campaign seems to have destructive purposes. Symantec has spotted a new wave of cyber attacks against firms in the energy sector powered by the notorious Dragonfly group. The Dragonfly group, also known as Energetic Bear, has been active since at […]
Pierluigi Paganini
March 25, 2017
Findings of the MIMICS project conducted by Dragos Threat Operations Center show a malware posing as Siemens PLC application is targeting ICS worldwide. After the disclosure of the Stuxnet case, the security industry started looking at ICS malware with increasing attention. A malware that infects an industrial control system could cause serious damages and put in danger human lives. […]
Pierluigi Paganini
November 10, 2016
The effects of cyber-attacks against SCADA/ICS are well known, however, there is a great confusion when dealing with mitigation techniques. The Majority are aware of the impact cyber-attacks can have on Industrial Control Systems however, the reality in terms of mitigation techniques are shrouded with confusion and a reactive approach. Recent 0-day vulnerability dubbed as […]
Pierluigi Paganini
January 11, 2015
Researcher Kyle Wilhoit discovered a spike in traditional financial crimeware targeting ICS/SCADA networks attributing it to attack run by cyber criminals. The senior threat researcher with Trend Micro, Kyle Wilhoit, has recently discovered 13 different types of crimeware disguised as new versions for human machine interface (HMI) software for Siemens Simatic WinCC, GE Cimplicity, and Advantech device drivers. The […]
Pierluigi Paganini
October 15, 2014
Last ICS-CERT MONITOR report reveals that hackers had access to the systems of an unnamed manufacturing organization for several months. According to the ICS-CERT MONITOR report, which summarizes the Industrial Control Systems Cyber Emergency Response Team’s (ICS-CERT) activities between May â August 2014, threat actors had access to the systems of an unnamed manufacturing organization for […]
Pierluigi Paganini
August 02, 2014
The Kaspersky Lab Team has issued a report which includes details of the investigation related to the Energetic Bear â Crouching Yeti APT campaign. Energetic Bear, aka Crouching Yeti, is the recently discovered APT campaign that targeted energy companies, manufacturers, industrial, pharmaceutical, construction, and many IT companies. Security experts have analyzed the Energetic Bear APT campaign, which appears […]
Pierluigi Paganini
July 20, 2014
Researchers at FireEye have detected a new variant of Havex RAT, which scans SCADA network via Object linking and embedding for Process Control (OPC). Security experts at F-Secure and Symantec have recently announced a surge of malicious campaigns based on âHavexâ malware against critical infrastructure. The bad actors behind the Havex campaign mainly targeted companies in the energy […]
Pierluigi Paganini
July 02, 2014
Security experts at Symantec have detected a new series of attacks worldwide conducted by the Dragonfly gang on SCADA/ICS in critical infrastructure. The energy industry is under attack, more than one thousand companies in Europe and North America are constantly under attack. ICS/SCADA systems are privileged targets of state-sponsored hackers and cyber criminals, last week I wrote […]
Pierluigi Paganini
June 25, 2014
Security Experts at F-Secure discovered a cyber espionage campaign based in the Havex malware targeting ICS/SCADA systems and vendors. Security Experts at F-Secure have conducted an investigation on the Havex Malware family in the past months, let’s remember that the malicious agent has been used in several targeted attacks against different industry sectors, and according […]
