Kaspersky Lab experts published a report in which they talked about attacks by malicious software (software) on a significant number of industrial and government organizations, including enterprises of the military-industrial complex (MIC) and research laboratories.
According to experts, from January 20 to November 10, 2021, 35,000 cyber attacks were recorded in 195 countries, including Russia. “In June 2021, experts identified malware whose bootloader bears some resemblance to the Manuscrypt malware in the Lazarus APT group’s arsenal,” the report says. Experts named the detected malware Pseudomanuscrypt.
The company explained that the program penetrates user systems through the Malware-as-a-service (MAAS) platform, which distributes malware in the installer’s archives under the guise of pirated software. The main module of this program has “extensive and varied spy functionality.” It can steal VPN connection data, log keystrokes, take screenshots, record video and sound from the screen using a microphone, steal clipboard data, and much more. As the specialists emphasized, the functionality of PseudoManuscrypt gives attackers almost complete control over the infected system.
The study found that at least 7.2% of all computers attacked by Pseudomanuscrypt are part of industrial automation systems (ICS) in organizations of various industries. Cyberattacks targeted computers of engineering companies, including physical and 3D modeling systems, development and use of digital twins.
“We cannot say with certainty whether cyberattacks are pursuing selfish goals or goals that are in the interests of any governments. Nevertheless, the fact that the attacked systems include computers of high-ranking organizations in different countries makes us assess the level of threat as high, ”the company concluded.
Earlier, TASS, referring to the report of the Federation Council commission on the protection of state sovereignty and prevention of interference in the internal affairs of Russia, reported that billions of cyberattacks are committed against Russian facilities every year. Moreover, 45% of these cyber attacks originate from the United States. The report explained that IT technologies are becoming one of the main instruments of external influence, and information vulnerability “leads to serious risks for sovereignty, national economy, scientific, technical and social development”: as an example, experts called the use of a virus like Stuxnet to disrupt Iranian nuclear program.
.