APT attacks on industrial organizations in H2 2022
Contents
24 March 2023
APT attacks on industrial organizations in H2 2022
This summary provides an overview of APT attacks on industrial enterprises disclosed in H2 2022 and related activity of groups that have been observed attacking industrial organizations and critical infrastructure facilities. For each story, we sought to summarize the most significant facts, findings, and conclusions of researchers, which we believe can be of use to experts who address practical issues related to ensuring the cybersecurity of industrial enterprises.
Southeast Asia and Korean Peninsula
DEV-0530 attacks
Researchers have attributed an emerging ransomware threat to a North Korean based threat actor they call DEV-0530 (the group calls itself “H0lyGh0st”). DEV-0530 has targeted small-to-medium businesses in multiple countries since September 2021, including manufacturing organizations, banks, schools, and event and meeting planning companies. The attackers employ “double extortion”, encrypting data and also threatening to publish data if the target refuses to pay. Researchers have found connections of DEV-0530 …
APT attacks on industrial organizations in H2 2022
This summary provides an overview of APT attacks on industrial enterprises disclosed in H2 2022 and related activity of groups that have been observed attacking industrial organizations and critical infrastructure facilities. For each story, we sought to summarize the most significant facts, findings, and conclusions of researchers, which we believe can be of use to experts who address practical issues related to ensuring the cybersecurity of industrial enterprises.
Southeast Asia and Korean Peninsula
DEV-0530 attacks
Researchers have attributed an emerging ransomware threat to a North Korean based threat actor they call DEV-0530 (the group calls itself “H0lyGh0st”). DEV-0530 has targeted small-to-medium businesses in multiple countries since September 2021, including manufacturing organizations, banks, schools, and event and meeting planning companies. The attackers employ “double extortion”, encrypting data and also threatening to publish data if the target refuses to pay. Researchers have found connections of DEV-0530 …