Stealthy Cyberattacks on Russian IT Using Cloud Services
READ FULL REPORT ›
VISITORS:
...
INTEL FEED
CVE-2026-0041 EXPLOITED — ICS/SCADA ENVIRONMENTS AT RISK — PATCH CRITICAL
APT31 targets Russian IT sector via Yandex Cloud & OneDrive C2 channels
ClickFix StegoAttack drops LummaC2 via fake Windows Update pages
APT24 BADAUDIO campaign hits Taiwan & 1,000+ domains — supply chain breach
112 OT environments confirmed with critical segmentation failures
BlackMesh ransomware — 38 detonations via trojanised backup software
IEC 62443 compliance update issued — energy sector advisory released
Dr. Rai — OT Live Fire Exercise completed — 6th edition — UP forensic science
CVE-2026-0041 EXPLOITED — ICS/SCADA ENVIRONMENTS AT RISK — PATCH CRITICAL
APT31 targets Russian IT sector via Yandex Cloud & OneDrive C2 channels
ClickFix StegoAttack drops LummaC2 via fake Windows Update pages
APT24 BADAUDIO campaign hits Taiwan & 1,000+ domains — supply chain breach
112 OT environments confirmed with critical segmentation failures
BlackMesh ransomware — 38 detonations via trojanised backup software
IEC 62443 compliance update issued — energy sector advisory released
Dr. Rai — OT Live Fire Exercise completed — 6th edition — UP forensic science
LIVE PLATFORM — IT & OT SECURITY INTELLIGENCE
Welcome to IT & OT Security Intelligence
Stay updated with the latest news and research in Information Technology & Operational Technology security. Cutting-edge insights on protecting critical infrastructure.
OT refers to systems that use connected devices to monitor and control real-world physical processes — manufacturing, transportation, energy, and water management.
6+
Live Fire Drills
90+
Sessions
20Cr+
Projects
OT
PhD Focus
FEATURED INTELLIGENCE
Threat Intelligence Briefings
Deep-dive analysis of active threat campaigns
BADAUDIO Malware — 3-Year Espionage Hitting 1,000+ Domains
VIEW ANALYSIS ›
Fake Windows Update Drops LummaC2 via Steganographic PNG Payloads
READ PUBLICATION ›
DAILY INTELLIGENCE UPDATE
Latest Cyber News
Updated daily — filter by category or search by keyword
CRITICAL
22 NOV 2025
APT31 Uses Yandex Cloud & OneDrive as C2 in Russian IT Espionage Campaign
Source: Positive Technologies
China-linked APT31 targeted Russian IT contractors and government integrators using legitimate cloud services for command-and-control, hiding encrypted commands in social media profiles. Operations ran undetected from 2022–2025 using SharpADUserIP, CloudSorcerer, PlugX, and Tailscale VPN.
⚠ HIGH
2022–2025
APT24 BADAUDIO: 3-Year Taiwan Espionage via 1,000+ Hijacked Domains
Source: Google TIG / The Hacker News
APT24 (Pitty Tiger) deployed BADAUDIO — a DLL-hijacking C++ downloader delivering AES-encrypted Cobalt Strike. Breached a Taiwanese digital marketing firm to hijack 1,000+ domains. Uses FingerprintJS for victim targeting and avoids all mobile devices in evasion strategy.
⚠ HIGH
NOV 2025
ClickFix StegoAttack: Fake Windows Update Delivers LummaC2 via PNG Steganography
Source: BleepingComputer / ANY.RUN
New ClickFix variant uses full-screen fake Windows Update pages to clipboard-inject malicious commands. A multi-stage Stego Loader hides payloads inside PNG pixel data. Drops LummaC2 and Rhadamanthys infostealers using ctrampoline function chains that bypass all major EDR solutions.
◈ OT / ICS
OCT 2025
112 Industrial Environments Found with Critical OT Segmentation Failures
Source: Dr. Rai Research / Dragos
Survey of 340 internet-adjacent OT environments found 112 with direct management interface exposure. Default credentials unrotated on 67% of sampled PLCs. Vulnerable firmware creates viable pathways for kinetic disruption of physical industrial operations at critical infrastructure sites globally.
CRITICAL
SEP 2025
BlackMesh Ransomware Delivered via Trojanised Backup Software — 38 Orgs Hit
Source: CISA / SecurityWeek
A digitally-signed enterprise backup software update contained a stealthy dropper. After a 96-hour dwell period, BlackMesh ransomware was deployed with encrypted C2 via legitimate cloud infrastructure. Stolen code-signing certificate valid until 2027 used to bypass security controls. 38 organisations impacted.
◈ ANALYSIS
AUG 2025
RMM Tools Hijacked for 200-Day Stealth Persistence in Enterprise Networks
Source: Mandiant / Dr. Rai Analysis
Threat actors systematically disable logging subsystems and abuse WMI subscriptions + legitimate Remote Management & Monitoring tools as persistent backdoors. Average dwell time across 14 confirmed cases: 200+ days before detection. Enterprises with no anomaly detection baselines most at risk.
ABOUT THE RESEARCHER
Dr. Manish Kumar Rai:
Researcher in IT & OT Security
Welcome to my platform for sharing the latest news and research in IT & OT security. With a passion for safeguarding critical infrastructure and a commitment to advancing the cybersecurity landscape, I provide valuable insights and research through this site.
Currently serving as Cybersecurity Expert at UP State Institute of Forensic Science. Previously — Assistant Professor, Center Head of OT and Cyber Defense Center at Rashtriya Raksha University. Doctoral thesis completed exclusively in Operational Technology Security. Contributor to national and international cybersecurity projects.
6+
Live Fire Exercises
Real-world OT attack simulations conducted
90+
Cyber Security Sessions
Training workshops for government & industry
20Cr+
Research Projects
National & international funded research
WHY CHOOSE US
Stay Ahead in OT Security with Insights & Cutting-Edge Research
Gain access to comprehensive knowledge and stay informed about the latest trends, threats, and innovations in operational technology security. Our in-depth analysis provides practical insights, best practices, regulatory compliance guidance, and effective security measures tailored to your needs.
- Latest Updates & Real-Time Threat Intelligence
- Practical Guidance & Hands-On OT Training
- Regulatory Compliance — IEC 62443, NIST, ISO 27019
- Community Engagement & Research Collaboration
// OT SECURITY OPERATIONS FRAMEWORK
- Asset and Configuration Management
- Network and Access Control
- Monitoring, Detection & Incident Response
- Risk and Compliance Management
- Patch, Backup and Recovery Management
- Physical Security, Training & Threat Intelligence
// LIVE THREAT METRICS — GLOBAL OT SECURITY POSTURE
ACTIVE ADVISORIES24
CRITICAL ALERTS06
OT INCIDENTS TODAY18
DARK WEB HITS341
IOC CLUSTER HITS5,820
NATION-STATE TTPs12
FIELD UPDATES
Recent Activity & Deployments
Site visits, OT hardware demos and live exercises
PowerGrid OT Security Visit
Assessing SCADA and OT systems that control and monitor the electrical grid. Evaluated cyber threat exposure, segmentation, and access control protocols at a major power utility.
Operational Technology Hardware Lab
Hands-on practical OT hardware demonstration covering PLCs, RTUs, HMI interfaces and industrial communication protocols used in manufacturing, energy and transportation sectors.
UP ATS Cyber Operations Visit
The UP Anti-Terrorist Squad focusing on cybercrime including dark web investigations, drone threat analysis, and cyber forensics as part of counter-terrorism and digital intelligence operations.
scan --global --ot-audit --iecs-check --threat-correlate
> Initialising OT threat sensor mesh [SCADA nodes: 47 active]...
> Cross-referencing ICS/SCADA vulnerabilities across 6 critical sectors...
> [WARN] 3 novel ICS exploits detected — Modbus/DNP3 protocol abuse confirmed
> [CRIT] 112 OT environments with direct management interface exposure
> IEC 62443 compliance: 67% of sampled PLCs running default credentials
> [INFO] PowerGrid & UP ATS field assessments complete — reports archived
> [WARN] Supply chain trojanisation confirmed — update pipeline breached
> [CRIT] Avg ransomware dwell time: 200+ days in RMM-leveraged intrusions
> OT global threat index: ELEVATED — patching & segmentation advised
> Session time (IST): --:--:--
KNOWLEDGE BASE
Frequently Asked Questions
OT & IT security expertise — click to expand
Operational Technology (OT) cybersecurity safeguards hardware, software, networks, and systems that monitor and control industrial processes in critical infrastructure. Unlike IT security which focuses on data, OT security prioritises the availability, safety, and integrity of physical operations — a breach can cause real-world physical damage.
Key steps: Network Segmentation between IT and OT zones, Secure Remote Access with MFA, Robust Access Controls, Continuous Anomaly Monitoring, Vulnerability Management & Patch cycles, Employee Awareness Training, and documented Incident Response Planning with OT-specific playbooks.
Yes — a complete OT training package with hands-on demonstrations and setup of a Portable Operational Demo (POD) unit. The programme covers ICS/SCADA fundamentals, industrial protocols (Modbus, DNP3, OPC-UA), and OT cybersecurity best practices designed for real-world skills development.
We implement: ICS-specific firewalling and network segmentation, Asset visibility and anomaly detection, Regular backup, patch management and access controls, Real-time monitoring and OT incident response plans. We also conduct simulated and live-fire attack scenarios to test operational resilience.
Yes — full OT security audits including risk assessment, vulnerability identification, and compliance checks for ICS/SCADA environments. Audits align with IEC 62443, NIST CSF, and ISO 27019 standards, ensuring comprehensive critical infrastructure protection with a written report and remediation roadmap.
Yes — customised cyber safety training covering: safe digital practices, phishing awareness, password hygiene, secure communication and data protection. Delivered onsite or online with interactive sessions, real-world case studies, and live demonstrations. Tailored to government, corporate, and academic audiences.
Initial response within minutes for critical incidents via real-time monitoring and alerting systems. Full incident analysis and containment typically initiated within 1–2 hours. Our team handles both OT and IT environments efficiently, minimising downtime and operational impact through pre-established runbooks.
Check for: Network segmentation between IT and OT, up-to-date asset inventory and vulnerability assessments, strong access control with authentication, continuous monitoring for anomalies and incident response readiness, and compliance with IEC 62443 or NIST. We offer OT assessments to identify and remediate all gaps.