Full Report
The region where the main threat source is the internet and the percentage of ICS computers on which miners in the form of executable files for Windows were blocked is usually high.
Analysis Summary
This task requires summarizing threat actor information based on an article snippet. However, the provided context **only contains links and metadata about a report** titled "Threat landscape for industrial automation systems. Russia, Q2 2025" from Kaspersky ICS CERT.
**The context does not contain any specific details regarding a named threat actor, their activities, TTPs, motivations, or targets.** It only describes a general observation regarding the threat landscape: "The region where the main threat source is the internet and the percentage of ICS computers on which miners in the form of executable files for Windows were blocked is usually high."
Therefore, I can only structure the output based on the limited general information provided, leaving most sections blank or noting the lack of specific data.
---
# Threat Actor: Undisclosed/Generic Miner Threat Group
## Attribution & Identity
Attribution information is **not specified** in the provided context. The threat source is generally identified as the **internet**.
## Activity Summary
The context mentions a high incidence of **miners in the form of executable files for Windows** being blocked on ICS computers. No specific historical campaigns or operations are described.
## Tactics, Techniques & Procedures
- Deployment of **miners** delivered as **executable files for Windows**.
- **TTPs specific to an identified actor are not detailed** in the provided text.
- MITRE ATT&CK IDs are **not provided**.
## Targeting
- Sectors: **Industrial Control Systems (ICS) computers**.
- Geography: The report title suggests a focus on **Russia**.
- Victims: **No specific organizations are mentioned in the context.**
## Tools & Infrastructure
- Malware families used: **Cryptocurrency miners** (delivered via executables).
- Infrastructure: **No specific C2, domains, or IPs are mentioned.**
## Implications
The high rate of blocked miners on ICS systems suggests that **commodity malware campaigns are actively targeting or incidentally affecting Industrial Control Systems**, posing a risk of system resource depletion, potential stability issues, or serving as an initial beachhead for more sophisticated follow-on attacks.
## Mitigations
- Implement robust endpoint detection and response (EDR) or protection mechanisms capable of blocking **executable-based malware** on Windows systems within the ICS environment.
- Enhance network segmentation to isolate ICS assets from general internet connectivity where possible.