Principal ICS Cyber sec person @ Kaspersky ICS CERT. Proud BEER-ISAC and RUSCADASEC member. Tweets are mine or written by Markov Chains
Joined May 2019
- Tweets 318
- Following 327
- Followers 665
- Likes 218
70 Photos and videos
Terribly sad news. Sergey @Skvern0 left this world. He was one of the best APT hunters, absolutely passioned about fighting cybercrime. His YARA training was always sold out! And he was a GReAT person and friend
Goodnight, mr. Alice. You’ll be missed. Rest in peace my friend 💔
3
14
3,873
26 Jun 2025
Happy to see Moscow Central Circle (МЦК), part of the Moscow Metro system, is on @CISAgov website!
cisa.gov/topics/critical-inf…
153
26 Oct 2023
7
654
26 Oct 2023
#iosTriangulation’s binary validator and @2igosha telling the most interesting details of investigation. Will we see those four 0days used? 🤔
#TheSAS2023
6
460
26 Oct 2023
#IoSTriangulation latest report: securelist.com/triangulation…
However @2igosha will share additional details today at @TheSAScon #thesas2023
1
2
252
26 Oct 2023
3
191
Vladimir Dashchenko retweeted
21 Jun 2023
Our next blogpost on #iOSTriangulation (securelist.com/triangledb-tr…) is finally out. Today we are ready to share details about the final payload used in the attack, which is a #spyware implant that we dubbed #TriangleDB @bzvr_ @2igosha [1/3]
3
108
220
117,155
Vladimir Dashchenko retweeted
3 Apr 2023
Hey everyone, this is my first tweet! We identified a backdoor we dubbed #Gopuram, the final payload in the #3CX attack. The threat actor (likely to be Lazarus) has deployed it to cryptocurrency companies. More details in this thread and on Securelist (securelist.com/gopuram-backd…)
6
92
163
58,970
6 Mar 2023
We made a report "Threat landscape for industrial automation systems" in H2 2022.
We decided to show statistical changes in ICS threat landscape for Russia separately from the rest of the world - one of the most interesting data
Here's a full report ics-cert.kaspersky.com/publi…
1
162
6 Mar 2023
Besides that we've analyzed how CVE-2022-27228 (Remote Code Execution in Bitrix CMS “Polls, Votes” module) affected ICS computers in Russia, Belarus and Central Asia. Which is also quite interesting
168
21 Dec 2022
Is there any chance to find alternatives for an expensive IDA Pro? There’s a cool post by @2igosha “How to train your Ghidra”.
securelist.com/how-to-train-…
210
16 Dec 2022
Together with GReAT we've prepared an analysis of various activities that were observed in cyberspace in relation to the military conflict in Ukraine.
Did a cyberwar happen? This is a simple question with a very complicated answer
securelist.com/reassessing-c…
1
138
12 Dec 2022
Here are some of the tricks and methods I have seen used to gain that all important initial access to remote systems. Specifically, the unexpected and unusual tricks!
ics-cert.kaspersky.com/publi…
4
30 Nov 2022
We've prepared ICS Cybersecurity predictions for 2023
Ideologically and politically motivated insiders, degrading communications between law enforcement, failing trust relationships in supply chains for both products and services(including OEM)
ics-cert.kaspersky.com/publi…
1
29 Oct 2022
I know it’s really humiliating for GCHQ, but it’s hilarious
29 Oct 2022
“Truss’s mobile phone number…was for sale on the internet, along with those of 25 Cabinet Ministers. They could be accessed on a shady US website charging just £6.49 for access to the information”
27 Oct 2022
Really cool research! Kudos to @MsftSecIntel
27 Oct 2022
Microsoft has discovered Raspberry Robin activity establishing its role in a complex, interconnected malware ecosystem that facilitates human-operated ransomware. Our latest blog details active operations and links to other malware and threat actors: msft.it/6011djXFR
29 Sep 2022
The secrets of Schneider Electric’s UMAS protocol - our new publication about implementation of the Unified Messaging Application Services protocol. Details about implementation, connections between CVE-2020-28212 and CVE-2021-22779, bypassing auth
Enjoy!
ics-cert.kaspersky.com/publi…
1
5