The attacks targeted 35,000 devices in 195 countries between January and November 2021, including devices housed by high-profile organizations. Roughly seven percent of the targets were ICS, with the engineering and building automation sectors being most impacted. Attacks were also aimed at military industrial enterprises and research laboratories.
In many cases, the attackers targeted engineering computers, including devices used for 3D and physical modeling, which led Kaspersky researchers to believe that the goal may be industrial espionage. However, the company noted that the number of victims is large and it could not determine a clear focus on a specific type of industrial organization.