Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
ACSC Warns of Large-Scale CMS Exploitation Campaign Deploys Webshells on Vulnerable Websites
July 9, 2026
GodDamn Ransomware Rebrands From Beast and Uses PoisonX Driver to Disable Defenses
July 9, 2026
RedHook Android RAT Abuses ADB Wireless Debugging to Gain Shell-Level Access
July 9, 2026
Home/Threats/Worm Spreads via Email to Compromise Industrial Control Systems
Threats

Worm Spreads via Email to Compromise Industrial Control Systems

Key Takeaways Industrial Control Systems (ICS) globally experienced a significant increase in email-borne worm attacks during Q4 2025, marking a critical shift in operational technology (OT) threats....

Jennifer sherman
Jennifer sherman
April 17, 2026 2 Min Read
58 0

Key Takeaways

  • Industrial Control Systems (ICS) globally experienced a significant increase in email-borne worm attacks during Q4 2025, marking a critical shift in operational technology (OT) threats.
  • The surge was primarily driven by a new backdoor worm, Backdoor.MSIL.XWorm, which spread rapidly through phishing campaigns disguised as job applications.
  • This malware grants attackers full remote control over compromised machines and was initially undetected due to sophisticated obfuscation techniques.
  • Regions like Southern Europe, South America, and the Middle East saw the highest infection rates, while the oil and gas sector specifically noted an increase in blocked threats.

Global Surge in Email-Borne Worms Targets Industrial Control Systems

The final quarter of 2025 witnessed an unprecedented proliferation of email-borne worms infiltrating Industrial Control Systems (ICS) worldwide. This dramatic escalation represents one of the most concerning shifts in the threat landscape affecting operational technology (OT) environments in recent memory.

Table Of Content

  • Key Takeaways
  • Global Surge in Email-Borne Worms Targets Industrial Control Systems
  • Backdoor.MSIL.XWorm: A New Global Threat
  • The “Curriculum-vitae-catalina” Campaign

This widespread infection was largely attributed to a single, stealthy piece of malware that propagated through malicious phishing emails, successfully reaching ICS networks across all global regions within a mere two months, according to a recent report.

Backdoor.MSIL.XWorm: A New Global Threat

Central to this escalating threat is Backdoor.MSIL.XWorm, a backdoor worm designed to establish persistent access and grant attackers comprehensive remote control over compromised systems. The sudden appearance of this malware is particularly alarming; it had no discernible presence on ICS computers in the preceding quarter but rapidly emerged across all global regions in Q4 2025, indicating a swift and effective global deployment.

During this period, the proportion of ICS computers where worms were detected and blocked surged by 1.6 times, reaching 1.60%. This sharp increase was almost entirely driven by the Backdoor.MSIL.XWorm campaign, as highlighted in the report. Analysts at Securelist specifically linked the rapid dissemination of Backdoor.MSIL.XWorm to a particular malware obfuscation technique extensively used in mass phishing efforts during Q4 2025.

The “Curriculum-vitae-catalina” Campaign

These campaigns, identified since 2024 as “Curriculum-vitae-catalina,” employed a deceptively simple yet highly effective social engineering tactic. Threat actors targeted HR managers, recruiters, and employees involved in hiring processes with emails impersonating job applications. These malicious messages typically used subject lines such as “Resume” or “Attached Resume” and contained an executable file, often named “Curriculum Vitae-Catalina.exe,” which, when opened, immediately infected the system. For more details, refer to the <a href="https://ppl-ai-file-upload.s3.amazonaws.com/web/direct-files/attachments/11146061/14b547b5-0804-44de-9ffa-93ce51a1243a/Email-Borne-Worm-Surge-Drives-New-Threat-Wave-Across-Industrial-Control-Systems.pdf?AWSAccessKeyId=ASIA2F3EMEYE7UQM3OQW&Signature=ktVIFj%2FPqYoqBdpJTsfi4k1z%2BRo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBAaCXVzLWVhc3QtMSJIMEYCIQDiIvN4RDw0iSb7z7UN4t9pArUFtwWbw%2Bs2Wc5w6AtcXAIhAMNS7sqvwwwjzAUvUUIy%2BXAokvKfhVbVY1rjAXAAPYW4KvwECNn%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQARoMNjk5NzUzMzA5NzA1IgyPULJp0ZuC90iG%2FMYq0AQThWy92LUn9nY8FcbeFHCD8hQrU17reJm9d50KmHkJ7f3g6u9sFpkLNPkA9qD9LUwzsbX94e8%2FH6eC2Nu%2BMZ0bcJqu1RwoFSNAJhrZ7tmKWhc98QnTJPZOFm7XuZBWzeUrfQuti3G3RfidYZ8jP%2B%2BLh%2Bh1kAImM8%2FhNzcYV8TVqMk%2Bwl69VwuTqmXQFzkp0JxwlJc7aZ8dv9qYXA8f8HC%2BsiFFSibPhgxi7nIYZiN01VoDOIqYr08hgyaCyi0n8Ax%2FiT8%2BkrZTuqcFLp3Vwx1XOt9Ei8S%2BaSGKgFX9yz%

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackMalwarephishingSecurityThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Fake Zoom SDK Update Delivers Sapphire Sleet Malware to macOS

Next Post

Critical TP-Link Router Vulnerability CVE-2023-33538 Exploited by Mirai Malware

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Roundcube 0-Click Vulnerability Lets Attackers Inject Stored XSS
July 9, 2026
Critical Microsoft Entra ID Flaw Lets Attackers Hijack Accounts
July 9, 2026
Critical Linux Kernel Flaw Allows Root Access via DRM Render Nodes
July 9, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us