Study of a targeted attack on a Russian enterprise in the mechanical-engineering sector

**Executive summary:** In October 2023 a Russian mechanical‑engineering enterprise was targeted via phishing emails carrying password‑protected ZIPs that installed a commodity stealer (Trojan.Siggen21.39882/WhiteSnake) which staged a JavaScript backdoor (JS.BackDoor.60) and SpyBotNET to exfiltrate files, capture screenshots and record audio; the report details the infection chain, persistence techniques (modified .lnk with ADS, registry changes), and provides indicators of compromise and mitigation recommendations.