Geeks for your information News Privacy & Security News v
MontysThree APT Takes Unusual Aim at Industrial Targets
MontysThree APT Takes Unusual Aim at Industrial Targets
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  08 October 20, 12:16
Quote:SAS@Home 2020 – A series of highly targeted attacks by an APT group called MontysThree against industrial targets has been uncovered, with evidence that the campaign dates back to 2018.
 
That’s according to researchers from Kaspersky, who noted that the group uses a variety of techniques to evade detection, including using public cloud services for command-and-control (C2) communications, and hiding its main malicious espionage module using steganography.
 
Spy attacks on industrial holdings are far more unusual than campaigns against diplomats and other nation-state targets, according to the firm.
 
“Government entities, diplomats and telecom operators tend to be the preferred target for APTs, since these individuals and institutions naturally possess a wealth of highly confidential and politically sensitive information,” according to a Kaspersky analysis, issued on Thursday in tandem with its virtual Security Analyst Summit conference, SAS@Home. “Far more rare are targeted espionage campaigns against industrial entities—but, like any other attacks against industries, they can have devastating consequences for the business.”
 
The APT uses a toolset that it calls MT3, which consists of separate modules. The first—the loader—is initially spread using RAR self-extracted (SFX) archives. These, delivered via email, contain savvy lures related to employees’ contact lists, technical documentation and medical analysis, to trick industrial employees into downloading the files.
 
The loader obfuscates itself using steganography, which is the practice of hiding electronic information inside images.
 
“Steganography is used by actors to hide the fact that data is being exchanged,” according to Kaspersky. “In the case of MontysThree, the main malicious payload is disguised as a bitmap file. If the right command is inputted, the loader will use a custom-made algorithm to decrypt the content from the pixel array and run the malicious payload.”

Read more: https://threatpost.com/montysthree-apt-i...ts/159957/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread:
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
CrystalDiskInfo 9.8.0 [2026/02/15]
9.8.0 ​ Removed...harlan4096 — 17:07
K-Lite Codec Pack 19.4.5 / 19.4.9 Update
Changes in 19.4.9 ...harlan4096 — 16:30
Brave 1.87.188 (Chromium 145.0.7632.76)
Release v1.87.188 ...harlan4096 — 16:29
Opera 127.0.5778.64
New update to Oper...harlan4096 — 16:28
INTEL Arc Graphics 32.0.101.8509 driver
INTEL Arc Graphics...harlan4096 — 16:27

[-]
Birthdays
Today's Birthdays
avatar (39)MezirLal
Upcoming Birthdays
avatar (38)showercurtains
avatar (49)PeterWhink
avatar (46)dimaWeami
avatar (39)TranoTymn
avatar (38)Michaelaburi
avatar (46)dpascoal
avatar (51)Ronaldduh
avatar (39)legalgauch
avatar (44)Baihu
avatar (27)RaseinsLikes

[-]
Online Staff
There are no staff members currently online.

>