It is initially spread to its victims via targeted spearphishing email campaigns containing malicious files disguised as important files such as contact lists, technical papers and medical documents. MT3 is the name of the multi-module toolset, written in the C++ language, used by MontysThree during its highly targeted attack campaigns. Plus, MontysThree’s targets are corporate industrial entities, so you can assume to be looking at an industrial cyberespionage APT. According to Kaspersky Lab (who uncovered the MT3 toolset), MontysThree primarily steals recent documents, such as Adobe Acrobat and Microsoft Word files, as well as documents stored on removable drives. There is also ample evidence that MontysThree is exclusively an industrial cyberespionage group.
While still behind other APTs in terms of skill, these techniques contribute to its success. Another example of this group using a smokescreen to hide its presence is the recent implementation of email-based accounts pretending to be Chinese in origin. MontysThree uses several different techniques to avoid detection, such as steganography and public cloud infrastructures for their command and control (C2) servers. This group is considered a hacker collective. More to this point, a typical file searched for by its toolset is named Список телефонов сотрудников 2019.doc.
Use of steganography in cyber espionage windows#
The MontysThree toolset seeks out directories that are on Cyrillic-localized editions of Windows (Cyrillic is a script used in various nations such as Russia or Ukraine).
Targets have only been in Russia or in countries that speak Russian. This group is believed to be focused on targets in Russia, and no attacks have yet occurred in the U.S. MontysThree is an ATP group in operation since 2018 or earlier.
0 kommentar(er)
