MontysThree APT: Showing its Teeth with New Malware Toolkit | Cyware Alerts

MontysThree, a newly discovered threat group, is known to be carrying out espionage campaigns since 2018. Recently, the group has been found using new tools and legitimate public cloud services for targeted industrial espionage attacks, which is rare among the advanced persistent groups.

Attack vector

The threat group uses a never seen before malware toolkit named MT3, which has a set of C++ modules, including a loader, kernel, HttpTransport, and LinkUpdate.

  • The malware toolkit uses custom steganography and multiple encryption schemes, such as 3DES and RSA algorithms.
  • The threat actors use a self-extracting archive (SFX) inside the RAR file to spread their initial loader module. The loader hides itself using steganography.

The operating technique

  • The malware modules are delivered via emails that have savvy lures related to employee contact lists, technical documentation, and medical test results to fool industrial employees into downloading it.
  • Further, the malware uses a modifier for Windows Quick Launch to gain persistence on the infected system, in which a user unknowingly executes the initial module whenever they run legitimate applications.

Recent attacks

Being targeted by APTs is a bit rare for industrial organizations. However, several other threat groups have been observed doing this in recent times.

  • Recently, an APT-style cyberespionage campaign had been found to be targeting an international architectural and video production company via a third-party MAXScript exploit PhysXPluginMfx.
  • In August, Russian hackers were found targeting the networks of critical infrastructure providers and organizations in the energy sector.


Threat groups are now changing their tactic and moving on from their traditional targets to industrial entities. In order to combat such challenges, experts suggest deploying intrusion prevention and detection systems. In addition to this, applying network segregation and encryption for sensitive information is recommended.

Source link

Recent articles

Smart sensors could track social distancing in the office

PointGrab developed its technology before the pandemic to help workspace managers optimize how employees use office space. About the size of a smoke...

Welcome to News – Happy 80th birthday to ‘The King’

Today is Pele’s 80th birthday ‘The King’ left an incomparable legacy in...

A Colorado Wildfire Just Climbed Over the Rockies. In October.

Smoke rises from a wildfire in Colorado on Thursday.Photo: David Zalubowski (AP)Every time you think you’ve seen it...

Lifetime Deal: “Master Addons” for Elementor / WordPress

Quickly and easily create your own stunning website with this Master Addons and Elementor for WordPress combo deal. Boost your design creativity today...

Arctic Wolf Valued at $1.3 Billion After $200 Million Funding Round

Security operations company Arctic Wolf on Thursday announced the closing of a $200 million Series E funding round that values it at $1.3...

Leave a reply

Please enter your comment!
Please enter your name here