Security News > 2020 > October > Russia-Linked Hackers Targeting Russian Industrial Organizations
A previously unknown threat group whose members speak Russian has been launching attacks against Russian industrial organizations in a highly targeted espionage campaign, Kaspersky reported on Thursday.
Denis Legezo, senior security researcher with Kaspersky's Global Research and Analysis Team, told SecurityWeek that the hackers have only been seen targeting the IT networks of industrial entities and there is no indication that they have also targeted industrial control systems.
MontysThree, Kaspersky says, relies on a piece of malware that has four modules.
Based on the lures used by the hackers, the language artifacts found in the malware, and the fact that it only targets Windows devices configured to use Cyrillic script, Kaspersky believes the members of the MontysThree group are Russian speakers and they target Russian entities.
"Some aspects of the malware - logging in RAM and files at the same time, keeping the encryption keys in the same file, running an invisible browser on the remote RDP host - seem immature and amateurish in terms of malware development," Kaspersky said.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)