Security News > 2020 > October > Russia-Linked Hackers Targeting Russian Industrial Organizations
A previously unknown threat group whose members speak Russian has been launching attacks against Russian industrial organizations in a highly targeted espionage campaign, Kaspersky reported on Thursday.
Denis Legezo, senior security researcher with Kaspersky's Global Research and Analysis Team, told SecurityWeek that the hackers have only been seen targeting the IT networks of industrial entities and there is no indication that they have also targeted industrial control systems.
MontysThree, Kaspersky says, relies on a piece of malware that has four modules.
Based on the lures used by the hackers, the language artifacts found in the malware, and the fact that it only targets Windows devices configured to use Cyrillic script, Kaspersky believes the members of the MontysThree group are Russian speakers and they target Russian entities.
"Some aspects of the malware - logging in RAM and files at the same time, keeping the encryption keys in the same file, running an invisible browser on the remote RDP host - seem immature and amateurish in terms of malware development," Kaspersky said.
News URL
Related news
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)