Free Shipping on orders over 100€
0 Record(s)
We found results matching "0" in 0 ms

Kaspersky researchers discover Russian cyber espionage against Russia

Oct. 10, 2020

Steganography-transmitted malware has been used to spy on industrial targets in Russia.


A recently discovered attack sheds light on how cyber espionage can be used not only for the interests of the nation-state, but also for potentially competitive or other espionage purposes.


Researchers at Moscow-based Kaspersky Company discovered and analyzed a cyberattack campaign they called MontysThree.


The global industrial sector has had its share of malware infections, both targeted and undirected, for several years. Attacks on corporate technology networks have increased, and according to a new survey by industrial security firm Claroty, about 56% of industrial sector organizations around the world have experienced more cyber threats during the COVID-19 pandemic.


MontysThree, apparently unconnected to the threat groups Kaspersky currently tracks, uses relatively unusual techniques in its attack campaign, including steganography, a sophisticated method of hiding malware behind images, and a relatively cumbersome HTTP Remote Access communication method. via remote desktop protocol. The group also put a false flag in the code of some of their email files to appear as a Chinese-speaking actor.


Loader malware disguised as steganography in phishing email uses a bitmap file to hide the malware. Decoys are SFX RAR files that contain employee contact names, documentation, and medical results.


Steganography is an old but rarely used obfuscation method and it is not easy to use. Legezo believes that the attackers attempted to sneak past IDS / IPS tools on victimized networks by hiding the malware behind seemingly innocent image files.


MontysThree encrypts user data and primarily searches for Microsoft and Adobe Acrobat files. At the same time, the usual spying tasks of gathering information about the configuration and characteristics of the target computers are performed. Attackers store your stolen files on public cloud services like Google, Microsoft, and Dropbox to camouflage their activities and avoid alarms from security tools.


MontysThree also uses an interesting method for remote access communication instead of incorporating communication protocols into the malware.


Attackers also use Citrix clients: "Citrix communication proceeds in the same way: the malware does not implement the protocol, but looks for Windows Quick Launch .lnk for XenApp pnagent.exe, runs Internet Explorer remotely and communicates with it at via the Clipboard with special keyboard shortcuts, ”says Kaspersky's whitepaper on the attack.


They were also discovered in other errors by novice attackers: connecting to RAM and files at the same time and storing the encryption keys in the same file.


Despite this, Legezo believes that MontysThree is still fine-tuning and polishing its attack frame and is therefore following the group closely.


Bzfuture shares software news and advice on big data software and platforms. Don't forget to keep an eye on our weekly newsletter for more information.Get all the software products you need from the bzfuture online retail store. Connect with our customer service online.

CloseWelcome to Bzfuture Sign In.

Not signed up yet?   Sign Up Now

Log in with a third party account:

Open the bzfuture APP

Scan The code to login

CloseWelcome to Bzfuture Sign Up.

Black friday Sale:Free gift & Surprise Blind Box Up to 50% Coupon Code
  • Email Address*

    Please enter a valid Email.

Black friday Sale:Free gift & Surprise Blind Box Up to 50% Coupon Code
  • Mobile Phone*

    Please enter a valid mobile phone.

  • Verification Code*

    Get Verification Code

    The code will be invalid in 5 minutes

  • Password*

    5 to 16 letters, numbers, and special characters.

  • Confirm Password*

  • First Name* Last Name*

  • I have read and agreed to the  
    Subscribe to Bzfuture Offers ,Contests&Newsletter.

Already have an Bzfuture account?   Sign In Now

Log in with a third party account


Prompt T698563:

The programe has been successfully submitted to the system


Prompt T698563:

The programe has been successfully submitted to the system


Prompt T698563:

The programe has been This is a warning ?

CloseSuccessful Registration

A new item has been added to your Shopping Cart.

CloseSecurity verification