A series of highly targeted attacks by an APT group called MontysThree against industrial targets has been uncovered, with evidence that the campaign dates back to 2018. The group uses a variety of techniques to evade detection, including using public cloud services for command-and-control (C2) communications, and hiding its main malicious espionage module using steganography. Attacks on industrial holdings are far more unusual than campaigns against diplomats and other nation-state targets, according to Kaspersky. The APT uses a toolset that it calls MT3, which consists of separate modules.
Source: https://threatpost.com/montysthree-apt-industrial-targets/159957/