Virtualization Technology News and Information
Article
RSS
Kaspersky uncovers targeted malicious campaign in the Middle East
Kaspersky's Global Research and Analysis Team (GReAT) have uncovered a targeted campaign to distribute Milum, a malicious Trojan that gains remote control of devices in various organizations including those representing the industrial sector. This operation is currently active and has been named WildPressure. 

Advanced persistent threats (APTs) are commonly associated with the most sophisticated types of cyberattacks. Quite often, the attacker secretly gains extended access into a system to steal information or disrupt its normal operation. These attacks are typically created and deployed by actors that have access to large financial and professional resources. Given the nature of this threat, WildPressure quickly gained the attention of Kaspersky researchers.

So far, the GReAT team was able to uncover several almost identical samples of the "Milum" Trojan that share no code similarities with any known malicious campaigns. The samples possess solid capabilities for remote device management meaning once a system is affected, an attacker can take control from anywhere. In particular, the Trojan can:

  • Download and execute commands from its operator
  • Collect various information from the attacked machine and send it over to the command and control server
  • Upgrade itself to a newer version

Kaspersky's GReAT team first witnessed the spread of the "Milum" Trojan in August 2019. Analysis of the malware's code showed that the first three samples were created in March 2019. Based on available telemetry data, Kaspersky researchers believe most of the targets of this campaign are located in the Middle East, and the campaign itself is currently ongoing.

At this time, there are still uncertainties about this campaign including the exact mechanism of how Milum is spread.  

"Any time the industrial sector is being targeted, it's concerning," says Kaspersky senior security researcher Denis Legezo. "Analysts must pay attention because the consequences of an attack against an industrial target can be devastating. So far, we haven't seen any clues that would support the idea that the attackers behind WildPressure have intentions beyond gathering information from the targeted networks. However, this campaign is still actively developing, and we've already discovered new malicious samples apart from the three originally discovered. At this point, we don't know what will happen as WildPressure develops, but we will be continuing to monitor its progression."

Read more about the WildPressure operation on Securelist.

Published Tuesday, March 24, 2020 9:45 AM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<March 2020>
SuMoTuWeThFrSa
23242526272829
1234567
891011121314
15161718192021
22232425262728
2930311234