- Joined
- Jun 28, 2020
- Messages
- 6,777
- Reaction score
- 726
- Points
- 212
- Awards
- 2
The malware code of the new grouping has nothing to do with any previously known APT campaign.
Kaspersky Lab experts have discovered a new, previously unknown cybercriminal grouping that is currently targeting industrial sites in the Middle East.
The group is called WildPressure. The main weapon of criminals is a new backdoor called Milum, written in C ++, which gives its operators complete control over the infected host.
Computer systems infected with Milum were first detected by researchers in August 2019, but later traces of infections were discovered until May 31, 2019. As the results of the code analysis showed, Milum was compiled two months earlier - in March 2019.
According to experts, Milum was composed of a relatively new code, without intersections or similarities with any other APT group. In particular, the malware is able to perform the following functions: download and execute the commands of its operator, collect various information from the target device and send it to the C&C server and update to a newer version.
Experts suggest that most of the goals of the new malware campaign are in the Middle East, as Iranian IP addresses were connected to Milum's C&C server.
Kaspersky Lab experts have discovered a new, previously unknown cybercriminal grouping that is currently targeting industrial sites in the Middle East.
The group is called WildPressure. The main weapon of criminals is a new backdoor called Milum, written in C ++, which gives its operators complete control over the infected host.
Computer systems infected with Milum were first detected by researchers in August 2019, but later traces of infections were discovered until May 31, 2019. As the results of the code analysis showed, Milum was compiled two months earlier - in March 2019.
According to experts, Milum was composed of a relatively new code, without intersections or similarities with any other APT group. In particular, the malware is able to perform the following functions: download and execute the commands of its operator, collect various information from the target device and send it to the C&C server and update to a newer version.
Experts suggest that most of the goals of the new malware campaign are in the Middle East, as Iranian IP addresses were connected to Milum's C&C server.