As the conflict of interests continues to grow in Middle East there seems to be consistent struggle to grapple with rising cyber security concerns regarding operation wildpressure. In a report published by Kaspersky in August 2019,researchers identified a very distinct sort of malware that was never been identified earlier in the Middle East region. The malware came in light for its offensive operation targeting the industrial sector in Middle East.
Kaspersky identified a malicious campaign that included a a fully fledged C++ Trojan called Milum that aimed at infecting and taking control over the host system. As per report the operation aimed at creating a backdoor patch which gave access to the hacker of all data and operations of the target system.
As per the report published by Kaspersky, “ Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor have we seen any target intersections. In fact, we found just three almost unique samples, all in one country. So we consider the attacks to be targeted and have currently named this operation WildPressure.”
The associated group found to be believing this malicious software was identified to be Wildpressure APT group, in August. It was detected majorly on the systems used by organizations from the Middle East most of which were related to industrial sector.
During further investigations it was discovered that a trace of this malware was also found earlier on infected systems in May 31, 2019. Milum was created way before the actual attack was executed. It was created in in March 2019. The actors employed rented OVH and Netzbetrieb virtual private servers (VPS) and used domain registered with the Domains by Proxy service. The created malware was found to be distinctive from attributions of any other known APT group that testifies the assumption of a new hacking group emerging in the region.
As per the peice of advice shared by Kaspersky in this regard is that “We should also be cautious regarding the true targeting of this new set of activities, as it is probably too soon to jump to conclusions. The targeted nature seems to be clear, but the targeting itself might be limited by our own visibility. The malware is not exclusively designed against any kind of victim in particular and might be reused in other operations.”
However, till date it is unclear the way the Milum trojan was spread by the threat actor and it is still impossible to attribute the attack a specific state which makes it all the more intriguing and caution worthy.