Experts of Kaspersky’s global research and analysis team revealed a disruptive digital campaign aimed at distributing the Milum Trojan, which gives the party behind it the ability to remotely control the devices of the targeted companies and institutions, including industrial companies, and this campaign is still active according to experts who named it WildPressure.
Continuous advanced threats are usually associated with the most sophisticated types of cyberattacks, with the attacker behind them often obtaining expanded access, stealthily, to targeted systems in order to steal or disable information, and these attacks are usually created and employed from entities with substantial financial and professional resources , Which quickly attracted the attention of Kaspersky researchers to the WildPressure campaign.
The team of researchers has so far been able to find almost identical samples from the Trojan Milum which are not the same in the code code with any known sabotage digital campaigns.
All of these samples have powerful capabilities to manage devices remotely from anywhere, once the system is infected, and Trojans can do the following:
-Download and execute commands from its trigger.
-Collect various information from the affected device and send it to the command and control server.
-Upgrade itself to a newer version.
The Kaspersky team first saw the spread of Trojan trojan in late 2019, and malware code analysis showed that the first three samples were built in March of the same year.
The telemetry tools available to researchers showed that most of the goals of this campaign are in the Middle East and Europe, and that the campaign itself is still ongoing, but much remains unclear about it, such as the precise mechanism of Milum’s propagation.
Kaspersky’s chief security researcher, Dennis Legiso, said targeting the industrial sector with such campaigns was worrying, noting that their consequences could be devastating, adding:
“We have not yet seen any evidence that the attackers behind WildPressure have intentions beyond the collection of information from Targeted networks, but the campaign is still actively developing. We have discovered new malicious samples other than the three that we originally discovered, and we do not know at this point what will happen as WildPressure continues to evolve, but we will continue to monitor its progress. ” – Dennis Legiso
Kaspersky experts recommend companies to take the following measures to avoid becoming a victim of a targeted attack:
-Ensure that all software used in the company is regularly updated, especially when issuing security patches, and security products that have the ability to assess vulnerabilities and manage patches may help automate these procedures.
-Choosing a known security solution such as Kaspersky Endpoint Security, equipped with behavior detection capabilities to ensure effective protection from known and unknown threats, such as exploits.
-Besides adopting basic protection for end-points, implementing an enterprise-level security solution capable of detecting advanced threats to networks at an early stage, such as Kaspersky Anti Targeted Attack Platform.
-Ensure that employees receive basic training in digital security safety, as many targeted attacks begin with resort to phishing attempts and other social engineering techniques.
-Ensure that the security team has access to the latest information on digital threats, and Kaspersky APT Intelligence Reporting customers are provided with special reports on the latest developments in the digital threat scene.
