Security researchers at cybersecurity firm Kaspersky have uncovered a targeted campaign to distribute Milum — a malicious Trojan that gains remote control of devices in various organisations, including those representing the industrial sector.
This operation is still active and has been dubbed as ‘WildPressure’, Kasperskys Global Research and Analysis Team (GReAT) said on Monday.
“So far, we haven’t seen any clues that would support the idea that the attackers behind WildPressure have intentions beyond gathering information from the targeted networks,” Senior Security Researcher Denis Legezo said in a statement.
“However, this campaign is still actively developing; we have already discovered new malicious samples apart from the three originally discovered. At this point, we don’t know what will happen as WildPressure develops, but we will be continuing to monitor its progression,” Legezo added.
The researchers first witnessed the spread of the MilumTrojan in August 2019.
The analysis of the malware code showed that the first three samples were created in March 2019.
Based on available telemetry, Kaspersky researchers believe most of the targets of this campaign are located in the Middle East, and the campaign itself is still ongoing.
So far, the team has been able to identify several, almost identical samples of the MilumTrojan that share no code similarities with any known malicious campaigns.
All possess solid capabilities for remote device management, meaning once a system is affected, an attacker can take control from anywhere.
In particular, the Trojan can download and execute commands from its operator, collect various information from the attacked machine and send it over to the command and control server and upgrade itself to a newer version, the researchers said.