New “WildPressure” APT Group Targets Industries in the Middle East

New “WildPressure” APT Group Targets Industries in the Middle East

  • The WildPressure APT group was spotted delivering a new piece of C++ backdoor named Milum. 
  • Researchers couldn’t identify any target intersections from the past, or with the currently ongoing campaigns elsewhere.

Cyber-researchers have found a new threat actor dubbed “WildPressure” targeting the industrial sector in the Middle East.

What happened?
Observed in August 2019 for the first time, the WildPressure has no similarities with other samples analyzed by the experts.

  • The never-before-seen malware is a fully-fledged C++ Trojan that the researchers called Milum.
  • While all the detected victims were from the Middle East, some of them were related to the industrial sector of the Middle East.
  • Researchers also couldn’t identify any target intersections from the past, or with the currently ongoing campaigns elsewhere.

But, the team found three almost unique samples, all from the same country.

How does WildPressure operate?
Milum was compiled two months before, in March 2019, researchers claimed.

  • The WildPressure APT group was spotted delivering a new piece of C++ backdoor named Milum. The term ‘milum’ is used in the C++ class names inside the malware.
  • Milum helps implement a broad range of features for remote device management of a compromised device or system.
  • Further analysis of the Milum code led to the discovery of other samples of the same malware, from the systems infected back on May 31, 2019.

What are the trojan’s capabilities?
  • Download and execute commands from its operator.
  • Collect various information from the attacked machine and send it over to the command and control server.
  • Upgrade itself to a newer version.

Summing it up
Researchers couldn’t affirm to date how the Milum trojan was spread by the threat actor. Also, they couldn’t attribute the attack to a specific state. As per the report, “Any similarities should be considered weak in terms of attribution, and may simply be techniques copied from previous well-known cases. Indeed, this ‘learning from more experienced attackers’ cycle has been adopted by some interesting new actors in recent years.”

Concluding the report, researchers said everyone needs to be cautious of these targeted attacks. “The targeted nature seems to be clear, but the targeting itself might be limited by our own visibility. The malware is not exclusively designed against any kind of victim in particular and might be reused in other operations,” they added.