Image via Robin Sommer
Special feature
Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read More
Kaspersky, one of the world’s top security firms, said today it discovered a new and never-before-seen hacker group that is currently targeting organizations from the Middle East industrial sector.
The security firm has named this group WildPressure and describes it as an APT (advanced persistent threat), a term normally used to describe nation-sponsored hacking operations.
The group’s primary weapon is a new C++ backdoor trojan that Kaspersky has named Milum, and which grants WildPressure operators complete control over an infected host.
Kaspersky experts say they’ve first discovered computers infected with Milum in August 2019, but they later found signs of past infections going as back as far as May 31, 2019.
An analysis of Milum’s code also confirmed that Milum was compiled two months before, in March 2019, which explains why Kaspersky wasn’t able to pick up older infections.
No shared code or victimology with any other operation
Furthermore, the same analysis also revealed Milum was made up of relatively new code, with no intersections or similarities to any other APT operation.
“Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns,” said Denis Legezo, a malware researcher for Kaspersky GReAT, the company’s elite hacker-hunting team.
“Nor have we seen any target intersections,” Legezo said. “In fact, we found just three almost unique samples, all in one country.”
kaspersky finds targeting middle industrial sector espionage surveillance businesssecurity
