Thursday, April 9, 15:21
Home security APT hackers target the Middle East using the Milum RAT

APT hackers target the Middle East using the Milum RAT

WildPressure is a new hacker group APT (Advanced Persistent Threat) that targets organizations in the Middle East by transferring them to the Milum RAT to obtain remote access. access and therefore control of the targeted device. Milum RAT detected for the first time in a campaign by its researchers Kaspersky in August 2019, while RAT was written in the programming language C ++. It is worth noting, however, that the news malware campaign does not appear to be similar to any previous campaign.

WildPressure's malware campaign targets the Middle East region
The APT hackers team has been targeting industrial sectors in the Middle East since May 2019, when the Milum RAT dissemination mechanism was not yet known. The Trojan named Milum is installed on the targeted device as an invisible toolbar window, which has a basic mode the creation of a separate one thread For communication.
Kaspersky researchers also found that malware does many zlip compression functions, such as zlibVersion, inflate or deflate.
Then, by decoding the configuration data of the targeted device, Milum obtains parameters such as "clientid" and "encrypt_key" to use in encryption RC4.
The C2 communication protocol is over HTTP and has malware version 1.0.1. This proves that it is in the early stages of development.
The RC4 algorithm is the only one algorithm encryption used with different 64 - byte keys based on the victim. Based on C2 domains (upiserversys1212 [.] com), the majority of IP visitors come from the Middle East.

To launch the campaign, APT hackers hired virtual privateers servers (VPS) from OVH and registered domains with proxy anonymization service. WildPressure seems to be a new team whose business is unique as it bears no resemblance to other malware campaigns.


Please enter your comment!
Please enter your name here


Windows 10 feature helps to delete useless files and apps

Windows 10 will make it easier to delete useless files and apps by displaying them in a list.

Cloudflare: Stops using Google's reCAPTCHA!

Cloudflare has announced that it will stop using Google's reCAPTCHA and switch to a new bot detector that ...

Google Stadia Pro is available for free for two months! Time for video games!

The situation we are experiencing lately due to corona, is one of the most difficult situations of ...

Russia is expected to try to manipulate the 2020 elections

The report comes after election security experts remain on alert for attempts to manipulate the 2020 election by ...

COVID-19: Can it be "reactivated" in treated patients?

According to the Korean Centers for Disease Control and Prevention (KCDC), Coronavirus COVID-19 can be "reactivated" in treated patients. Indicatively, approximately ...

Instructions for the face shields created by Apple

The pandemic of coronavirus has affected all areas of our daily lives and especially our work ....

Windows 10: WSL Linux integration test in File Explorer

Windows 10 improves integration between Windows Subsystem for Linux (WSL) and File Explorer, ...

XHelper malware: reinstalled after resetting to factory settings

The malware XHelper, which affects devices running the Android operating system, was first discovered ...

The Fall of the Zoom: Google forbids its employees to use it

A few weeks ago, Zoom was one of the top teleconferencing solutions. Many people working ...

OTEAcademy: Telecommunication Program for Scientists & Freelancers, affected by COVID-19

OTEAcademy participates in the special telecommunication program - certification for scientists and freelancers affected by COVID-19.