New Milum trojan used against Mid-Eastern targets

Kaspersky has uncovered an highly targeted attack striking a single country using a trojan written in C++ that has not been spotted before. Dubbed Milum, the trojan shows no code similarities with known campaigns reported Kaspersky’s Threat Attribution Engine and only three instances of it have bee found and are considered all part of the same operation which received the code name operation WildPressure. When successfully installed the trojan can enable a remote attacker to gain control of the device. Kaspersky found the campaign in August 2019, but in September of that year Kaspersky was able to sinkhole one of the C2 servers. By doing so it could determine most of the server’s visitors came from Middle Eastern IP addresses with the remainder being network scanners, Tor exit nodes and VPN connections. The server also contained information indicating the first attacks stated at the end of May 2019.