Login

Register

Login

Register

Kaspersky finds new APT targeting the Middle East’s industrial sector | #espionage | #surveillance | #ceo | #businesssecurity | #



Image via Robin Sommer

Special feature


Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

Kaspersky, one of the world’s top security firms, said today it discovered a new and never-before-seen hacker group that is currently targeting organizations from the Middle East industrial sector.

The security firm has named this group WildPressure and describes it as an APT (advanced persistent threat), a term normally used to describe nation-sponsored hacking operations.

The group’s primary weapon is a new C++ backdoor trojan that Kaspersky has named Milum, and which grants WildPressure operators complete control over an infected host.

Kaspersky experts say they’ve first discovered computers infected with Milum in August 2019, but they later found signs of past infections going as back as far as May 31, 2019.

An analysis of Milum’s code also confirmed that Milum was compiled two months before, in March 2019, which explains why Kaspersky wasn’t able to pick up older infections.

No shared code or victimology with any other operation

Furthermore, the same analysis also revealed Milum was made up of relatively new code, with no intersections or similarities to any other APT operation.

“Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns,” said Denis Legezo, a malware researcher for Kaspersky GReAT, the company’s elite hacker-hunting team.

“Nor have we seen any target intersections,” Legezo said. “In fact, we found just three almost unique samples, all in one country.”

That country is Iran, according to a screenshot that Kaspersky shared today, showing Iranian IP addresses connecting to a Milum command and control (C&C) server its researchers managed to sinkhole in September 2019.

milum-sinkhole.png

Image: Kaspersky

This is not the first time that an APT group has targeted Iran in the past. The Stuxnet incident remains to this day one of the most infamous hacks in history — a joint operation carried out by the US and Israel to sabotage Iran’s nuclear capabilities.

Overall, cyber-espionage operations in the Middle East have been quite active over the past year as well. From the leak of Iran’s hacking tools to the deployment of new destructive data-wiping malware strains, there’s always something going on in the region, and in many incidents, attacks have targeted the local industrial sector, and especially the oil & gas fields.





Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW