WildPressure APT Goes After Windows and macOS Systems with the Milum RAT

WildPressure is an Advanced Persistent Threat (APT) group, which was first analyzed after they unleashed the Milum RAT in March 2020. Nowadays, the group is back with a new attack campaign, which targets both Windows and macOS systems. The crooks are once again using the Milum RAT, but this time they have made slight modifications to the project. It is combined with a special dropper, and it is compatible with both operating systems. The crooks are also using previously compromised WordPress websites to deliver the payload to their targets. Currently, the targets of the WildPressure APT appear to be concentrated in the Middle East.

The industries that the WildPressure APT hackers are targeting are part of the oil and gas sector. The Milum RAT, the payload they use, is very sophisticated. It enables its operators to carry out a wide range of tasks on the systems they compromise. They could use it to steal sensitive information, perform long-term reconnaissance campaigns, or deploy additional malware.

The criminals control the WildPressure APT through a remote command server. After a successful infection, the implant gathers software and hardware information about the infected host. Furthermore, it informs the attackers about any anti-malware software running in the background. Last but not least, Milum RAT may have been improved with the introduction of modular structure. This means that the WildPressure APT hackers can add additional features through the use of custom-built add-ons (modules.)

Experts believe that the WildPressure APT is part of a more sophisticated threat actor operating the Middle East. However, no connections have been made yet. WildPressure APT's strategies appear to be evolving, so this is unlikely to be the last time we hear about this threat actor.