A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats.
Russian cybersecurity firm attributed the attacks to an advanced persistent threat (APT) it tracks as “WildPressure,” with victims believed to be in the oil and gas industry.
WildPressure first came to light in March 2020 based off of a malware operation distributing a fully-featured C++ Trojan dubbed “Milum” that enabled the threat actor to gain remote control of the compromised device. The attacks were said to have begun as early as August 2019.
“For their campaign infrastructure, the operators used rented OVH and Netzbetrieb virtual private servers (VPS) and a domain registered with the Domains by Proxy anonymization service,” Kaspersky researcher Denis Legezo noted last year.
Since then, new malware samples used in WildPressure campaigns have been unearthed, including a newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a…