Milan

Malware updated 2 months ago (2024-07-22T15:18:26.902Z)

Download STIX

Preview STIX

Milan is a malicious software, or malware, that was notably deployed by the cyber group OilRig in 2021. The group updated its DanBot backdoor and began deploying multiple backdoors including Shark, Milan, and Marlin. These backdoors were mentioned in the T3 2021 issue of the ESET Threat Report. Similarities were observed between the Solar backdoor and the backdoors used in Out to Sea, particularly with respect to upload and download schemes. Both Solar and Shark, another OilRig backdoor, along with Milan, use URIs with simple upload ("u") and download ("d") schemes to communicate with the Command & Control server. In 2022, Milan suffered from an extensive number of Distributed Denial of Service (DDoS) attacks, receiving the most such attacks in Italy. Over 5,000 DDoS attacks were reported, disrupting operations and causing significant downtime. This has highlighted the importance of having physical locations for Security Operations Centers (SOCs), as stressed by Milan Patel, BlueVoyant’s global head of managed detection and response (MDR). The impact of the Milan malware extended to various sectors, including the restaurant industry. A worker at a Milan restaurant reported that their system was offline for several hours due to a suspected attack, requiring technical assistance to restore operations. Following the outage, some McDonald’s restaurants, including those in Bangkok and Milan, were able to resume normal operations. These incidents underscore the pervasive threat posed by malware like Milan and the need for robust cybersecurity measures across industries.

Description last updated: 2024-07-22T15:15:48.522Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Shark	2	Shark is a malicious software (malware) developed and deployed by the cybercriminal group OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying Shark, along with Milan and Marlin backdoors as mentioned in the T3 2021 issue of the ESET Threat Report. The malware was designed to expl
DanBot	2	DanBot is a malicious software (malware) written in C# using .NET Framework 2.0 that provides basic remote access capabilities. It was identified as part of the arsenal used by the cyber threat group, OilRig, and has been linked to other backdoors such as Solar, Shark, Milan, and Marlin. The malware

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Bitcoin

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Conti	Unspecified	2	Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was

Source Document References

Information about the Milan Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	2 months ago	Chinese Crime Ring Hides Behind Stealth Tech and Soccer
InfoSecurity-magazine	4 months ago	Leeds Talent Pool Attracts BlueVoyant’s First UK SOC
CERT-EU	6 months ago	McDonald's system outages reported in Europe and worldwide
CERT-EU	6 months ago	McDonald's apologizes for global system outage that shut down some stores for hours
CERT-EU	6 months ago	French Government Suffers Severe Cyber Attacks
CERT-EU	6 months ago	McDonald’s suffers worldwide outage
CERT-EU	6 months ago	LatAm firms ramping up cybersecurity investments as they come into criminals' crosshairs \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	7 months ago	Apple rolls out quantum-resistant cryptography for iMessage
CERT-EU	8 months ago	82% of India's stock brokers set to invest in cybersecurity for enhanced business resilience \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	Flared jeans and poppy red: Here are 2024’s biggest style trends
CERT-EU	8 months ago	New Generative AI Tools Coming In 2024
CERT-EU	10 months ago	Capita scores 10 year pension contract – Channel EYE
CERT-EU	10 months ago	BlueVoyant joins Microsoft's Security Copilot Design Advisory Council
CERT-EU	10 months ago	Techrights — Links 19/11/2023: More Trouble in Microsoft's 'Open'AI and Amazon's Listening Devices
CERT-EU	10 months ago	To host AMLA, Rome needs to do more than just tackling financial crime
CERT-EU	10 months ago	AMD SEV OMG: Trusted execution undone by cache meddling
CERT-EU	10 months ago	AWS Digital Sovereignty Pledge: Announcing a new, independent sovereign cloud in Europe
CERT-EU	10 months ago	Amazon Rolls Out Independent Cloud for Europe to Address Stricter Privacy Standards
CERT-EU	10 months ago	Amazon rolls out new independent cloud for Europe
CERT-EU	10 months ago	AWS European Sovereign Cloud allows customers to keep all metadata in the EU - Help Net Security