Milan

Malware updated 13 days ago (2024-11-08T13:24:39.844Z)

Download STIX

Preview STIX

Milan is a malicious software, or malware, that has been linked to the OilRig cyber-espionage group. The malware was updated and deployed alongside other backdoors such as Shark, DanBot, and Marlin in 2021. Milan shares similar communication schemes with other OilRig backdoors, notably using URIs with simple upload and download schemes for interaction with its command and control server. This overlaps with the Solar backdoor and the backdoors used in the Out to Sea operation, which also use "d" for download and "u" for upload in their URI schemes. In 2022, Milan became a significant target of Distributed Denial of Service (DDoS) attacks, enduring over 5,000 such attacks, the highest in Italy. This suggests that the malware had a considerable presence and was actively being used for illicit activities. A private intelligence firm based in Milan got entangled in an Italian hacking scandal around the same time, suspected of conducting hacking activities for international clients, possibly indicating a connection with the widespread deployment of the Milan malware. The Milan malware's impact extended beyond just cyber espionage. It allegedly facilitated unauthorized access to government databases, creating a serious threat to democracy. Prosecutors in Milan claimed that Equalize, a private investigation firm headed by Gallo, might have obtained data on approximately 800,000 individuals from a police investigations database through a backdoor, potentially created by Calamucci. This incident underscores the extensive damage that can be caused by sophisticated malware like Milan when utilized by malicious actors.

Description last updated: 2024-11-08T00:02:25.980Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Shark is a possible alias for Milan. Shark is a malicious software (malware) deployed by the cyber threat group known as OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying multiple new backdoors including Shark, Milan, and Marlin, as reported in the T3 2021 issue of the ESET Threat Report. This malware can infiltra	2
DanBot is a possible alias for Milan. DanBot is a malicious software (malware) written in C# using .NET Framework 2.0 that provides basic remote access capabilities. It was identified as part of the arsenal used by the cyber threat group, OilRig, and has been linked to other backdoors such as Solar, Shark, Milan, and Marlin. The malware	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Bitcoin

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Conti Malware is associated with Milan. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several ra	Unspecified	2

Source Document References

Information about the Milan Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	14 days ago	Breach Roundup: Chinese Cyberespionage Using Open Source VPN
BankInfoSecurity	23 days ago	Private Firm Accessed Italian Govt Database: Prosecutors
DARKReading	4 months ago	Chinese Crime Ring Hides Behind Stealth Tech and Soccer
InfoSecurity-magazine	7 months ago	Leeds Talent Pool Attracts BlueVoyant’s First UK SOC
CERT-EU	8 months ago	McDonald's system outages reported in Europe and worldwide
CERT-EU	8 months ago	McDonald's apologizes for global system outage that shut down some stores for hours
CERT-EU	8 months ago	French Government Suffers Severe Cyber Attacks
CERT-EU	8 months ago	McDonald’s suffers worldwide outage
CERT-EU	8 months ago	LatAm firms ramping up cybersecurity investments as they come into criminals' crosshairs \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	Apple rolls out quantum-resistant cryptography for iMessage
CERT-EU	10 months ago	82% of India's stock brokers set to invest in cybersecurity for enhanced business resilience \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Flared jeans and poppy red: Here are 2024’s biggest style trends
CERT-EU	a year ago	New Generative AI Tools Coming In 2024
CERT-EU	a year ago	Capita scores 10 year pension contract – Channel EYE
CERT-EU	a year ago	BlueVoyant joins Microsoft's Security Copilot Design Advisory Council
CERT-EU	a year ago	Techrights — Links 19/11/2023: More Trouble in Microsoft's 'Open'AI and Amazon's Listening Devices
CERT-EU	a year ago	To host AMLA, Rome needs to do more than just tackling financial crime
CERT-EU	a year ago	AMD SEV OMG: Trusted execution undone by cache meddling
CERT-EU	a year ago	AWS Digital Sovereignty Pledge: Announcing a new, independent sovereign cloud in Europe
CERT-EU	a year ago	Amazon Rolls Out Independent Cloud for Europe to Address Stricter Privacy Standards