Kaspersky attributed the attacks to an advanced persistent threat (APT) it tracks as “WildPressure,” with victims believed to be in the oil and gas industry. New malware samples used in WildPressure campaigns have been unearthed, including a newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script named “Guard” that works across both Windows and macOS. The latest campaign also weaved compromised legitimate WordPress websites into their attack infrastructure, with the websites serving as Guard relay servers.
Source: https://thehackernews.com/2021/07/wildpressure-apt-emerges-with-new.html