Millennium RAT Campaign Infects 62,000+ Devices Across 160 Countries via Telegram

by Anika Shah - Technology
0 comments

Millennium RAT Campaign Infects 62,000+ Devices Across 160 Countries, Says Group-IB

A cybersecurity threat known as the Millennium RAT has infected over 62,000 devices globally, according to research by Group-IB. The malware, which leverages Telegram Bot API for command-and-control communication, targets Windows systems and has been active since at least 2022, the firm reported.

How Does the Millennium RAT Operate?

The Millennium RAT, first identified by Group-IB in 2022, is a remote access trojan (RAT) that allows attackers to remotely control infected devices. The malware is distributed through phishing emails and malicious attachments, according to the firm. Once installed, it enables threat actors to steal sensitive data, execute arbitrary commands, and maintain persistent access to compromised systems.

How Does the Millennium RAT Operate?

Group-IB noted that the malware was rewritten in C++ in 2023, making it more efficient and harder to detect. “This rewrite significantly increased its capabilities, including improved evasion techniques against antivirus software,” the report stated.

What Makes This Campaign Unique?

The campaign stands out due to its use of Telegram Bot API for communication. Attackers create a Telegram bot to send commands to infected devices, allowing them to bypass traditional network monitoring tools. This method also provides a layer of anonymity, as Telegram’s end-to-end encryption complicates traffic analysis.

CyberSecurityNews reported that the malware has been observed in 160 countries, with the highest infection rates in Eastern Europe, Southeast Asia, and Latin America. The firm attributed this to the region’s high volume of phishing activity and less stringent cybersecurity practices.

Why Is This Threat Concerning?

The scale of the campaign highlights the growing sophistication of cybercriminal operations. Unlike traditional malware, which often targets specific organizations, the Millennium RAT appears to be part of a broader, automated distribution network. This approach allows attackers to maximize their reach while minimizing operational risks.

What is RAT Malware? The Silent Cyber Threat You Shouldn’t Ignore! | Hoplon InfoSec

Experts warn that the use of Telegram for command-and-control operations sets a dangerous precedent. “By leveraging legitimate services like Telegram, attackers can evade detection and operate under the radar,” said a cybersecurity analyst at CyberScoop, who was not involved in the Group-IB report.

What Steps Can Users Take to Protect Themselves?

Group-IB recommends that users avoid opening suspicious emails or downloading attachments from untrusted sources. Organizations should implement email filtering solutions and conduct regular security audits. Additionally, keeping software and operating systems updated can reduce vulnerabilities that malware like the Millennium RAT exploits.

What Steps Can Users Take to Protect Themselves?

Security researchers also advise enabling multi-factor authentication (MFA) for critical systems and monitoring network traffic for unusual activity. “Early detection is key to mitigating the impact of such campaigns,” the firm said.

What’s Next for Cybersecurity?

The Millennium RAT campaign underscores the need for stronger global cybersecurity frameworks. As threat actors increasingly use legitimate platforms to mask their activities, governments and private sector entities must collaborate to develop adaptive defense strategies.

Cybersecurity experts predict that similar campaigns will rise in the coming years, driven by the growing availability of malware-as-a-service (MaaS) platforms. “This is a warning sign for organizations to invest in proactive security measures,” said a researcher at the Cyber Threat Alliance, a nonprofit cybersecurity group.

Related Posts

Leave a Comment