Mikroceen Might Have Been Spying on Governments Since 2017

What is Mikroceen Might Have Been Spying on Governments Since 2017?

How hard is it to protect Windows operating systems? Without a doubt, that is not a simple task, and Mikroceen proves that. This dangerous RAT (remote access tool) has been sneakily spying on sensitive industries and companies for years now, and no one has been able to stop the attackers behind it. The malware researchers, who analyzed this dangerous threat, have concluded that its main targets have been mostly companies in the telecommunications and gas industries in Belarus, Mongolia, and Russia. Other industries could have been attacked, and attacks in different countries might have occurred. While researchers continue to accumulate data on this malware, users around the world are urged to patch security vulnerabilities and employ trusted security software to defend themselves. Obviously, the RAT is most likely to attack larger entities, but regular users cannot sleep on this threat. Even if it does not attack, a new version of it could. Or the attackers behind it could build malware capable of attacking anyone and everyone. If it lithers in, and if you have to delete Mikroceen, your virtual security could be jeopardized.

Where does Mikroceen come from and how does it work?

It is believed that the attackers who are using Mikroceen are operating from China; however, that is yet to be confirmed. From what we know now, this trojan cannot execute itself, and a loader tool is needed. How this loader is dropped onto the targeted system is unknown; however, it worth mentioning that cybercriminals know many ways, in which malicious files could be dropped on vulnerable systems. Those with comprehensive protection and no security loopholes should stand strong. However, if cybercriminals discover a crack in the security, they could use it to drop one malicious file that could then offer opportunities to drop new files, tamper with security systems, execute malicious commands, and so on. Therefore, not a single security update should be postponed or cancelled, and every single program and file must be vetted before installation. If a loader file is dropped successfully, Mikroceen runs as a DLL file and establishes communication with a C2 (control and command) server. If that is done successfully, the attackers can authenticate the system, and that is when the trojan can start initiating its malicious actions.

Mikroceen is unlikely to run on its own. At least two other malicious cybercriminals’ tools – Gh0st RAT and Mimikatz – have been known to be used by the attackers. Gh0st RAT is a spying tool and Mimikatz can be used by cybercriminals to exploit Windows single sign-on functionality to extract credentials/passwords. Although these two tools are functional and can be useful in cyber attacks, Mikroceen on its own can perform both spying and data theft. If this malware is not removed timely, it can execute commands, launch and terminate processes, drop and delete files, steal sensitive data, spy using ports, and also send all collected information to the attackers, who are working remotely. Undoubtedly, this malicious threat is very powerful, and if it manages to invade the systems that might open up access to extremely sensitive information, governments, businesses, industries, and even regular folk could suffer.

How to stop remote access trojans from attacking

Again, this is easier said than done. Ultimately, it is all about preparation. If you take time to secure the system or network, go through all security settings, employ security management tools, and also educate those around you about the threats that could be lurking, you might be able to protect yourself and your business. Not only against Mikroceen, but various other threats too. As discussed earlier, overall system’s security is very important, and skipping updates is the biggest crime. Not updating security tools is a bad habit also because only up-to-date systems can do their job effectively. Without a doubt, if you discover that you need to remove Mikroceen from your operating system or network, you have not been able to secure it appropriately. Hopefully, you implement legitimate anti-malware software right away, and it automatically deletes malware and reinstates system’s protection. Remember that if you do not take care of your virtual security now, it might be too late to do it tomorrow.


Osborne, C. May 15, 2020. Mikroceen RAT backdoors Asian government networks in new attack wave. ZDNet. 100% FREE spyware scan and
tested removal of Mikroceen Might Have Been Spying on Governments Since 2017*


Leave a Comment

Enter the numbers in the box to the right *