Energy companies targeted by Laziok Trojan

Malware enters infrastructure, then sends in more advanced viruses to carry out attacks

Hacker

A Trojan is targeting firms in the energy industry, infiltrating systems in a bid to gather information about a company's operations.

The malware, discovered by researchers working at Symantec, found that most of the attacks involved victims in the petroleum, gas and helium industries, especially those based in the United Arab Emirates, which accounted for one in four attacks.

Advertisement - Article continues below

According to a blog post by Christian Tripputi, security response manager at Symantec, Saudi Arabia, Kuwait, and Pakistan each accounted for 10 per cent of the attacks, while firms in the UK and US accounted for five per cent each.

Tripputi said the attacks were detected in the first couple of months this year and the Trojan looks to create a beachhead on energy firms before sending in further malware to gather further information about the victims.

The initial infection vector involves the use of spam emails coming from the moneytrans[.]eu domain, which acts as an open relay Simple Mail Transfer Protocol (SMTP) server, according to Tripputi.

"These emails include a malicious attachment packed with an exploit for the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158)," he said. "This vulnerability has been exploited in many different attack campaigns in the past, such as Red October."

Advertisement
Advertisement - Article continues below

Tripputi added that the stolen data "enables the attacker to make crucial decisions about how to proceed further with the attack, or to halt the attack".

Advertisement - Article continues below

If the victim organisation is deemed to be interesting, additional Trojans and backdoors would then be installed.

"The attackers distributed customised copies of Backdoor.Cyberat and Trojan.Zbot which are specifically tailored for the compromised computer's profile," said Tripputi.

He said that threats were downloaded from a few servers operating in the US, UK, and Bulgaria.

The security researcher said the group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and used their attack to distribute well-known threats that are available in the underground market.

"However, many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind. From the attacker's perspective, they don't always need to have the latest tools at their disposal to succeed," he said. "All they need is a bit of help from the user and a lapse in security operations through the failure to patch."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/30081/what-is-a-trojan-virus
Security

What is a Trojan?

24 Apr 2020
Visit/mobile/mobile-security/355889/parachute-introduces-superlock-feature
mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

Most Popular

Visit/operating-systems/ios/355935/apple-confirms-serious-bugs-in-ios-135
iOS

Apple confirms serious bugs in iOS 13.5

4 Jun 2020
Visit/mobile/5g/355911/the-uk-pivots-to-japan-for-5g-equipment
5G

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020
Visit/security/ransomware/355945/new-ransomware-uses-java-to-target-software-organisations
ransomware

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020