‘Trojan.Laziok’ malware targets energy companies

Malicious software called ‘Trojan.Laziok’ was recently revealed by the researchers of an American technology company called Symantec.

Based upon the report of Hass and Associates Cyber Security, the malware is known to be a part of an ongoing worldwide espionage campaign wherein it targets energy companies worldwide especially in the Middle East.

Attacks are launched through spam emails from a moneytrans.eu domain. Those emails contain an attached Microsoft Excel file wherein it activates a backdoor that gives the hackers a crucial view into the targeted computer.

The malware collects system data including the name of the computer, CPU and GPU details, installed software, hard disk and RAM size, as well as what antivirus software was installed. Immediately after, it uploads those data towards the attackers and then downloads additional malware such as Backdoor.Cyberat and Trojan.Zbot.

Petroleum, gas and helium companies were most often targeted in the United Arab Emirates, Saudi Arabia, Pakistan and Kuwait. Based on a report obtained by Hass and Associates Cyber Security, whoever is behind these attacks may have an intentional interest in the activities of the affected companies.

Attacks rarely happened on energy companies in other countries like India, United Kingdom, and the United States.

Symantec also claims that “the group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and use their attack to distribute well-known threats that are available in the underground market.”

The attack is simple and outdated which clearly shows the significance of frequently updating all software because organizations nowadays fail to follow basic security guidelines which includes updating the software running on a secure system.

Read more