Malware campaign targeted energy companies

Security researchers have discovered a new malware campaign that sought to harvest information from energy companies earlier this year.

The “multi-staged, targeted attack campaign” used a malware tool called Trojan.Laziok, which infected computers through spam emails from the domain moneytrans.eu, according to Symantec, which revealed the effort.

ADVERTISEMENT

The countries most targeted were the United Arab Emirates, Saudi Arabia, Pakistan and Kuwait.

Symantec described the malware as a “reconnaissance tool” that provides information about infected computers, including antivirus software already present within the system.

By learning about the machine, hackers are able to take the further step of installing additional malware tools specifically tailored to the computer’s weaknesses.

“The detailed information enables the attacker to make crucial decisions about how to proceed further with the attack, or to halt the attack,” Symantec researcher Christian Tripputi wrote.

The malware takes advantage of a vulnerability in Microsoft Windows that was patched in 2012.

“The group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and used their attack to distribute well-known threats that are available in the underground market,” Triputti wrote.

“However, many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind.”

Symantec did not identify or guess at the source of the campaign.