A Trojan which is targeting the global energy sector hit its targets throughout January and February.
Named Laziok, it is part of a wider campaign primarily focused on the Middle East. Christian Tripputi, security response manager at Symantec, wrote on the firm’s blog: “The detailed information enables the attacker to make crucial decisions about how to proceed further with the attack, or to halt the attack.
“During the course of our research, we found that the majority of the targets were linked to the petroleum, gas and helium industries, suggesting that whoever is behind these attacks may have a strategic interest in the affairs of the companies affected.”
Victims are said to be initially infected through a spam campaign, with the infection usually spread through a Microsoft Excel attachment by exploiting a flaw in the software framework ActiveX. Once Laziok has been installed on the computer it is then works out if the victim is of interest, and actually stops the infection if it finds otherwise.
Adam Kujawa, head of malware intelligence at Malwarebytes, said: “The thing to take away here is the importance of updating all software as often as possible. The attackers utilised an older method of attack – this isn’t a new vulnerability they are going after and they really aren’t using any kind of novel method of infection.
“In reality, their attack is simple and outdated; however, for organisations that fail to follow basic security guidelines, like updating software running on a secure system, it’s a huge problem that can cost them dearly.
“The other part of this story is the fact that the malware will identify running processes and the configuration of the system, this has been seen for a while in everything from malware to exploits but is never super common when talking about in-the-wild malware.”