Researchers have uncovered an ongoing espionage campaign that uses custom-developed malware to siphon confidential data out of energy companies around the world...
"The detailed information enables the attacker to make crucial decisions about how to proceed further with the attack, or to halt the attack," Symantec researcher Christian Tripputi wrote. "During the course of our research, we found that the majority of the targets were linked to the petroleum, gas and helium industries, suggesting that whoever is behind these attacks may have a strategic interest in the affairs of the companies affected."
The United Arab Emirates was the country most targeted by the attackers, followed by Saudi Arabia, Pakistan, and Kuwait.
Computers are initially infected with Laziok through spam e-mails coming from the moneytrans[.]eu domain. The e-mails contain a malicious attachment that exploits a Microsoft Windows vulnerability that was patched in 2012. The same vulnerability has been exploited in other attack espionage campaigns, including one that used the Red October malware platformto infect diplomatic, governmental, and scientific organizations in at least 39 countries. The Laziok exploit typically came in the form of an Excel file.
No comments:
Post a Comment