A malware attack against oil and gas companies aims to get sensitive corporate information, according to software security firm Symantec.
Hackers have been targeting energy industry workers with malicious emails containing malware that, when opened, leave the recipients vulnerable to snooping, software security giant Symantec reported Monday.
The campaign has primarily targeted Middle Eastern countries such as the United Arab Emirates, Kuwait, and Saudi Arabia. But it has also afflicted other nations as well, including the United States, the United Kingdom, and Uganda.
Because most of the companies singled out are involved in the energy business, Symantec speculated that the hackers are motivated by industrial espionage. “Whoever is behind these attacks may have a strategic interest in the affairs of the companies affected,” Symantec said in a blog post.
Having monitored this targeted email attack since the beginning of the year, Mountain View, Calif.-based Symantec SYMC reports that it discovered the malicious software program at its center on Feb. 11. The malware in question is a so-called trojan horse, a type of harmful software program that disguises itself as an innocent file.
In this case, the trojan—dubbed “Trojan.Loziak” by the researchers—masqueraded as a Microsoft Excel spreadsheet file. Once downloaded on a vulnerable machine, the previously unreported strain of malware steals information—like system configuration data—off of it. The malware appears to help the attackers determine whether a computer contains valuable data, and therefore whether it is an interesting target or not.
Here’s how the attack works: First the trojan performs an initial survey—collecting information about the computer’s name, installed software (including antivirus), and additional hardware specifications—and then it sends those details back to hackers responsible. If the hackers decide to proceed with the attack, they further infect the machines with additional malware, delivered via servers based in the U.S., U.K., and Bulgaria, according to Symantec. These include pieces of malware such as “Back.door.Cyberat” and “Trojan.Zbot,” which steal confidential information and open “backdoors,” leaving systems susceptible to further breaching.
To gain entry, the attack preys on the same vulnerability in Microsoft Windows that has been exploited in past espionage campaigns, such as Red October, the blog says. (Here’s Fortune’s story about a dispute between two security firms over the alleged resurrection of that campaign.)
Although the post concludes that the attack is relatively unsophisticated, it stresses that the campaign still poses a threat to those who do not keep up to date with the latest security updates.
As long as users leave known vulnerabilities unrepaired, hackers will be able to continue to exploit computer systems with minimal effort.