An energy company suffered the theft of sensitive information because an employee downloaded a malware disguised as a videogame
According to network security and ethical
hacking experts from the International Institute of Cyber Security, the South
African energy company Eskom Group has
suffered a double data breach due to an unsecured database and the infection of
one of the company PCs with the information theft Trojan
known as Azorult.
On its website, Eskom Group is defined as an
energy company established in Johannesburg, South Africa, and is responsible
for supplying 95% of the electric energy employed in South African territory,
in addition to 45% of the electricity consumed throughout the African
continent.
According to network
security specialists reports, these two incidents have exposed Eskom’s
network credentials, customer details, payment card information, and business
details that the company considers confidential.
A security investigator known as “.SS.!” on
Twitter discovered the company’s information, concluding that it was stolen
using Azorult, a trojan used for password theft. “. SS.!” has been dedicating a
few years to the search for compromised business devices to notify companies about
their security flaws.
According to the investigator, everything
indicates that the information was stolen from a user’s machine with access to
the company’s internal network. Among the stolen information are Eskom network
login passwords, business email accounts, and screenshots of the compromised PC
at the time of installation of Azorult, among other confidential data.
Thanks to the screenshot found by the
investigator, the company discovered that the Azorult Trojan was hidden as a download
file of “The Sims 4” videogame. According to specialists in network security,
the download of pirated software has always been one of the main vectors of
malware infection, although this trend has shown an alarming growth in recent
times.
Some sites to download this kind of software
offer adware packages that supposedly install the desired material, however,
when executed they also install unwanted software, such as Trojans, ransomware,
adware or browser extensions.
The situation worsened for Eskom after Devin
Stokes, an expert in cybersecurity, found one of the company’s unsecured
databases, which remained online for weeks, maybe months.
Some screenshots shared by the investigator
show that this database hosted information from Eskom customers, payment
details, energy consumption information, among other data.
Through a statement, the company reported that
the incident is already under investigation: “The Eskom Group’s IT team is
conducting an internal research to determine if our confidential information
has been compromised. We will reveal more details once our analyses are
completed.”
