An energy company suffered the theft of sensitive information because an employee downloaded a malware disguised as a videogame
According to network security and ethical hacking experts from the International Institute of Cyber Security, the South African energy company Eskom Group has suffered a double data breach due to an unsecured database and the infection of one of the company PCs with the information theft Trojan known as Azorult.
On its website, Eskom Group is defined as an energy company established in Johannesburg, South Africa, and is responsible for supplying 95% of the electric energy employed in South African territory, in addition to 45% of the electricity consumed throughout the African continent.
According to network security specialists reports, these two incidents have exposed Eskom’s network credentials, customer details, payment card information, and business details that the company considers confidential.
A security investigator known as “.SS.!” on Twitter discovered the company’s information, concluding that it was stolen using Azorult, a trojan used for password theft. “. SS.!” has been dedicating a few years to the search for compromised business devices to notify companies about their security flaws.
According to the investigator, everything indicates that the information was stolen from a user’s machine with access to the company’s internal network. Among the stolen information are Eskom network login passwords, business email accounts, and screenshots of the compromised PC at the time of installation of Azorult, among other confidential data.
Thanks to the screenshot found by the investigator, the company discovered that the Azorult Trojan was hidden as a download file of “The Sims 4” videogame. According to specialists in network security, the download of pirated software has always been one of the main vectors of malware infection, although this trend has shown an alarming growth in recent times.
Some sites to download this kind of software offer adware packages that supposedly install the desired material, however, when executed they also install unwanted software, such as Trojans, ransomware, adware or browser extensions.
The situation worsened for Eskom after Devin Stokes, an expert in cybersecurity, found one of the company’s unsecured databases, which remained online for weeks, maybe months.
Some screenshots shared by the investigator show that this database hosted information from Eskom customers, payment details, energy consumption information, among other data.
Through a statement, the company reported that the incident is already under investigation: “The Eskom Group’s IT team is conducting an internal research to determine if our confidential information has been compromised. We will reveal more details once our analyses are completed.”