{"id":61049,"date":"2025-09-26T11:14:19","date_gmt":"2025-09-26T11:14:19","guid":{"rendered":"https:\/\/becolve.com\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/"},"modified":"2025-09-26T11:14:19","modified_gmt":"2025-09-26T11:14:19","slug":"laziok-the-new-trojan-threatening-the-energy-sector","status":"publish","type":"blog","link":"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/","title":{"rendered":"Laziok: the New Trojan Threatening the Energy Sector"},"content":{"rendered":"<p class=\"p1\">During the months of <strong>January and February 2015<\/strong>, several companies belonging to the <strong>energy sector<\/strong> (in particular, companies in the <strong>Oil&amp;Gas sector<\/strong> located in the Middle East) suffered attacks perpetrated by <strong>a Trojan discovered and named Laziok by Symantec,<\/strong> <!--more-->which allows the attacker to access confidential information stored on the compromised machines.<\/p>\n<p class=\"p1\">The attack vector used by <strong>Laziok<\/strong> is again <strong>Spear Fishing<\/strong>, in particular, through sending emails using a SPAM server.<\/p>\n<p class=\"p1\">The email received by the victim contains an Excel file, which, when opened, causes the Lazaiock Trojan to infect the machine. The <strong>malware<\/strong> hides on the machine by changing its name from time to time and can be found in one of the following directories: <\/p>\n<ul class=\"ul1\">\n<li class=\"li1\">  %SystemDrive%Documents and SettingsAll UsersApplication DataSystemOracleazioklmpxsearch.exe<\/li>\n<li class=\"li1\">  %SystemDrive%Documents and SettingsAll UsersApplication DataSystemOracleazioklmpxati.exe  <span class=\"Apple-converted-space\">   <\/span><\/li>\n<li class=\"li1\">  %SystemDrive%Documents and SettingsAll UsersApplication DataSystemOracleazioklmpxlsass.exe<\/li>\n<li class=\"li1\">%SystemDrive%Documents and SettingsAll UsersApplication DataSystemOracleazioklmpxsmss.exe<span class=\"Apple-converted-space\">   <\/span><\/li>\n<li class=\"li1\">%SystemDrive%Documents and SettingsAll UsersApplication DataSystemOracleazioklmpxadmin.exe<\/li>\n<li class=\"li1\">%SystemDrive%Documents and SettingsAll UsersApplication DataSystemOracleazioklmpxkey.exe  <span class=\"Apple-converted-space\">   <\/span><\/li>\n<li class=\"li1\">%SystemDrive%Documents and SettingsAll UsersApplication DataSystemOracleazioklmpxtaskmgr.exe<\/li>\n<li class=\"li1\">%SystemDrive%Documents and SettingsAll UsersApplication DataSystemOracleazioklmpxchrome.exe<\/li>\n<\/ul>\n<p class=\"p3\"><span class=\"s3\">The vulnerability that <strong>Laziok exploits is<\/strong><\/span> <strong>(CVE-2012-0158)<\/strong> <a href=\"http:\/\/www.securityfocus.com\/bid\/52911%22%20%5Ct%20%22_self\"><span class=\"s4\">Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability<\/span><\/a>, which mainly affects <strong>Microsoft SQL<\/strong> servers. This vulnerability had already been used by another type of APT, <a href=\"http:\/\/www.symantec.com\/connect\/blogs\/symantec-protections-red-october%22%20%5Ct%20%22_self\"><span class=\"s4\">Red October<\/span><\/a>. <\/p>\n<p class=\"p3\">The process followed by the Trojan after residing on the machine is as follows:<\/p>\n<p><span class=\"s5\">1.<\/span> Sends information to the attacker about the infected machine: machine name, software installed, RAM size, CPU and GPU details, and type of antimalware installed.<\/p>\n<p><span class=\"s5\">2.<\/span> The attacker uses this information to perform a second infection by distributing payloads called <a href=\"http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2013-092512-2827-99%22%20%5Ct%20%22_self\"><span class=\"s6\">Backdoor.Cyberat<\/span><\/a><span class=\"s5\"> and <a href=\"http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2010-011016-3514-99%22%20%5Ct\"><span class=\"s4\">Trojan.Zbot<\/span><\/a><\/span><span class=\"s7\">.<\/span> from a C&amp;C (located in the USA, United Kingdom, and Bulgaria).<\/p>\n<p class=\"p3\">Currently, some manufacturers such as <strong>Symantec or Norton<\/strong> have already launched specific solutions to prevent the <strong>Laziok<\/strong> attack. In any case, below we list some recommendations that help to avoid the attack of this type of threat: <\/p>\n<ul class=\"ul1\">\n<li class=\"li3\">Avoid opening emails, files and\/or accessing links from dubious sources.<\/li>\n<li class=\"li3\">Use antimalware solutions that incorporate protection against vulnerabilities.<\/li>\n<li class=\"li3\">Segment and fortify networks.<\/li>\n<li class=\"li3\">Maintain a correct software update policy.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>During the months of January and February 2015, several companies belonging to the energy sector (in particular, companies in the Oil&amp;Gas sector located in the Middle East) suffered attacks perpetrated by a Trojan discovered and named Laziok by Symantec,<\/p>\n","protected":false},"author":31,"featured_media":61050,"menu_order":0,"template":"","categories":[1371],"tags":[],"arquitectura":[1839],"area":[1334],"sector":[1349],"experto":[1396],"weborigen":[157],"productos-tax":[],"soluciones-tax":[],"marcas-tax":[],"coauthors":[],"class_list":["post-61049","blog","type-blog","status-publish","has-post-thumbnail","hentry","category-cybersecurity","arquitectura-industrial-cybersecurity","area-infrastructure","sector-energy","experto-industrial-cybersecurity-total-availability","weborigen-ciberseguridadlogitek-com"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Laziok: New Trojan threatening the energy sector<\/title>\n<meta name=\"description\" content=\"In January and February 2015, several companies in the energy sector suffered attacks from a Trojan discovered and named Laziok by Symantec.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Laziok: New Trojan threatening the energy sector\" \/>\n<meta property=\"og:description\" content=\"In January and February 2015, several companies in the energy sector suffered attacks from a Trojan discovered and named Laziok by Symantec.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/\" \/>\n<meta property=\"og:site_name\" content=\"Becolve Digital\" \/>\n<meta property=\"og:image\" content=\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/Laziok.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"620\" \/>\n\t<meta property=\"og:image:height\" content=\"250\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@Logitek_es\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Becolve Digital\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/\",\"url\":\"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/\",\"name\":\"Laziok: New Trojan threatening the energy sector\",\"isPartOf\":{\"@id\":\"https:\/\/becolve.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/Laziok.jpg\",\"datePublished\":\"2025-09-26T11:14:19+00:00\",\"description\":\"In January and February 2015, several companies in the energy sector suffered attacks from a Trojan discovered and named Laziok by Symantec.\",\"breadcrumb\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/#primaryimage\",\"url\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/Laziok.jpg\",\"contentUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/Laziok.jpg\",\"width\":620,\"height\":250},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/becolve.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog Items\",\"item\":\"https:\/\/becolve.com\/en\/blog\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Laziok: the New Trojan Threatening the Energy Sector\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/becolve.com\/en\/#website\",\"url\":\"https:\/\/becolve.com\/en\/\",\"name\":\"Becolve Digital\",\"description\":\"Transformaci\u00f3n digital en industria e infraestructuras\",\"publisher\":{\"@id\":\"https:\/\/becolve.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/becolve.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/becolve.com\/en\/#organization\",\"name\":\"Becolve Digital\",\"url\":\"https:\/\/becolve.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png\",\"contentUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png\",\"width\":200,\"height\":64,\"caption\":\"Becolve Digital\"},\"image\":{\"@id\":\"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/Logitek_es\",\"https:\/\/www.linkedin.com\/company\/becolve-digital\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Laziok: New Trojan threatening the energy sector","description":"In January and February 2015, several companies in the energy sector suffered attacks from a Trojan discovered and named Laziok by Symantec.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/","og_locale":"en_US","og_type":"article","og_title":"Laziok: New Trojan threatening the energy sector","og_description":"In January and February 2015, several companies in the energy sector suffered attacks from a Trojan discovered and named Laziok by Symantec.","og_url":"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/","og_site_name":"Becolve Digital","og_image":[{"width":620,"height":250,"url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/Laziok.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@Logitek_es","twitter_misc":{"Est. reading time":"2 minutes","Written by":"Becolve Digital"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/","url":"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/","name":"Laziok: New Trojan threatening the energy sector","isPartOf":{"@id":"https:\/\/becolve.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/#primaryimage"},"image":{"@id":"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/#primaryimage"},"thumbnailUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/Laziok.jpg","datePublished":"2025-09-26T11:14:19+00:00","description":"In January and February 2015, several companies in the energy sector suffered attacks from a Trojan discovered and named Laziok by Symantec.","breadcrumb":{"@id":"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/#primaryimage","url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/Laziok.jpg","contentUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/Laziok.jpg","width":620,"height":250},{"@type":"BreadcrumbList","@id":"https:\/\/becolve.com\/en\/blog\/laziok-the-new-trojan-threatening-the-energy-sector\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/becolve.com\/en\/"},{"@type":"ListItem","position":2,"name":"Blog Items","item":"https:\/\/becolve.com\/en\/blog\/"},{"@type":"ListItem","position":3,"name":"Laziok: the New Trojan Threatening the Energy Sector"}]},{"@type":"WebSite","@id":"https:\/\/becolve.com\/en\/#website","url":"https:\/\/becolve.com\/en\/","name":"Becolve Digital","description":"Transformaci\u00f3n digital en industria e infraestructuras","publisher":{"@id":"https:\/\/becolve.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/becolve.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/becolve.com\/en\/#organization","name":"Becolve Digital","url":"https:\/\/becolve.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png","contentUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png","width":200,"height":64,"caption":"Becolve Digital"},"image":{"@id":"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Logitek_es","https:\/\/www.linkedin.com\/company\/becolve-digital\/"]}]}},"_links":{"self":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog\/61049","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/users\/31"}],"version-history":[{"count":0,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog\/61049\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/media\/61050"}],"wp:attachment":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/media?parent=61049"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/categories?post=61049"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/tags?post=61049"},{"taxonomy":"arquitectura","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/arquitectura?post=61049"},{"taxonomy":"area","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/area?post=61049"},{"taxonomy":"sector","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/sector?post=61049"},{"taxonomy":"experto","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/experto?post=61049"},{"taxonomy":"weborigen","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/weborigen?post=61049"},{"taxonomy":"productos-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/productos-tax?post=61049"},{"taxonomy":"soluciones-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/soluciones-tax?post=61049"},{"taxonomy":"marcas-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/marcas-tax?post=61049"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/coauthors?post=61049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}