Malware disguised as a document from Ukraine's Energoatom has been used to deliver a malicious payload of Havoc Demon backdoor. The attack was discovered by researchers at cybersecurity firm Kaspersky Lab who were able to link it to the Trickbot banking trojan.

The document, which purported to be from Energoatom, Ukraine's state-owned nuclear energy company, was used to deliver the Havoc Demon backdoor to unsuspecting victims. The malware was designed to steal data, monitor online activity, and spread itself to other computers.

The attack was first spotted in October 2020, when Kaspersky Lab discovered that the malware was distributed through malicious documents sent via email. The documents were designed to look like legitimate communications from Energoatom, but in reality, they were maliciously crafted to deliver the Havoc Demon backdoor.

Once installed on an infected computer, the Havoc Demon backdoor gave attackers full control of the system. The malware was designed to collect data, such as usernames and passwords, and send it back to the attackers. It could also be used to spread itself to other computers.

The attack was particularly concerning because it targeted a major energy provider in Ukraine. If the attackers had been successful, they could have caused significant damage to the energy grid, potentially disrupting power to the entire country.

Fortunately, Kaspersky Lab was able to detect and neutralize the threat before any harm was done. However, the attack serves as a stark reminder of the importance of cybersecurity, especially for critical infrastructure. Companies, especially those in the energy industry, should ensure that their systems are properly secured to prevent such attacks from occurring in the future.